044167 Project A Semester spring 2006 Dot

044167 – Project A Semester spring, 2006 Dot. Net Market Web Site “EMarket” Milena Natanov Project Supervisor: Victor Kulikov Lab Chief Engineer: Dr. Ilana David

Agenda About EMarket l Technologies and design patterns l EMarket Architecture l Database l Application l Presentation l Security considerations l Possible extensions and improvements l

EMarket is an e. Bay-like online market place l The web site is used to sell or buy new and used products.

EMarket Users l All users l l Registration Search for products, review product categories Add/remove products in Shopping Bag Registered users l Propose products for sell l l Can also remove or hide them Buy products proposed by others Resell bought products Comment and rate other users

EMarket Administrator l Manage users, products and categories blocks/unblocks users’ accounts l blocks/unblocks products for sell l adds/removes categories l l Buy, Sell, Comment, like a regular registered user

Technologies l Application Tier l l Database Tier l l l Microsoft Enterprise SQL server. ADO. Net Presentation Layer l l . Net Framework 2 (C#) ASP. Net Development Environment l Visual Studio 2005

Architectural patterns and Methodologies l Object-oriented Analysis and Design (OAD). Project report includes: l l l Three-tier architecture l l Project requirements Use-case diagram and specifications Class and Package diagrams Sequence diagram Application, Presentation and Data Model-View-Controller (MVC) l Model, View, Controller

Additional Software Components l User Session Management l l Web Cookies Encryption Password Hashing l Web Config File Encryption l l Mail l Send mails using Smtp. Client class of. Net

EMarket Architecture

System overview

Three-tier architecture

Three-tier architecture EMarket Database l User information l l l Product information l l l Credentials Products for sell Bought products history Comments Rating Categories Status Stored Procedures and Views

EMarket Database Relationships

Application tier MVC - Introduction EMarket application tier was designed using Model-View-Controller design pattern: l Model – the application object that represents the data saved in EMarket database l View – UI (ASPX code-behind) l Controller – connects between UI requests and EMarket data

Application tier MVC - GUI

Application tier MVC - Controller

Application tier MVC - Model

Database and Application Intersection EMarket uses Ado. Net to access the SQL database from the application tier. l Using this technology it operates stored procedures for retrieving relevant data or updating it in the EMarket database. l

Database and Application Intersection How it works: l create a connection to EMarket database l update or retrieve data using: l Sql. Command l Sql. Data. Reader l Sql. Data. Adapter

Database and Application Intersection Sql. Command - represents a Transact-SQL statement or stored procedure to execute against a SQL Server database.

Database and Application Intersection Sql. Data. Reader – provides a way of reading a forward-only stream of rows from a SQL Server database.

Database and Application Intersection Sql. Data. Adapter - represents a set of data commands and a database connection that are used to fill the Data. Set or Data. Table and update a SQL Server database.

Three-tier architecture Presentation Tier l Server Controls used in EMarket: Web Server Controls Emarket User Controls Login Control Validation Server Controls

Three-tier architecture Presentation Tier l The Grid. View web control: It was used in most of the pages Binding to data source. Built-in sorting capabilities. Built-in updating and deleting capabilities. Built-in paging capabilities. paging Built-in row selection capabilities.

Three-tier architecture Presentation Tier l User. Controls: Main. Frame Admin

Three-tier architecture Presentation Tier • Login Control

Three-tier architecture Presentation Tier • Validation Control

Three-tier architecture Presentation Tier Web Usability If a website is difficult to use or is unclear, the user leaves and looks for a different site. Usability is necessary for survival!

Presentation Tier – Web usability l Learnability l l Efficiency l l currently there is no confirmation messages user should be certain before “pushing the button” Satisfaction l l complete tasks quickly matching messages assists the user to obtain better performance Errors l l A user should get along EMarket easily. I asked few students and they indicated that it was convenient and easy to use EMarket web-site services. Utility l compliance with the project requirements

Security Application security: l EMarket web. config file encryption Data security: l Separate user roles: l l authorized users: see and manage only their private data at EMarket, sell/ purchase products administrator: manage the users, products and categories unauthenticated users: can only view the products, user comments and ratings. Password protection: l l After authorization only username is saved in cookies. Password is not exposed. Password is hashed before it is saved to EMarket database l One-way encryption

Possible extensions and improvements Data tier: l Remove all queries from application to database as stored procedures.

Possible extensions and improvements Logic tier: l Define and implement the interface EMarket money account with real bank accounts. l Manage the user session data (for example, shopping bag) on the server and not in the session cookie to prevent cookie poisoning (stealing or manipulating this data by hackers).

Possible extensions and improvements Presentation tier: l l Improve and make graphics more attractive Allow products sorting in “Shop” and “History” sections by edition date Allow products sorting in “Shop” section by price Add new sub-“Shop” section called Sale and present there products that are on sale

Possible extensions and improvements Presentation tier: l l l Add advertisement panel, EMarket web-site can make gains. When user wants to delete some data (product in buyer history, product in seller history, or comment he wrote) or to update balance at money account, the system will show to user small confirmation message window. Thus, many errors will be prevented. Allow multiple EMarket administrators to be defined.

Me and Victor

Thanks to Soft-lab staff And special thanks to Victor, Ilana and Lev for technical support and encouragement!