C# Coding Standards and Practices


Application Security Testing: An Integral Part of DevOps

Welcome to my first article as a contributing editor for C#. For my first of many weekly articles I'm going to cover coding standards and practices, a topic that is often overlooked.

Define and Publish your C# Coding Standards and Practices

C# coding standards and practices can quickly become hotly debated among developers when they are discussed. I've seen folks go into such a conversation thinking it is a waste of time and getting hotly involved in debate over a particular convention. It is an area where there is rarely a right or wrong, but plenty of opinion. The best advice that I can offer is to make sure you define and document the practices. No matter what they are, identifying what you want to follow is imperative. Once defined, they must be made accessible and communicated to others. This is a great use for a wiki so that others within the organization can contribute.

The following list contains common areas that should be defined within your standards and practices:

  • Source code structure, layout, and formatting
  • Variable naming standards and conventions
  • Rules around commenting your code
  • Exception handling pattern and process
  • Version control and compilation rules
  • Expectations around flow control
  • Programming patterns that should be applied (or avoided)
  • Database related practices

You should document your rules in a clear and concise manner. It is valuable to include a concise coding example that supports the rule, as well as an example that violates a particular rule.

You may also find it useful to break your standards into a series of documents as not all standards and practices apply to all languages. You will likely have some standards and practices specific to the environment if you are an Azure developer, ASP.net developer, C# developer, Visual Basic developer, Windows Mobile developer, WCF developer, ASP.net MVC, Silverlight developer, or programming in C or doing C++ programming. For example, I have standards and practices around use of Session State and View State for ASP.NET applications that would not apply to other types of development.

Enforce Coding Standards and Practices

Coding standards and practices lose their value if not everyone on the team is following them. I've been involved with organizations that do formal code reviews that involve going before a review board of sorts. Those meetings can be very time consuming and tedious. I've also seen a high number of organizations that ignore them altogether as there may be a single developer assigned to a particular project and they are left to their own devices. I employ a mixture of manual as well as automated code reviews. There are great tools like FxCop, which integrates with Visual Studio, and is included in certain versions of Visual Studio. It has rules that can be customized and tailored to your standards. It quickly analyzes your code and reports on findings. This is a great starting point for analyzing code and looking for hotspots. It is also valuable in Visual Studio Team System to use code check-in rules to force developers to run tools on their own code prior to check-in.

Example Standards

The following links point to a couple of sources where you can find some examples of coding standards and practices that I consider to be worthwhile as a starting point:

About the Author:

Mark Strawmyer is a Senior Architect of .NET applications for large and mid-size organizations. Mark is a technology leader with Crowe Horwath LLP in Indianapolis, Indiana. He specializes in architecture, design and development of Microsoft-based solutions. Mark was honored to be named a Microsoft MVP for application development with C# again. You can reach Mark through http://markstrawmyer.com.

About the Author

Mark Strawmyer

Mark Strawmyer is a Senior Architect of .NET applications for large and mid-size organizations. He specializes in architecture, design and development of Microsoft-based solutions. Mark was honored to be named a Microsoft MVP for application development with C# for the fifth year in a row. You can reach Mark at mark.strawmyer@crowehorwath.com.

Related Articles


  • Spam in your comments

    Posted by DAve on 11/24/2016 09:00am

    Your article is about secure coding, but look at how much spam is in your comments! May I suggest that you apply some security safeguards to prevent your comments from being loaded with spam?

  • Do NOT develop your own standard!

    Posted by Interface007 on 04/04/2011 01:00pm

    NEVER develop your own coding standard! Use one that does exist and is accepted in your area of work. For .Net: use StyleCop and accept all the rules that it provides - it's just formatting, so don't argue about it ... just use it. If you try to develop your own coding standard, you will be "incompatible" in coding to all other teams.

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • As all sorts of data becomes available for storage, analysis and retrieval - so called 'Big Data' - there are potentially huge benefits, but equally huge challenges...
  • The agile organization needs knowledge to act on, quickly and effectively. Though many organizations are clamouring for "Big Data", not nearly as many know what to do with it...
  • Cloud-based integration solutions can be confusing. Adding to the confusion are the multiple ways IT departments can deliver such integration...

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.