1.

3-Tier Architecture
1.0 Definition and motivation A 3-tier application is a program which is organized into three major disjunctive tiers. These tiers are Presentation Tier (Front end) Logical Tier (Middleware) Data Tier (Backend).

Each layer can be deployed in geographically separated computers in a network. Some architects divide Logi Tier in to two sub tiers Business and Data Access Tiers, in order to increase scalability and transparency. The tiers can be deployed on physically separated machines. The characteristic of the tier communication is that the tiers will communicate only to their adjacent neighbors. For an example, The Presentation Tier will interact directly with the Business Tier and not directly with Data Access or Data Tiers.

Fig 1 (A typical 3.Tier Architecture) The Figure 1 shows a typical 3.Tier Architecture scenario. I think, we should look back the history of computing to understand the advantages of 3.Tier Architecture. Mainframes ruled the it-landscape until mid 1980s .The main characteristic of a Host Architecture is that the application and databases reside on the same host computer and the user interact with the host using an unfriendly and dump terminal. This monolith architecture does not support distributed computing (the host applications are not able to connect a database of a strategically allied partner). Some mangers found that developing a host application take too long and expensive. Consequently led these disadvantages to ClientServer(C/S) architecture. In fact, Client Server(C/S) architecture is a 2-Tier architecture because the client does not distinguish between Presentation Tier and Logical Tier. That is why we call this type of client as Fat Client. The increasing demands on GUI controls caused difficulty to manage the mixture of source code from GUI and Business Logic (Spaghetti Code). Further, C\S Architecture does not support enough the Change Management. Let us suppose that the government increases the consume tax rate from 14% to 16 %, then in the C\S case, you have to send an update to each clients and they must update synchronously on a specific time otherwise you may store corrupt

information. The C/S Architecture is also a burden to network traffic and resources. Let us assume that about five hundred clients are working on a data server then we will have five hundred ODBC connections and several ruffian record sets, which must be transported from the server to the clients (because the Business Logic Tier is situated in the client side). The fact that C/S does not have any caching facilities like in ASP.NET, caused additional traffic in the network. In the late 1990s, designers have shifted the Business Logic from the client to server to elude the handicaps from C/S Architecture. Normally, a server has a better hardware than client therefore it is able compute algorithms faster than a client, so this fact is also an additional pro argument for the 3.Tier Architecture. Now let us go back to our 3.Tier Architecture and start to explore the tiers. 1.1 Data Tier This Tier is responsible for retrieving, storing and updating from Information therefore this tier can be ideally represented through a commercial database. We consider stored procedures as a part of te Data Tier. Usage of stored procedures increases the performance and code transparency of an application 1.2 Logical Tier This is the brain of the 3.Tier Application. Some architects do not make any distinction between Business Tier and Data Access Tier. Their main argumentation is that additional tiers will screw down performance. I think that we will have more advantages, if we separate Logical Tier in to Business Tier and Data Access Tier. Some of these advantages are Increases code transparency Supports changes in Data Layer. You can change or alter database with out touching the Business Layer and this would be a very minimum touch up. 1.2.1 Business Tier This sub tier contents classes to calculate aggregated values such like total revenue, cash flow and ebit and this tier doesnt know about any GUI controls and how to access databases. The classes of Data Access Tier will supply the needy information from the databases to this sub tier. 1.2.2 Data Access Tier: This tier acts as an interface to Data Tier. This tier knows, how to (from which database) retrieve and store information. 1.3 Presentation Tier: This Tier is responsible for communication with the users and web service consumers and it will use objects from Business Layer to response GUI raised events. After this brief theory, I think we should move now to the practical part. Our aim is to develop a work diary for employees, in which they can record daily project activities.

What is Metadata?
Metadata is structured data which describes the characteristics of a resource. It shares many similar characteristics to the cataloguing that takes place in libraries, museums and archives. The term "meta" derives from the Greek word denoting a nature of a higher order or more fundamental kind. A metadata record consists of a number of pre-defined elements representing specific attributes of a resource, and each element can have one or more values. Below is an example of a simple metadata record: Each metadata schema will usually have the following characteristics:

a limited number of elements the name of each element the meaning of each element

Typically, the semantics is descriptive of the contents, location, physical attributes, type (e.g. text or image, map or model) and form (e.g. print copy, electronic file). Key metadata elements supporting access to published documents include the originator of a work, its title, when and where it was published and the subject areas it covers. Where the information is issued in analog form, such as print material, additional metadata is provided to assist in the location of the information, e.g. call numbers used in libraries. The resource community may also define some logical grouping of the elements or leave it to the encoding scheme. For example, Dublin Core may provide the core to which extensions may be added.

Introducing the Application

Domain

.NET introduces the concept of an application domain, or AppDomain. Like a process, the AppDomain is both a container and a boundary. The .NET runtime uses an AppDomain as a container for code and data, just like the operating system uses a process as a container for code and data. As the operating system uses a process to isolate misbehaving code, the .NET runtime uses an AppDomain to isolate code inside of a secure boundary. Note, however, that the application domain is not a secure boundary when the application runs with full trust. Applications running with full trust can execute native code and circumvent all security checks by the .NET runtime. ASP.NET applications run with full trust by default. An AppDomain belongs to only a single process, but single process can hold multiple AppDomains. An AppDomain is relatively cheap to create (compared to a process), and has relatively less overhead to maintain than a process. For these reasons, an AppDomain is a great solution for the ISP who is hosting hundreds of applications. Each application can exist inside an isolated AppDomain, and many of these AppDomains can exist inside of a single process a cost savings.

AppDomains And You

Youve created two ASP.NET applications on the same server, and have not done any special configuration. What is happening? A single ASP.NET worker process will host both of the ASP.NET applications. On Windows XP and Windows 2000 this process is named aspnet_wp.exe, and the process runs under the security context of the local ASPNET account. On Windows 2003 the worker process has the name w3wp.exe and runs under the NETWORK SERVICE account by default. An object lives in one AppDomain. Each ASP.NET application will have its own set of global variables: Cache, Application, and Session objects are not shared. Even though the code for both of the applications resides inside the same process, the unit of isolation is the .NET AppDomain. If there are classes with shared or static members, and those classes exist in both applications, each AppDomain will have its own copy of the static fields the data is not shared. The code and data for each application is safely isolated and inside of a boundary provided by the AppDomain In order to communicate or pass objects between AppDomains, youll need to look at techniques in .NET for communication across boundaries, such as .NET remoting or web services. Note again: the one caveat to the idea of an AppDomain as a boundary is that ASP.NET applications will run with full trust by default. Fully trusted code can execute native code, and native code can essentially have access to anything inside the process. Youll need to run applications with partial trust to restrict access to unmanged code and verify all managed code to secure AppDomains.

Shadow Copies and Restarts

Once an assembly is loaded into an AppDomain, there is no way to remove the assembly from the AppDomain. It is possible, however, to remove an AppDomain from a process. If you copy an updated dll into an applications bin subdirectory, the ASP.NET runtime recognizes there is new code to execute. Since ASP.NET cannot swap the dll into the existing AppDomain , it starts a new AppDomain. The old application domain is drain stopped, that is, existing requests are allowed to finish executing, and once they are all finished the AppDomain can unload. The new AppDomain starts with the new code and begins taking all new requests.

Typically, when a dll loads into a process, the process locks the dll and you cannot overwrite the file on disk. However, AppDomains have a feature known as Shadow Copy that allows assemblies to remain unlocked and replaceable on disk. The runtime initializes ASP.NET with Shadow Copy enabled for the bin directory. The AppDomain will copy any dll it needs from the bin directory to a temporary location before locking and loading the dll into memory. Shadow Copy allows us to overwrite any dll in the bin directory during an update without taking the web application offline. The Secrets of

Strong Naming

If you've been working with .NET for any length of time, you've probably run across the concept of a strong name. No, that doesn't mean that your assemblies should have names like MyCompany.Gorilla.Biceps. The strength of a strong name lies in the protection that it offers your assemblies. The .NET Framework uses strong names to identify assemblies and to protect them from tampering. In this article, I'll show you how strong names are constructed and demonstrate the mechanics of working with strong names in .NET.

Hashes and Signing

To grasp the way that strong names work, you first need to understand a pair of cryptographic concepts: hashing and digital signatures. Hashing is used to create a unique, compact value for a plaintext message. "Message" is a very broad term here; in terms of assemblies, the message is the assembly itself. The message is used as an input to the hash algorithm (in the case of strong naming, the SHA1 algorithm is used). Figure 1 diagrams the process.

Figure 1. How hashing works

Hashing is a one-way street: you can't decrypt the hash value once it has been computed. However, hashing is very useful for comparing values. If two assemblies produce the same hash value, you can assume that the assemblies are the same. Conversely, if hashing an assembly produces a value that doesn't match a previously-calculated hash, you know that something in the assembly has been changed. Knowing the hash value for an assembly lets you check that no one has tampered with the assembly. But how do you prevent someone from tampering with the hash value? That's where digital signing comes in. While the mathematics of digital signatures are complex, the concept is fairly simple. A digital signature depends on a pair of related numbers, the public key and the private key. When data is encrypted with the public key, it can only be decrypted with the private key (and vice versa), as shown in Figure 2.

Figure 2. Using key pairs

Strong Naming for Assembly Identity

The combination of hashing and digital signing allows .NET to protect your assemblies from tampering. Here's how it works. First, a hash value is created from the assembly. Then, the hash value is encrypted with your private key and placed, along with your public key, in the assembly itself. Figure 3 shows this process schematically.

Figure 3. Placing a strong name in an assembly

The CLR validates assemblies at runtime by comparing two sets of hash values. First, the public key is used to decrypt the encoded version of the hash. Second, a new hash is computed from the current contents of the assembly. If the two hashes match, all is well. Figure 4 shows this process. What happens if an assembly has been tampered with after it was signed? In this case, the new hash value calculated at runtime won't match the stored hash value that was encrypted with your private key. Under those circumstances, the CLR will refuse to load the assembly. Note that the strong name guarantees the integrity of the assembly, not necessarily its safety! There's nothing to prevent someone from creating a malicious assembly and signing it with a strong name. You can use a strong name to verify that an assembly came from a particular source, and that it wasn't tampered with after it was signed. It's up to you to decide, based on whatever information you choose, whether to trust code from that source.

What's in a (Strong) Name?

In addition to a hash derived from the assembly's contents, the strong name includes three other pieces of information:

The simple text name of the assembly The version number of the assembly The culture code (if any) of the assembly

All of this information works together to supply a unique identity for each assembly. The CLR uses this information when deciding whether a particular assembly is the one called for by a reference from another assembly. When you set a reference from one assembly to another, the calling assembly stores a representation of the called assembly's public key. At runtime, the CLR can use this to check that the referenced assembly comes from the correct vendor. In addition, the other information in the strong name is used to determine whether a particular assembly fills the binding policy requirements for the reference (see my article "Binding Policy in .NET" for further details).

The Mechanics of Strong Naming

Both the .NET Framework SDK and Visual Studio .NET provide tools for assigning strong names. That makes sense, because using Visual Studio .NET to create assemblies is completely optional. Before you can sign anything, you need to create a key pair (consisting of a public key and a private key). Typically, you'll store your key pair in a file with the extension .snk. To do this, you use the strong name tool, sn.exe:

AJAX
- Ajax (Asynchronous JavaScript and XML) is a method of building interactive applications for the Web that process user requests immediately. Ajax combines several programming tools including JavaScript, dynamic HTML (DHTML), Extensible Markup Language (XML), cascading style sheets (CSS), the Document Object Model (DOM), and the Microsoft object, XMLHttpRequest. Ajax allows content on Web pages to update immediately when a user performs an action, unlike an HTTP request, during which users must wait for a whole new page to load. For example, a weather forecasting site could display local conditions on one side of the page without delay after a user types in a zip code. Google Maps is one well-known application that uses Ajax. The interface allows the user to change views and manipulate the map in real time. Ajax applications do not require installation of a plug-in, but work directly with a Web browser. Because of the technique's reliance on XMLHttpRequest, early applications worked only with Microsoft's Internet Explorer browser, but most other browsers now support Ajax. Applications created with Ajax use an engine that acts as an intermediary between a user's browser and the server from which it is requesting information. Instead of loading a traditional Web page, the user's browser loads the Ajax engine, which displays the page the user sees. The engine continues to run in the background, using JavaScript to communicate with the Web browser. User input or clicking on the page sends a JavaScript call to the Ajax engine, which can respond instantly in many cases. If the engine needs additional data, it requests it from the server, usually using XML, while it is simultaneously updating the page. Ajax is not a proprietary technology or a packaged product. Web developers have been using JavaScript and XML in combination for several years. Jesse James Garrett of the consultancy firm Adaptive Path is credited with coining the name "Ajax" as a shorthand way to refer to the specific technologies involved in a current approach.
Engine

In computer programming, an engine is a program that performs a core or essential function for other programs. An engine can be a central or focal program in an operating system, subsystem, or application program that coordinates the overall operation of other programs. It is also used to describe a special-purpose program containing an algorithm that can sometimes be changed. The best known usage is the term search engine which uses an algorithm to search an index of topics given a search argument. A search engine is designed so that its approach to searching the index can be changed to reflect new rules for finding and prioritizing matches in the index. In artificial intelligence, the program that uses rules of logic to derive output from a knowledge base is called an inference engine. The term connotes a comparison with mechanical engines. In 1844, Charles Babbage named his storedprogram computer the Analytical Engine.
AJAX stands for Asynchronous JavaScript And XML.

What You Should Already Know

Before you continue you should have a basic understanding of the following:

HTML / XHTML JavaScript

If you want to study these subjects first, find the tutorials on our Home page.

AJAX = Asynchronous JavaScript and XML

AJAX is not a new programming language, but a technique for creating better, faster, and more interactive web applications. With AJAX, your JavaScript can communicate directly with the server, using the JavaScript XMLHttpRequest object. With this object, your JavaScript can trade data with a web server, without reloading the page. AJAX uses asynchronous data transfer (HTTP requests) between the browser and the web server, allowing web pages to request small bits of information from the server instead of whole pages. The AJAX technique makes Internet applications smaller, faster and more user-friendly. AJAX is a browser technology independent of web server software.

AJAX is Based on Web Standards

AJAX is based on the following web standards:

JavaScript XML HTML CSS

The web standards used in AJAX are well defined, and supported by all major browsers. AJAX applications are browser and platform independent.

AJAX is About Better Internet Applications

Web applications have many benefits over desktop applications; they can reach a larger audience, they are easier to install and support, and easier to develop. However, Internet applications are not always as "rich" and user-friendly as traditional desktop applications. With AJAX, Internet applications can be made richer and more user-friendly.

AJAX Uses HTTP Requests

In traditional JavaScript coding, if you want to get any information from a database or a file on the server, or send user information to a server, you will have to make an HTML form and GET or POST data to the server. The user will have to click the "Submit" button to send/get the information, wait for the server to respond, then a new page will load with the results. Because the server returns a new page each time the user submits input, traditional web applications can run slowly and tend to be less user-friendly. With AJAX, your JavaScript communicates directly with the server, through the JavaScript XMLHttpRequest object With an HTTP request, a web page can make a request to, and get a response from a web server - without reloading the page. The user will stay on the same page, and he or she will not notice that scripts request pages, or send data to a server in the background.

The XMLHttpRequest Object

By using the XMLHttpRequest object, a web developer can update a page with data from the server after the page has loaded! AJAX was made popular in 2005 by Google (with Google Suggest). Google Suggest is using the XMLHttpRequest object to create a very dynamic web interface: When you start typing in Google's search box, a JavaScript sends the letters off to a server and the server returns a list of suggestions. The XMLHttpRequest object is supported in Internet Explorer 5.0+, Safari 1.2, Mozilla 1.0 / Firefox, Opera 8+, and Netscape 7.

Your First AJAX Application

To understand how AJAX works, we will create a small AJAX application. First, we are going to create a standard HTML form with two text fields: username and time. The username field will be filled in by the user and the time field will be filled in using AJAX. The HTML file will be named "testAjax.htm", and it looks like this (notice that the HTML form below has no submit button!):

<html> <body> <form name="myForm"> Name: <input type="text" name="username" /> Time: <input type="text" name="time" /> </form> </body> </html>
The next chapters will explain the keystones of AJAX.

AJAX - Browser Support

The keystone of AJAX is the XMLHttpRequest object. Different browsers use different methods to create the XMLHttpRequest object. Internet Explorer uses an ActiveXObject, while other browsers uses the built-in JavaScript object called XMLHttpRequest. To create this object, and deal with different browsers, we are going to use a "try and catch" statement. You can read more about the try and catch statement in our JavaScript tutorial. Let's update our "testAjax.htm" file with the JavaScript that creates the XMLHttpRequest object:

<html> <body> <script type="text/javascript"> function ajaxFunction() var xmlHttp; // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest();

catch (e) // Internet Explorer xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); catch (e) try { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { alert("Your browser does not support AJAX!"); return false; }

</script> <form name="myForm"> Name: <input type="text" name="username" /> Time: <input type="text" name="time" /> </form> </body> </html>
Example explained: First create a variable xmlHttp to hold the XMLHttpRequest object. Then try to create the object with XMLHttp=new XMLHttpRequest(). This is for the Firefox, Opera, and Safari browsers. If that fails, try xmlHttp=new ActiveXObject("Msxml2.XMLHTTP") which is for Internet Explorer 6.0+, if that also fails, try xmlHttp=new ActiveXObject("Microsoft.XMLHTTP") which is for Internet Explorer 5.5+ If none of the three methods work, the user has a very outdated browser, and he or she will get an alert stating that the browser doesn't support AJAX. Note: The browser-specific code above is long and quite complex. However, this is the code you can use every time you need to create an XMLHttpRequest object, so you can just copy and paste it whenever you need it. The code above is compatible with all the popular browsers: Internet Explorer, Opera, Firefox, and Safari.

AJAX - Sending a Request to the Server

To send off a request to the server, we use the open() method and the send() method. The open() method takes three arguments. The first argument defines which method to use when sending the request (GET or POST). The second argument specifies the URL of the server-side script. The third argument specifies that the request should be handled asynchronously. The send() method sends the request off to the server. If we assume that the HTML and ASP file are in the same directory, the code would be:

xmlHttp.open("GET","time.asp",true); xmlHttp.send(null);
Now we must decide when the AJAX function should be executed. We will let the function run "behind the scenes" when the user types something in the username text field:

<form name="myForm"> Name: <input type="text" onkeyup="ajaxFunction();" name="username" />

Time: <input type="text" name="time" /> </form>

Our updated AJAX-ready "testAjax.htm" file now looks like this:

<html> <body> <script type="text/javascript"> function ajaxFunction() var xmlHttp; // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); catch (e) // Internet Explorer xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); catch (e) try { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { alert("Your browser does not support AJAX!"); return false; } xmlHttp.onreadystatechange=function() if(xmlHttp.readyState==4) { document.myForm.time.value=xmlHttp.responseText; } xmlHttp.open("GET","time.asp",true); xmlHttp.send(null); </script> <form name="myForm"> Name: <input type="text" onkeyup="ajaxFunction();" name="username" /> Time: <input type="text" name="time" /> </form> </body> </html>

10