tags:

views:

331

answers:

5
+2  Q: 

ASP.NET Application on 3 physical tiers

For clarity when I mention tiers in my question, I am referring to physical tiers (i.e. different servers for presentation, application and database)

My company has a public facing website that is currently built as a typical 2 tier system (web server and database server).

Soon a project will start in which we will be re-writing the whole site. We are required to split the project across 3 physical tiers. Actually, when you consider the browser then you could consider it 4 physical tiers.

In my experience most asp.net applications are built on 2 tiers. The web application itself my have several layers but physically it is deployed to two servers (web and DB).

I have searched for examples but it seems that layers and tiers get confused. I see a lot of multi-layer examples but no multi-tier examples.

In a nutshell it would seem that the web application makes web service or WCF calls to the application layer that marshals data to and from the database using ADO (or L2S or EF).

Does ASP.MVC help achieve this? Does it make it any easier or just different?

Is there a good reference or example of this somewhere?

A: 

This is an odd requirement. Did it come from the customer? It is possible that some customer education is needed.

I know J2EE systems can be split over three tiers, with web server on the first application server in the middle and a DB on the back end but I havn't heard of this with .NET.

Jeremy French  2009-09-18 06:27:05
My company is in the financial sector and they are very anal about security. There is a whole division of IT devoted to security. This requirement comes from them. They believe the system will be more secure. Hardware has been purchased so it's gonna happen.
Loki Stormbringer  2009-09-18 06:32:25
Ouch. In this situation I would work closely with this ‘security’ team to find out how adding an extra tier makes things more secure. Bug the heck out of them all in the interests of building a secure system. If you are lucky they may back down and let you build a more traditional system, if not you will at least make them think about it more in future.
Jeremy French  2009-09-18 08:41:22
+1  A: 

In my opinion ASP.NET MVC isn't going to help, or hinder this scenario. Basically you'd going to have your model exposed not as Linq2Sql, the Entity Framework or any other ORM but from the middle tier, probably by WCF.

This presents the usual challenge around authentication and authorization - namely how does authentication flow between tiers., but that's are unique to MVC, a WebForms solution would have the same sticking points You'll also lose the model validation bits that an ORM may supply and will have to provide that yourself in your web services repository, but that's just a matter of implementing the right interfaces.

blowdart  2009-09-18 06:50:47
I agree that MVC won't hurt. It might help a little. What would really help, I think, is ADO.NET Data Services (a.k.a. Astoria). It's easier than "plain" WCF for this purpose.
Craig Stuntz  2009-09-18 13:06:07
+2  A: 

Gday Rick,

I work for a company that has the same multi tiered policy due to security.

I have an ASP.NET MVC web application on one tier that connects to a application tier that a web service sits on and is basically a facade for the database and a mainframe. Pretty much exactly the same as your setup.

ASP.NET MVC makes it really nice and easy to use this setup because you can easily build a validated object model in your ASP.NET MVC application. Once the object passes all top end validation you can easily transfer it on to the application tier via a web service.

I suppose this would be easy to do with a classic ASP.NET application however I think MVC makes things a lot easier!

Check out my blog for an example of how I have validated my models before sending to the application server.

Cheers, Michael

Michael  2009-09-18 06:51:14
Thanks for the answer. At first glance this looks a lot like the Validator Application Block which is part of the Enterprise Library (http://msdn.microsoft.com/en-us/library/dd203099.aspx).
Loki Stormbringer  2009-09-18 07:10:59
It does look like that ey! I diddn't know that the Validator Application Block existed. Thanks for the heads up. I will utilise this in the future!
Michael  2009-09-18 08:19:17
+4  A: 

I don't think adding another tier increases security, but it definitely slows down performance and significantly increases development cost and complexity.

In the end, you can partition your application with an additional tier anyway you want. If it were me, I'd probably create the dumbest pass through tier I could if I was given this "interesting" requirement.

In fact, managing security around another tier implies significantly increased opportunities for security holes to be accidently exposed.

ASP.NET MVC should have no impact, but you will likely end up using something like WCF. For marshalling data back and forth, you probably want to use DTOs which are not tied to any particular database or ORM.

This is not a situation I'd be happy to find myself in. Increased complexity does not lead to increased security.

Michael Maddox  2009-09-18 07:50:03
A: 

As mentioned before... MVC won't really matter in this situation. The closes analogue I have is we had a financial client separate out their web services into tiers...

so something like 1) public facing load balanced web services 2) web services 3) application code 4) database code

I don't remember if layer 3 and 2 were physically separated (been a while) but essentially layer one was fairly thin and just threw the requests over the dmz to the inside service.

So you could probably do something similar with the web site... potential for bottlenecks, but would get you the physical separation you need.

Good Luck!

edgaralgernon  2009-09-18 18:21:50

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps