A
alex
I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!
Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?
So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?
how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?
any advice, direction, general comments, etc. would be appreciated.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!
Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?
So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?
how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?
any advice, direction, general comments, etc. would be appreciated.