What is the best way to do an internet two player card game? Currently I was intending to store the game state in the database using ajax to check on when the state of the game changes. Is there a better way to do go about this where the clients communicate with each other and not through a mediary?
You could let clients keep track of the game. But if it's for anything more than just fun, you would have to secure against cheating by replays or message alteration.
For example, suppose you still use AJAX, but have your card app as a javascript library. Well, then you would probably use a push-pull event stack on the server, causing client A to wait at specified times until client B sends its event to the server, at which point server updates client A with the events from client B.
This way, the most "state" you will have is the next synchronous event. The server is responsible for sending events to clients, and they request events from the server saying "The last event I received is event #12345, send me everything after that".
You then control your game to wait for events at certain times.
NOTE: You are not the first to wonder! See Multi-player Ajax Games at ajaxonomy.com, where user Kev links to his Ajax Blackjack game.
You probably wouldn't be able to do a direct P2P connection like that with ASP.NET (assuming this is web-based here).
In the real world, you probably wouldn't want to either though since having the server as an intermediary is the only real way you could prevent cheating (by someone building their own client that doesn't obey the rules)
Just because it is internet based, it doesn't mean it has to be Web based. You could just well make a desktop app with WCF since you are on .NET platform.
If you WANT it to Web based, and you don't want it to run on a server (but instead simply use the server as a place to find another players), you can use a double blind strategy and use each player to verify the actions of the other player. What to do once you find some inconsistence is your call, though. I would simply rollback the changes and force the player to replay the turn. Mind you, this kind of verification is not the best possible approach.
The ideal approach is that you NEVER trust any input from any user. ALWAYS check. Double check if needed. Think of users as rabid dogs that you must feed but that will try to bite your hands, feet and more important parts whenever they have a chance. So protect yourself.
You could use a cloud service bus for the clients to talk to each other then you would not need a server.
http://www.microsoft.com/azure/servicebus.mspx
It might be a bit overkill, but it would be really cool to build.