dotnet market web site “emarket” milena natanov project supervisor: victor kulikov lab chief...
Post on 19-Dec-2015
212 views
TRANSCRIPT
DotNet Market Web Site DotNet Market Web Site “EMarket”“EMarket”
Milena Natanov
Project Supervisor: Victor KulikovLab Chief Engineer: Dr. Ilana David
044167 – Project A Semester spring, 2006Semester spring, 2006
Agenda
About EMarketTechnologies and design patternsEMarket Architecture
DatabaseApplicationPresentation
Security considerationsPossible extensions and improvements
EMarket is an eBay-like online market place
The web site is used to sell or buy new and new and usedused products.
EMarket Users
All users Registration Search for products, review
product categories Add/remove products in
Shopping Bag Registered users
Propose products for sell Can also remove or hide them
Buy products proposed by others Resell bought products Comment and rate other users
EMarket Administrator
Manage users, products and categoriesblocks/unblocks users’ accounts blocks/unblocks products for selladds/removes categories
Buy, Sell, Comment, like a regular registered user
Technologies
Application Tier .Net Framework 2 (C#)
Database Tier Microsoft Enterprise SQL
server. ADO.Net
Presentation Layer ASP.Net
Development Environment Visual Studio 2005
Architectural patterns and Methodologies
Object-oriented Analysis and Design (OAD). Project report includes: Project requirements Use-case diagram and specifications Class and Package diagrams Sequence diagram
Three-tier architecture Application, Presentation and Data
Model-View-Controller (MVC) Model, View, Controller
Additional Software Components
User Session ManagementWeb Cookies
EncryptionPassword HashingWeb Config File Encryption
MailSend mails using SmtpClient class of .Net
EMarket ArchitectureEMarket Architecture
System overview
Three-tier architecture
Three-tier architecture
EMarket Database
User information Credentials Products for sell Bought products history Comments Rating
Product information Categories Status
Stored Procedures and Views
EMarket Database Relationships
Application tier
MVC - Introduction
EMarket application tier was designed using Model-View-Controller design pattern:
Model – the application object that represents the data saved in EMarket database
View – UI (ASPX code-behind) Controller – connects between UI requests and
EMarket data
Application tier MVC - GUI
Application tier MVC - Controller
Application tier MVC - Model
Database and Application Intersection
EMarket uses Ado.Net to access the SQL database from the application tier.
Using this technology it operates stored procedures for retrieving relevant data or updating it in the EMarket database.
Database and Application Intersection
How it works:create a connection to EMarket
databaseupdate or retrieve data using:
SqlCommandSqlDataReaderSqlDataAdapter
Database and Application Intersection
SqlCommand - represents a Transact-SQL statement or stored procedure to execute against a SQL Server database.
Database and Application Intersection
SqlDataReader – provides a way of reading a forward-only stream of rows from a SQL Server database.
Database and Application Intersection
SqlDataAdapter - represents a set of data commands and a database connection that are used to fill the DataSet or DataTable and update a SQL Server database.
Three-tier architecture
Presentation Tier Server Controls used in EMarket:
Web Server Controls Emarket User Controls Login Control Validation Server Controls
The GridView web control: It was used in most of the pages Binding to data source. Built-in sorting capabilities. Built-in updating and deletingdeleting capabilities. Built-in pagingpaging capabilities. Built-in row selectionrow selection capabilities.
Three-tier architecture
Presentation Tier
UserControls: MainFrame Admin
Three-tier architecture
Presentation Tier
• Login Control
Three-tier architecture
Presentation Tier
• Validation Control
Three-tier architecture
Presentation Tier
Three-tier architecture Presentation Tier
Web Usability
If a website is difficult to use or is unclear, the user leaves and looks for a different site. Usability is necessary for survival!
Presentation Tier – Web usability
Learnability A user should get along EMarket easily.
Efficiency complete tasks quickly matching messages assists the user to obtain better
performance Errors
currently there is no confirmation messages user should be certain before “pushing the button”
Satisfaction I asked few students and they indicated that it was convenient
and easy to use EMarket web-site services. Utility
compliance with the project requirements
Security
Application security: EMarket web.config file encryptionData security: Separate user roles:
authorized users: see and manage only their private data at EMarket, sell/ purchase products
administrator: manage the users, products and categories unauthenticated users: can only view the products, user comments and
ratings.
Password protection: After authorization only username is saved in cookies.
Password is not exposed. Password is hashed before it is saved to EMarket database
One-way encryption
Possible extensions and improvements
Data tier:
Remove all queries from application to database as stored procedures.
Possible extensions and improvements
Logic tier:
Define and implement the interface EMarket money account with real bank accounts.
Manage the user session data (for example, shopping bag) on the server and not in the session cookie to prevent cookie poisoning (stealing or manipulating this data by hackers).
Possible extensions and improvements
Presentation tier:
Improve and make graphics more attractive Allow products sorting in “Shop” and “History”
sections by edition date Allow products sorting in “Shop” section by
price Add new sub-“Shop” section called Sale and
present there products that are on sale
Possible extensions and improvements
Presentation tier:
Add advertisement panel, EMarket web-site can make gains.
When user wants to delete some data (product in buyer history, product in seller history, or comment he wrote) or to update balance at money account, the system will show to user small confirmation message window. Thus, many errors will be prevented.
Allow multiple EMarket administrators to be defined.
Me and Victor Me and Victor
And special thanks toAnd special thanks to
Victor, Ilana and Lev Victor, Ilana and Lev
for technical support for technical support and encouragement!and encouragement!
Thanks to Soft-lab Thanks to Soft-lab staffstaff