I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!
Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?
So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?
how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?
any advice, direction, general comments, etc. would be appreciated. 4 1441
Hi,
Well, msdn has two articles on remoting security using tcp channel. But
again, it is applicable if you have users who are part of domain . http://msdn.microsoft.com/library/de...ml/remsspi.asp http://msdn.microsoft.com/library/de...tml/remsec.asp
Other way would be develop your own mechanism. Take a look at this post --> http://www.dotnet247.com/247referenc...45/228196.aspx , might help you
in developing a solution.
HTH,
Piyush
"alex" <alex sparsky> wrote in message
news:mg******** *************** *********@4ax.c om... I'm setting up a c# client/server application in a 3tier system. Everything from the business objects down through the DAL is stateless. This seems to work great for clustering but the architectural problem I'm running into is that now I have to figure out a way to make a stateful login where no state exists!
Currently I'm thinking of using remoting for my communications. I would like to use webservices but requiring the use of IIS for this app would hamper adoption by a large amount. I have heard that the new communications framework from MS allows you to ship a built in web server?
So my question is two-fold. How do people normally do this? And what communications architecture do they normally use?
how do you have a stateful login with completely stateless business objects? I have thought about this a bit and even if I put a token in the DB backend so that all clustered DAL and business object servers see it, the token would still be visible going across the wire on each new connection. Wouldn't that create a security risk where someone could sniff the token and start a session as that user at any time?
any advice, direction, general comments, etc. would be appreciated.
First off, you didn't mention what transport you're using. COM+? WS?
Remoting?
With that in hand we can probably give you some ideas.
--
klaus
"alex" <alex sparsky> wrote in message
news:mg******** *************** *********@4ax.c om... I'm setting up a c# client/server application in a 3tier system. Everything from the business objects down through the DAL is stateless. This seems to work great for clustering but the architectural problem I'm running into is that now I have to figure out a way to make a stateful login where no state exists!
Currently I'm thinking of using remoting for my communications. I would like to use webservices but requiring the use of IIS for this app would hamper adoption by a large amount. I have heard that the new communications framework from MS allows you to ship a built in web server?
So my question is two-fold. How do people normally do this? And what communications architecture do they normally use?
how do you have a stateful login with completely stateless business objects? I have thought about this a bit and even if I put a token in the DB backend so that all clustered DAL and business object servers see it, the token would still be visible going across the wire on each new connection. Wouldn't that create a security risk where someone could sniff the token and start a session as that user at any time?
any advice, direction, general comments, etc. would be appreciated.
Hi alex,
If you're still keen on running with web services, why don't you host them
inside a windows service?
You'll have to add WSE3.0 to your application stack to get it working, but
then you'll be able to host web services in a console application, windows
service or com+ application also.
HTH,
Adam
--
Adam May
Sydney, Australia
MCSD.Net
"alex" wrote: I'm setting up a c# client/server application in a 3tier system. Everything from the business objects down through the DAL is stateless. This seems to work great for clustering but the architectural problem I'm running into is that now I have to figure out a way to make a stateful login where no state exists!
Currently I'm thinking of using remoting for my communications. I would like to use webservices but requiring the use of IIS for this app would hamper adoption by a large amount. I have heard that the new communications framework from MS allows you to ship a built in web server?
So my question is two-fold. How do people normally do this? And what communications architecture do they normally use?
how do you have a stateful login with completely stateless business objects? I have thought about this a bit and even if I put a token in the DB backend so that all clustered DAL and business object servers see it, the token would still be visible going across the wire on each new connection. Wouldn't that create a security risk where someone could sniff the token and start a session as that user at any time?
any advice, direction, general comments, etc. would be appreciated.
That is exaclty what i would do. If you don't want to use wse 3.0 you can
create web services layer that addresses a window service or com+.
"Adam May" wrote: Hi alex,
If you're still keen on running with web services, why don't you host them inside a windows service?
You'll have to add WSE3.0 to your application stack to get it working, but then you'll be able to host web services in a console application, windows service or com+ application also.
HTH,
Adam -- Adam May Sydney, Australia MCSD.Net
"alex" wrote:
I'm setting up a c# client/server application in a 3tier system. Everything from the business objects down through the DAL is stateless. This seems to work great for clustering but the architectural problem I'm running into is that now I have to figure out a way to make a stateful login where no state exists!
Currently I'm thinking of using remoting for my communications. I would like to use webservices but requiring the use of IIS for this app would hamper adoption by a large amount. I have heard that the new communications framework from MS allows you to ship a built in web server?
So my question is two-fold. How do people normally do this? And what communications architecture do they normally use?
how do you have a stateful login with completely stateless business objects? I have thought about this a bit and even if I put a token in the DB backend so that all clustered DAL and business object servers see it, the token would still be visible going across the wire on each new connection. Wouldn't that create a security risk where someone could sniff the token and start a session as that user at any time?
any advice, direction, general comments, etc. would be appreciated.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: comp.lang.php |
last post by:
I can't possibly reproduce the code for this as the 2 classes in
question are about 1500 lines each and condensing is in this case
impossible due to algorithmic logic dependencies.
Let's say you have a Class A and a Class B. Let's say Class A is like
this:
class A {
var $b;
|
by: hans |
last post by:
Hi!
I am new to .NET (coming from Java). We have to implement a desktop
application which extracts data from a database, does some analysis,
filtering etc. and displays the results.
I have noticed that in .NET applications Windows widgets like the
DataGrid are often directly bound to a DataSet Object. For me this
means essentially a 2 tier...
|
by: Gary James |
last post by:
This may not be a direct C# question, but since I'll be using using C# for
development, I thought I'd pose the question here.
I'll soon be involved in the design of a new software product that will
employ a software "Plug-In" architecture. Taking the plug-in route will
give us a design that can adapt to, as yet, undefined future...
|
by: David |
last post by:
I am running into situtations where confining all forms to just one window
(instance of broswer) is becoming overly restrictive. Does ASP.NET provide
ways to have multiple windows to interact with each other (For example, use
a "child" window to fill out an order item. Once the save button is
pressed, the "main" window reflects the newly...
|
by: Jolly Student |
last post by:
Dear Colleagues:
I am a systems guy who has been working with hardware, networking and basic
scripting for ten years or so. I have been given the opportunity to attend
..Net classes of all sorts as part of the MSDN training track. I already
have the MCSE track under my belt and that is where my strengths lie.
The problem is that I have...
| |
by: Agnes |
last post by:
My client hold its MS SQL server in hkbranch, Both china and hong kong
office can run the vb.net application very well via VPN. Now, they want to
reduce cost and move the MS SQL server to china 's data centre .
During testing period, the user cannot connect to the SQL server and alwasy
got "General Network Error", we said that the network...
|
by: John A |
last post by:
I have a Web Service that I am reponsible for that we use for data
integration purposes. Recently I have been tasked with sending some of this
data to a third party. Because they need to receive the data in real time.
They have requested that I subscribe to a Web Service that they have
published. The only problem is that they often take...
|
by: rrs.matrix |
last post by:
hi
i have to detect the type of CPU.
whether it is 32-bit or 64-bit..
how can this be done..
can anyone please help me..
thanks.
|
by: Doug |
last post by:
Hi,
I wanted to start a general discussion more for getting some thoughts
on what other people think/practice out there just to see how far (if
at all) I'm off base on my own thoughts.
My primary experience is developing applications using VB or DotNet. I
have some sql skills but they are limited. In a previous company our
concept on...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |