DotNet Market Web Site DotNet Market Web Site “EMarket”“EMarket”

Milena Natanov

Project Supervisor: Victor KulikovLab Chief Engineer: Dr. Ilana David

044167 – Project A Semester spring, 2006Semester spring, 2006

Agenda

About EMarketTechnologies and design patternsEMarket Architecture

DatabaseApplicationPresentation

Security considerationsPossible extensions and improvements

EMarket is an eBay-like online market place

The web site is used to sell or buy new and new and usedused products.

EMarket Users

All users Registration Search for products, review

product categories Add/remove products in

Shopping Bag Registered users

Propose products for sell Can also remove or hide them

Buy products proposed by others Resell bought products Comment and rate other users

EMarket Administrator

Manage users, products and categoriesblocks/unblocks users’ accounts blocks/unblocks products for selladds/removes categories

Buy, Sell, Comment, like a regular registered user

Technologies

Application Tier .Net Framework 2 (C#)

Database Tier Microsoft Enterprise SQL

server. ADO.Net

Presentation Layer ASP.Net

Development Environment Visual Studio 2005

Architectural patterns and Methodologies

Object-oriented Analysis and Design (OAD). Project report includes: Project requirements Use-case diagram and specifications Class and Package diagrams Sequence diagram

Three-tier architecture Application, Presentation and Data

Model-View-Controller (MVC) Model, View, Controller

Additional Software Components

User Session ManagementWeb Cookies

EncryptionPassword HashingWeb Config File Encryption

MailSend mails using SmtpClient class of .Net

EMarket ArchitectureEMarket Architecture

System overview

Three-tier architecture

Three-tier architecture

EMarket Database

User information Credentials Products for sell Bought products history Comments Rating

Product information Categories Status

Stored Procedures and Views

EMarket Database Relationships

Application tier

MVC - Introduction

EMarket application tier was designed using Model-View-Controller design pattern:

Model – the application object that represents the data saved in EMarket database

View – UI (ASPX code-behind) Controller – connects between UI requests and

EMarket data

Application tier MVC - GUI

Application tier MVC - Controller

Application tier MVC - Model

Database and Application Intersection

EMarket uses Ado.Net to access the SQL database from the application tier.

Using this technology it operates stored procedures for retrieving relevant data or updating it in the EMarket database.

Database and Application Intersection

How it works:create a connection to EMarket

databaseupdate or retrieve data using:

SqlCommandSqlDataReaderSqlDataAdapter

Database and Application Intersection

SqlCommand - represents a Transact-SQL statement or stored procedure to execute against a SQL Server database.

Database and Application Intersection

SqlDataReader – provides a way of reading a forward-only stream of rows from a SQL Server database.

Database and Application Intersection

SqlDataAdapter - represents a set of data commands and a database connection that are used to fill the DataSet or DataTable and update a SQL Server database.

Three-tier architecture

Presentation Tier Server Controls used in EMarket:

Web Server Controls Emarket User Controls Login Control Validation Server Controls

The GridView web control: It was used in most of the pages Binding to data source. Built-in sorting capabilities. Built-in updating and deletingdeleting capabilities. Built-in pagingpaging capabilities. Built-in row selectionrow selection capabilities.

Three-tier architecture

Presentation Tier

UserControls: MainFrame Admin

Three-tier architecture

Presentation Tier

• Login Control

Three-tier architecture

Presentation Tier

• Validation Control

Three-tier architecture

Presentation Tier

Three-tier architecture Presentation Tier

Web Usability

If a website is difficult to use or is unclear, the user leaves and looks for a different site. Usability is necessary for survival!

Presentation Tier – Web usability

Learnability A user should get along EMarket easily.

Efficiency complete tasks quickly matching messages assists the user to obtain better

performance Errors

currently there is no confirmation messages user should be certain before “pushing the button”

Satisfaction I asked few students and they indicated that it was convenient

and easy to use EMarket web-site services. Utility

compliance with the project requirements

Security

Application security: EMarket web.config file encryptionData security: Separate user roles:

authorized users: see and manage only their private data at EMarket, sell/ purchase products

administrator: manage the users, products and categories unauthenticated users: can only view the products, user comments and

ratings.

Password protection: After authorization only username is saved in cookies.

Password is not exposed. Password is hashed before it is saved to EMarket database

One-way encryption

Possible extensions and improvements

Data tier:

Remove all queries from application to database as stored procedures.

Possible extensions and improvements

Logic tier:

Define and implement the interface EMarket money account with real bank accounts.

Manage the user session data (for example, shopping bag) on the server and not in the session cookie to prevent cookie poisoning (stealing or manipulating this data by hackers).

Possible extensions and improvements

Presentation tier:

Improve and make graphics more attractive Allow products sorting in “Shop” and “History”

sections by edition date Allow products sorting in “Shop” section by

price Add new sub-“Shop” section called Sale and

present there products that are on sale

Possible extensions and improvements

Presentation tier:

Add advertisement panel, EMarket web-site can make gains.

When user wants to delete some data (product in buyer history, product in seller history, or comment he wrote) or to update balance at money account, the system will show to user small confirmation message window. Thus, many errors will be prevented.

Allow multiple EMarket administrators to be defined.

Me and Victor Me and Victor

And special thanks toAnd special thanks to

Victor, Ilana and Lev Victor, Ilana and Lev

for technical support for technical support and encouragement!and encouragement!

Thanks to Soft-lab Thanks to Soft-lab staffstaff