Re: web service architecture question
From: Paul Glavich [MVP - ASP.NET] (glav_at_aspalliance.com-NOSPAM)
Date: 08/16/04
- Next message: Jon Turner: "No-Touch Deployment (NTD)"
- Previous message: FeveZ: "RE: Crystal Report from an XML Webservice"
- In reply to: Jon Paugh: "web service architecture question"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 16 Aug 2004 22:59:28 +1000
To assume that we have all the security we will ever need is a bad one. No
matter how tight we make things with CAS, WSE2 etc, there wil lalways be
ways to breach a server, and the separatin of the web and app server is one
way to minimise this risk.
One of our major clients dictates as policy that al web applications must
have a distinct/separate web and app server and that DB access is only
through the app server. This is actually quite common. The othe reasons you
may want to do this is scalability (ie. being able to scale out yur app
servers if required, or your web servers depending on which is required
more).
So to answer:-
1) You can use remoting or web services. Web services require a little more
design and are the recommended future direction of microsoft. Having said
that, remoting will be around for a long time and it does offer "type
fidelity" (ie. ability to remote almost any .Net type). Web services are a
little more restricted in this area, however do lend themselves to the
Service oriented ideal being pushed nowadays.
2) If you use web services, dont think about returning types of objects.
Think about composing specific messages that can be interpreted at both
server and client for the purpose of communicating a business or functional
intention, and also to model its response. As soon as you start trying to
serialise specific types through web services, you run into problems, and
should probably stick to remoting.
-- - Paul Glavich Microsoft MVP - ASP.NET "Jon Paugh" <anonymous@discussions.microsoft.com> wrote in message news:374401c47eee$a5cda310$a501280a@phx.gbl... > Hi All, > > Our customer wants us architecturally to have two > physical servers - a web server box and an application > server box. The web server will be exposed outside the > firewall whereas the application server will only be > accessible by the web server. Our web server will never > access the database directly. Our web server will always > go thru our application server to access the database. > Our web server will use .NET remoting or web services to > access the application server. So the benefit of these > seperate servers is supposed to be added security - the > application tier is behind a second firewall and more > secure than the web server. We have a physical seperate > between our GUI and application logic as well. > > So, the questions are: > > 1) This looks like a lot of work for us. Right now we > have a web server that performs application logic and > directly accesses the database. Is there any way to > increase the security of our web server without > seperating out to a seperate web server and application > server? The security benefit is the only thing I see so > far... > 2) If we do seperate into a seperate application server > and web server, should the web server use .NET remoting > or web services to access the application server? > 3) If we go with web services to access the application > server, what types should we use in the web service > proxy - the types generated by the proxy, or should we > change the generated proxy to use the actual types from > our application...? ( This types question is the worst > issue to me. We are using an ORM tool so we have pretty > complex business objects and returning them thru > serialization to our GUI would be a pain). > > Thanks, > > Jon Paugh
- Next message: Jon Turner: "No-Touch Deployment (NTD)"
- Previous message: FeveZ: "RE: Crystal Report from an XML Webservice"
- In reply to: Jon Paugh: "web service architecture question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
