general architecture question

A

alex

I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!

Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?

So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?

how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?

any advice, direction, general comments, etc. would be appreciated.
 
P

Piyush Daiya

Hi,

Well, msdn has two articles on remoting security using tcp channel. But
again, it is applicable if you have users who are part of domain .

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsspi.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsec.asp

Other way would be develop your own mechanism. Take a look at this post -->
http://www.dotnet247.com/247reference/msgs/45/228196.aspx , might help you
in developing a solution.


HTH,

Piyush
 
K

Klaus H. Probst

First off, you didn't mention what transport you're using. COM+? WS?
Remoting?

With that in hand we can probably give you some ideas.
 
G

Guest

Hi alex,

If you're still keen on running with web services, why don't you host them
inside a windows service?

You'll have to add WSE3.0 to your application stack to get it working, but
then you'll be able to host web services in a console application, windows
service or com+ application also.

HTH,

Adam
 
G

Guest

That is exaclty what i would do. If you don't want to use wse 3.0 you can
create web services layer that addresses a window service or com+.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

General questions about 3-tier architecture with webservices 2
DAL as Base Class - any Merits to Doing So? 3
WCF Architecture question 11
Where to Put DAL and Business Objects in WinForms App? 3
Diff between 'n-tier' vs 'distributed architecture' vs. 'multi-layered programming'? 7
Avoiding WinForm Binding - If Possible... 4
Service Oriented Architecture 5
Using custom classes in webservice 2

Top