general architecture question

  • Thread starter Thread starter alex
  • Start date Start date
A

alex

I'm setting up a c# client/server application in a 3tier system.
Everything from the business objects down through the DAL is
stateless. This seems to work great for clustering but the
architectural problem I'm running into is that now I have to figure
out a way to make a stateful login where no state exists!

Currently I'm thinking of using remoting for my communications. I
would like to use webservices but requiring the use of IIS for this
app would hamper adoption by a large amount. I have heard that the
new communications framework from MS allows you to ship a built in web
server?

So my question is two-fold. How do people normally do this? And what
communications architecture do they normally use?

how do you have a stateful login with completely stateless business
objects? I have thought about this a bit and even if I put a token in
the DB backend so that all clustered DAL and business object servers
see it, the token would still be visible going across the wire on each
new connection. Wouldn't that create a security risk where someone
could sniff the token and start a session as that user at any time?

any advice, direction, general comments, etc. would be appreciated.
 
Hi,

Well, msdn has two articles on remoting security using tcp channel. But
again, it is applicable if you have users who are part of domain .

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsspi.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsec.asp

Other way would be develop your own mechanism. Take a look at this post -->
http://www.dotnet247.com/247reference/msgs/45/228196.aspx , might help you
in developing a solution.


HTH,

Piyush
 
First off, you didn't mention what transport you're using. COM+? WS?
Remoting?

With that in hand we can probably give you some ideas.
 
Hi alex,

If you're still keen on running with web services, why don't you host them
inside a windows service?

You'll have to add WSE3.0 to your application stack to get it working, but
then you'll be able to host web services in a console application, windows
service or com+ application also.

HTH,

Adam
 
That is exaclty what i would do. If you don't want to use wse 3.0 you can
create web services layer that addresses a window service or com+.
 
Back
Top