By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,971 Members | 1,451 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,971 IT Pros & Developers. It's quick & easy.

general architecture question

P: n/a

I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!

Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?

So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?

how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?

any advice, direction, general comments, etc. would be appreciated.
Mar 14 '06 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hi,

Well, msdn has two articles on remoting security using tcp channel. But
again, it is applicable if you have users who are part of domain .

http://msdn.microsoft.com/library/de...ml/remsspi.asp

http://msdn.microsoft.com/library/de...tml/remsec.asp

Other way would be develop your own mechanism. Take a look at this post -->
http://www.dotnet247.com/247referenc...45/228196.aspx , might help you
in developing a solution.
HTH,

Piyush

"alex" <alex sparsky> wrote in message
news:mg********************************@4ax.com...

I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!

Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?

So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?

how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?

any advice, direction, general comments, etc. would be appreciated.

Mar 14 '06 #2

P: n/a
First off, you didn't mention what transport you're using. COM+? WS?
Remoting?

With that in hand we can probably give you some ideas.

--
klaus

"alex" <alex sparsky> wrote in message
news:mg********************************@4ax.com...

I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!

Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?

So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?

how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?

any advice, direction, general comments, etc. would be appreciated.

Mar 15 '06 #3

P: n/a
Hi alex,

If you're still keen on running with web services, why don't you host them
inside a windows service?

You'll have to add WSE3.0 to your application stack to get it working, but
then you'll be able to host web services in a console application, windows
service or com+ application also.

HTH,

Adam

--
Adam May
Sydney, Australia
MCSD.Net
"alex" wrote:

I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!

Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?

So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?

how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?

any advice, direction, general comments, etc. would be appreciated.

Mar 20 '06 #4

P: n/a
That is exaclty what i would do. If you don't want to use wse 3.0 you can
create web services layer that addresses a window service or com+.

"Adam May" wrote:
Hi alex,

If you're still keen on running with web services, why don't you host them
inside a windows service?

You'll have to add WSE3.0 to your application stack to get it working, but
then you'll be able to host web services in a console application, windows
service or com+ application also.

HTH,

Adam

--
Adam May
Sydney, Australia
MCSD.Net
"alex" wrote:

I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!

Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?

So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?

how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?

any advice, direction, general comments, etc. would be appreciated.

Mar 26 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.