Transcript EMarket
044167 – Project A Semester spring, 2006 DotNet Market Web Site “EMarket” Milena Natanov Project Supervisor: Victor Kulikov Lab Chief Engineer: Dr. Ilana David Agenda About EMarket Technologies and design patterns EMarket Architecture Database Application Presentation Security considerations Possible extensions and improvements EMarket is an eBay-like online market place The web site is used to sell or buy new and used products. EMarket Users All users Registration Search for products, review product categories Add/remove products in Shopping Bag Registered users Propose products for sell Can also remove or hide them Buy products proposed by others Resell bought products Comment and rate other users EMarket Administrator Manage users, products and categories blocks/unblocks users’ accounts blocks/unblocks products for sell adds/removes categories Buy, Sell, Comment, like a regular registered user Technologies Application Tier Database Tier Microsoft Enterprise SQL server. ADO.Net Presentation Layer .Net Framework 2 (C#) ASP.Net Development Environment Visual Studio 2005 Architectural patterns and Methodologies Object-oriented Analysis and Design (OAD). Project report includes: Three-tier architecture Project requirements Use-case diagram and specifications Class and Package diagrams Sequence diagram Application, Presentation and Data Model-View-Controller (MVC) Model, View, Controller Additional Software Components User Session Management Web Cookies Encryption Password Hashing Web Config File Encryption Mail Send mails using SmtpClient class of .Net EMarket Architecture System overview Three-tier architecture Three-tier architecture EMarket Database User information Product information Credentials Products for sell Bought products history Comments Rating Categories Status Stored Procedures and Views EMarket Database Relationships Application tier MVC - Introduction EMarket application tier was designed using Model-View-Controller design pattern: Model – the application object that represents the data saved in EMarket database View – UI (ASPX code-behind) Controller – connects between UI requests and EMarket data Application tier MVC - GUI Application tier MVC - Controller Application tier MVC - Model Database and Application Intersection EMarket uses Ado.Net to access the SQL database from the application tier. Using this technology it operates stored procedures for retrieving relevant data or updating it in the EMarket database. Database and Application Intersection How it works: create a connection to EMarket database update or retrieve data using: SqlCommand SqlDataReader SqlDataAdapter Database and Application Intersection SqlCommand - represents a Transact-SQL statement or stored procedure to execute against a SQL Server database. Database and Application Intersection SqlDataReader – provides a way of reading a forward-only stream of rows from a SQL Server database. Database and Application Intersection SqlDataAdapter - represents a set of data commands and a database connection that are used to fill the DataSet or DataTable and update a SQL Server database. Three-tier architecture Presentation Tier Server Controls used in EMarket: Web Server Controls Emarket User Controls Login Control Validation Server Controls Three-tier architecture Presentation Tier The GridView web control: It was used in most of the pages Binding to data source. Built-in sorting capabilities. Built-in updating and deleting capabilities. Built-in paging capabilities. Built-in row selection capabilities. Three-tier architecture Presentation Tier UserControls: MainFrame Admin Three-tier architecture Presentation Tier • Login Control Three-tier architecture Presentation Tier • Validation Control Three-tier architecture Presentation Tier Web Usability If a website is difficult to use or is unclear, the user leaves and looks for a different site. Usability is necessary for survival! Presentation Tier – Web usability Learnability Efficiency currently there is no confirmation messages user should be certain before “pushing the button” Satisfaction complete tasks quickly matching messages assists the user to obtain better performance Errors A user should get along EMarket easily. I asked few students and they indicated that it was convenient and easy to use EMarket web-site services. Utility compliance with the project requirements Security Application security: EMarket web.config file encryption Data security: Separate user roles: authorized users: see and manage only their private data at EMarket, sell/ purchase products administrator: manage the users, products and categories unauthenticated users: can only view the products, user comments and ratings. Password protection: After authorization only username is saved in cookies. Password is not exposed. Password is hashed before it is saved to EMarket database One-way encryption Possible extensions and improvements Data tier: Remove all queries from application to database as stored procedures. Possible extensions and improvements Logic tier: Define and implement the interface EMarket money account with real bank accounts. Manage the user session data (for example, shopping bag) on the server and not in the session cookie to prevent cookie poisoning (stealing or manipulating this data by hackers). Possible extensions and improvements Presentation tier: Improve and make graphics more attractive Allow products sorting in “Shop” and “History” sections by edition date Allow products sorting in “Shop” section by price Add new sub-“Shop” section called Sale and present there products that are on sale Possible extensions and improvements Presentation tier: Add advertisement panel, EMarket web-site can make gains. When user wants to delete some data (product in buyer history, product in seller history, or comment he wrote) or to update balance at money account, the system will show to user small confirmation message window. Thus, many errors will be prevented. Allow multiple EMarket administrators to be defined. Me and Victor Thanks to Soft-lab staff And special thanks to Victor, Ilana and Lev for technical support and encouragement!