web application architecture design ask for advice
-
Hi Christian, My concern is, 1. If database schema changes, I have to change ASP.Net code. Using an additional web service layer could make change of database schema transparent to ASP.Net code; 2. I am concerning about using ASP.Net to connect to database is not very secure. Any comments? regards, George
George_George wrote:
If database schema changes, I have to change ASP.Net code
If your database schema changes, you need to change your webservice, too. How often does this happen ?
George_George wrote:
I am concerning about using ASP.Net to connect to database is not very secure.
What on earth makes you think that ? Just to clarify, I assume you're talking about a data layer that connects to a SQL database, not having SQL in your presentation layer, right ?
Christian Graus Driven to the arms of OSX by Vista.
-
1 - Separating the data access to web service make sense for stand-alone applications as it will be distributed to client machines. You can do changes to the WS without redeploying application. But in ASP.NET, since everything is in server, you don't need a WS for data access. You can do it in separate project and refer the assembly in your ASP.NET project. 2 - Personally, I don't prefer using DataSet or DataTable. Use strongly typed DTOs. It will help you to produce clean code. :)
Navaneeth How to use google | Ask smart questions
Thanks Navaneeth! 1. I am planning to develop client side application, and it is another reason why I want to provide an additional web service layer. Any comments? 2. "You can do it in separate project and refer the assembly in your ASP.NET project." -- in the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer. Any comments? Does such design make senses? 2. "Use strongly typed DTOs. It will help you to produce clean code." -- never heard of this method before but intersted, could you show more description or recommend some documents please? regards, George
-
George_George wrote:
If database schema changes, I have to change ASP.Net code
If your database schema changes, you need to change your webservice, too. How often does this happen ?
George_George wrote:
I am concerning about using ASP.Net to connect to database is not very secure.
What on earth makes you think that ? Just to clarify, I assume you're talking about a data layer that connects to a SQL database, not having SQL in your presentation layer, right ?
Christian Graus Driven to the arms of OSX by Vista.
Thanks Christian! And sorry for my bad English. :-) 1. "If your database schema changes, you need to change your webservice, too. How often does this happen?" -- yes I need to change web service code. But ASP.Net code and some Java JSP code are out of my control (not all, but a part of) -- 3rd party assets. I can not force them to change code. So, I want to provide data presentation as a web service layer to make schema change transparent to all clients. About how often -- for every month, there is some schema level change. 2. "What on earth makes you think that ?" -- I have been hacked before at the front layer ASP.Net, and the hacker access database directly. :-( 3. "Just to clarify, I assume you're talking about a data layer that connects to a SQL database, not having SQL in your presentation layer, right ?" yes. :-) 4. In the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer. Any comments? Does such design make senses? regards, George
-
Thanks Christian! And sorry for my bad English. :-) 1. "If your database schema changes, you need to change your webservice, too. How often does this happen?" -- yes I need to change web service code. But ASP.Net code and some Java JSP code are out of my control (not all, but a part of) -- 3rd party assets. I can not force them to change code. So, I want to provide data presentation as a web service layer to make schema change transparent to all clients. About how often -- for every month, there is some schema level change. 2. "What on earth makes you think that ?" -- I have been hacked before at the front layer ASP.Net, and the hacker access database directly. :-( 3. "Just to clarify, I assume you're talking about a data layer that connects to a SQL database, not having SQL in your presentation layer, right ?" yes. :-) 4. In the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer. Any comments? Does such design make senses? regards, George
George_George wrote:
"What on earth makes you think that ?" -- I have been hacked before at the front layer ASP.Net, and the hacker access database directly
Well, at some point, you need to present a website to the world and make sure your server is secure, this is not the fault of ASP.NET. A webservice is just the same, it's on a server, and it needs to know your database passwords, etc. The intelligent thing to do is to not make your website have SA access, but only access to run procs, which then define the scope of what people can do with your db if hacked,.
George_George wrote:
In the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer.
In that case, a layer of abstraction may make a lot of sense, yes.
Christian Graus Driven to the arms of OSX by Vista.
-
George_George wrote:
"What on earth makes you think that ?" -- I have been hacked before at the front layer ASP.Net, and the hacker access database directly
Well, at some point, you need to present a website to the world and make sure your server is secure, this is not the fault of ASP.NET. A webservice is just the same, it's on a server, and it needs to know your database passwords, etc. The intelligent thing to do is to not make your website have SA access, but only access to run procs, which then define the scope of what people can do with your db if hacked,.
George_George wrote:
In the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer.
In that case, a layer of abstraction may make a lot of sense, yes.
Christian Graus Driven to the arms of OSX by Vista.
Thanks Christian, If you think it makes senses to have an additional data access layer, then any advice or solutions to the two issues I mentioned in my original post? regards, George
-
Thanks Christian, If you think it makes senses to have an additional data access layer, then any advice or solutions to the two issues I mentioned in my original post? regards, George
1 - if it's a bottleneck depends on your site's traffic and your site's resources 2 - you CAN return a datatable from a webservice, but I'd lean towards passing strongly typed collections of entity objects.
Christian Graus Driven to the arms of OSX by Vista.
-
Thanks Navaneeth! 1. I am planning to develop client side application, and it is another reason why I want to provide an additional web service layer. Any comments? 2. "You can do it in separate project and refer the assembly in your ASP.NET project." -- in the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer. Any comments? Does such design make senses? 2. "Use strongly typed DTOs. It will help you to produce clean code." -- never heard of this method before but intersted, could you show more description or recommend some documents please? regards, George
George_George wrote:
I am planning to develop client side application, and it is another reason why I want to provide an additional web service layer. Any comments?
If it is as a stand-alone application, abstracting data access on WS is good. You could also consider WCF.
George_George wrote:
Does such design make senses?
Sounds like provider pattern to me. DTO is Data Transfer Object. Read about it here[^]. :)
Navaneeth How to use google | Ask smart questions
-
Thanks Christian! And sorry for my bad English. :-) 1. "If your database schema changes, you need to change your webservice, too. How often does this happen?" -- yes I need to change web service code. But ASP.Net code and some Java JSP code are out of my control (not all, but a part of) -- 3rd party assets. I can not force them to change code. So, I want to provide data presentation as a web service layer to make schema change transparent to all clients. About how often -- for every month, there is some schema level change. 2. "What on earth makes you think that ?" -- I have been hacked before at the front layer ASP.Net, and the hacker access database directly. :-( 3. "Just to clarify, I assume you're talking about a data layer that connects to a SQL database, not having SQL in your presentation layer, right ?" yes. :-) 4. In the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer. Any comments? Does such design make senses? regards, George
George_George wrote:
About how often -- for every month, there is some schema level change.
Ok. So are you saying your database structure changes every month? You can reduce code changes if you design your database well. Don't access the tables directly on the code. Use views to abstract the internal table structure. Use procedures to abstract the data insertions/updations. In such case, a table structure change will not affect your code. You only need to change the procedures/views. :)
Navaneeth How to use google | Ask smart questions
-
Thanks Navaneeth! 1. I am planning to develop client side application, and it is another reason why I want to provide an additional web service layer. Any comments? 2. "You can do it in separate project and refer the assembly in your ASP.NET project." -- in the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer. Any comments? Does such design make senses? 2. "Use strongly typed DTOs. It will help you to produce clean code." -- never heard of this method before but intersted, could you show more description or recommend some documents please? regards, George
See Data Transfer Object[^].
Of one Essence is the human race thus has Creation put the base One Limb impacted is sufficient For all Others to feel the Mace (Saadi )
-
Hello everyone, Previously my ASP.Net web application connects to database directly using ASO.Net. Now I want to change it to 3 layers, ASP.Net layer, middle web service layer and backend database layer. I think there is benefit that I could abstract data source to ASP.Net front layer, loosely coupled and reduce potential security risks to let external exposed ASP.Net web application to be able to access database directly, etc. Compared with 2 layer architecture with the 3 layer architecture, I met with 2 major issues. 1. An additional middle web service layer will incur more traffic, e.g. ASP.Net does not talks to database direclty, but talks to web service and web service talks to database, will incur more traffic. Will it be a bottleneck? Any general advice to solve this issue if it is a bottleneck? 2. Since ASP.Net can not connect to database but connect to web service, it can not get DataSet/DataTable object easily. It becomes hard to present table form data to data bound controls. Any ideas to make presentation layer in ASP.Net easier coding? regards, George
See Connecting to Databases in ASP.NET[^] if helpful?
Of one Essence is the human race thus has Creation put the base One Limb impacted is sufficient For all Others to feel the Mace (Saadi )