Last post Jan 21, 2015 01:09 PM by xequence
Dec 02, 2014 01:57 PM|PlasmaSnakeNeo|LINK
Forgive me if this question has been asked already, I really did not want to ask this if it had already been addressed but I have not been successful in finding it.
Needless to say, I have an existing web application in ASP.NET MVC 5. The client I built it for needs the application to be in a 3-tier architecture so that the View, Business Logic and Model are deployed on separate servers for security reasons. I have
never developed a three-tier architecture and have been led to believe that the use of WCF (windows communication foundation) would aid in this implementation.
As I am not used to using WCF or familiar with the actual implementation of a 3-tier architecture I have come seeking help on how I would go about converting my existing application to meet this requirement. I do understand the concept of how a three-tier
architecture works, so there is no need to elaborate on the topic itself. My concern lies more with best practices for implementing it using my existing entity framework and LINQ queries as well as how to implement WCF for API interactions with the separate
I have found 1 tutorial for MVC 3, but it does not make use of WCF and does not discuss deployment of the application or even seem compatible with MVC 5.
Any links to a good tutorial or book on how to implement this architecture using MVC 5 and WCF would be welcome.
Thanks in advance.
Dec 03, 2014 06:24 AM|jammycakes|LINK
Unfortunately, the best practice for implementing a 3-tier architecture is don't. (Martin Fowler's First Law of Distributed Object Design: don't distribute your objects. You can
read his article here -- it's a must-read for anyone considering a three-tier architecture.) It just over-complicates things while destroying performance and offering very few if any benefits.
I'm sceptical about claims that it offers anything in terms of security -- it does't do anything to mitigate most of the common vulnerabilities on the
OWASP Top Ten list for instance (e.g. SQL injection, cross site request forgery, weak password management, session fixation, cross-site scripting etc), while poor performance makes you more vulnerable
to denial of service attacks.
Since your client has asked for it, however, the best you can do is just make the best of a bad job, though I'd also recommend increasing your quotes to account for the extra work involved. You'll need to pay more attention to reducing the number of requests
made by the individual tiers -- your program might have a very "chatty" interface between your controllers and your business layer, for instance, whereas with a distributed architecture you need to have a "chunky" interface which gets everything you need in
as few requests as possible. Depending on your application this may require significant changes and it may introduce a lot of additional complexity.
Finally, I'd personally recommend using WebAPI rather than WCF for this unless you have specific requirements that WCF can offer (e.g. WS-*). WCF is more powerful and flexible than WebAPI but this power and flexibility comes at a price -- it gives you a
lot of rope with which to hang yourself if you're not careful.
Dec 03, 2014 09:13 PM|PlasmaSnakeNeo|LINK
Thank you for your thoughts on this. I think what you have hit on may be the reason it is hard to find examples of this implementation. As you pointed out, the client has required that the application conform to this architecture, and I'm sure you know
better than I, that the client is always right...
Dec 08, 2014 11:05 AM|jammycakes|LINK
Why not suggest to them an alternative approach? You could put a caching proxy server/load balancer such as HAProxy or nginx in the DMZ and have it access your application servers from there.
This would give them the security benefits that they're looking for but at the same time you would retain all the advantages of having your application logic on a single tier.
Jan 08, 2015 04:58 PM|Harrison.Scott|LINK
Take a look a this,
Should give you some ideas if you still heading down the three tier application.
Jan 21, 2015 01:09 PM|Xequence|LINK
this is my goto example for architecture concerns. http://www.codeproject.com/Articles/474212/Zombie-Explorer-An-n-tier-application-from-top-to
not sure if its the best, but everything is in a single .dll and if I take advantage of azure worker process load balancing, it will scale itself out to local processes