views:

1869

answers:

3

Hello everyone,

previously my ASP.NET web application connects to a database directly using ADO.NET. Now I want to change it to 3 layers, ASP.NET layer, middle web service layer and backend database layer. I think there is benefit that I could abstract data source to ASP.NET front layer, loosely coupled and reduce potential security risks to let external exposed ASP.Net web application to be able to access database directly, etc.

Compared with 2 layer architecture with the 3 layer architecture, I met with 2 major issues.

  1. An additional middle web service layer will incur more traffic, e.g. ASP.NET does not talks to database directly, but talks to a web service and the web service talks to thedatabase, will incur more traffic. Will it be a bottleneck? Any general advice to solve this issue if it is a bottleneck?

  2. Since ASP.NET can not connect to database but connect to web service, it can not get easily a DataSet/DataTable object. It becomes hard to present table form data to data bound controls. Any ideas to make presentation layer in ASP.NET easier coding?

Regards,
George

+6  A: 

If you only think there is a benefit, you should not do it. You are talking about adding a large amount of complexity and work for yourself, at the cost of performance, code simplicity, and architectural simplicity, for... what? What do you gain that's worth these costs?

Do you:

  • Have urgent security-related needs that require disconnecting the web front-end from the database server (no, not hypothetical "I bet this would be more secure" but demonstrable, concrete security problems which cannot be solved by being smart about what DB rights you grant your ASP.NET application)

  • Expect to swap your data tier out completely at some point in the future (probably repeatedly), and thus need to insulate your web codebase from radical DB changes?

The answer to these in very nearly every case is no. Doing this would just be adding pain for yourself and anyone else who might touch this app.

Rex M
+1 - if you can get by without needing the architecture, use that effort to make your front end better instead of adding layers
routeNpingme
+1 - Absolutely agree with this. It seems like the OP would just make a headache for himeself.
nickohrn
Rex, what do you mean "Have pressing security needs to completely disconnect the database server from the web front-end"? say in some other words?
George2
@George2 edited the question to read "Have urgent security-related needs that require disconnecting the web front-end from the database server" better?
Rex M
Hi routeNpingme, nickohrn and nailitdown. I think 3 tiers is a more loosely coupled pattern. And loosely coupled to database. Isn't loosely coupled better?
George2
Thanks Rex. Both the need of database security and database change are required as high priority. So, I think 3 tier architecture is needed. For the two issues I mentioned in my post, any ideas or comments or recommended readings? :-)
George2
@george2 loosely coupled is not better, it's just different. If you have evidence of a hole in your DB connection, use @rally25rs' recommendation for DMZ layout. Honestly using web services to abstract your data tier for future-proofing is usually not a very good idea.
Rex M
I am confused about what do you guys mean "DMZ layout"?
George2
@george2 @rally25rs' answer describes a basic network layout for separating your database from your web front-end by putting a web services server in the middle and a firewall between each.
Rex M
+1  A: 

Regarding your question #2 - you can most certainly return a DataSet from a web service. http://tinyurl.com/ah58xc

However, perhaps a better option would be to simply refactor your application instead of making it into a multi-tier. For example, separate the "data access" into a separate Class Library project that you reference from your ASP.NET project. This could make things more organized and might possibly accomplish some of what you're wanting to do with the multiple tier architecture.

By the way, the biggest danger in creating multiple tiers when you might not necessarily need them is that you end up creating "proxy" code, for lack of a better term. That is, methods that serve no purpose other than to call the "real" back-end methods with the same parameters. This feels better at first because you have a clean layer separation but leads to maintenance problems down the road, because, for example, to add a parameter to a method, you have to add it 3 times (back-end, proxy layer, and presentation layer).

routeNpingme
I agree with the bad use of 'proxy' code. I've worked in a terrible arch. that litterally had 6 layers, 4 of which just passed through parameters! If the middle tier isnt going to do anything (like bus logic) then don't bother making one.
rally25rs
Hi routeNpingme, I read the document you recommended. My concern is in the near future, there may be some Java based application to access the web services. Could Java recognize .Net DataSet type? I doubt. Any comments?
George2
routeNpingme, a new comment. In the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer. Any comments? Does such design make senses?
George2
Hi rally25rs, I think SOA is to add more layers, is SOA evil? :-)
George2
George2, my only thought is that you could add a SOA component for other apps without creating layers (create web services in your existing asp.net app). Always try to stick with as few layers as possible until absolutely necessary.
routeNpingme
One other note, if you haven't tried building a multi-layer app, do a small disposable one as a pilot, first. Don't make your real application your first try. Ultimately this decision is up to you so you really need to understand the consequences yourself. :)
routeNpingme
A: 

My first question is: Why a web service in the middle? If this is all going to run on the same physical machine, then you may want to refactor a middle tier that is used through a set of interfaces and using direct method calls.

I am working on an architecture that is seperated with a middle-tier web service, but it contains all the company critical business logic, and will not be directly exposed to the internet. Something like:

{internet} -> |DMZ| -> Web server -> |Firewalled LAN| -> App server -> Database server

In that case, I do think it adds a layer of security, as the mission critical stuff isn't on the DMZ. Granted it still technically violates some security issues because the web server can contact the app server, but having the app server exposed through a single port to a specific IP in the DMZ is better than having it exposed to the internet.

If you are going to use WCF to communicate between the servers, I would suggest using something like binary serialization over TCP, instead of SOAP. That should perform better (feel free to set up a quick test). I haven't tried it myself, but WCF might be able to serialize a dataset or table over the wire. See here.

rally25rs
Thanks rally25rs!1.What means "DMZ"?2.In the future, I may introduct cache server and file based server, and I want to use a middle layer web service to transparent the data source differences to ASP.Net layer. Any comments? Does such design make senses?
George2
DMZ: http://en.wikipedia.org/wiki/Demilitarized_zone_(computing)
rally25rs