Version

1.0
MIDDLE EAST TECHNICAL UNIVERSTIY

Lütfi ilteris ÖNEY/e1305937

Creating bookstore web service project report

METU /GRADUATE SECOND PROGRAM

Creating Bookstore Web Service

© METU Middle East Technical University 06531 ANKARA/TÜRKIYE

Prepared By: L.ilteris ÖNEY Graduate Student E1305937 Date : 04/06/2004 Submitted To: Dr. Semih ÇETIN

METU

B O O K S T O R E

P R O J E C T

R E P O R T

Table of Contents
DEFINITION OF THE PROBLEM .................................................2 LIST OF REQUIREMENTS..........................................................3 USE – CASE’S OF WHOLESALE BOOK SUPPLIER.........................5 USE – CASE’S OF ONLINE BOOKSTORE .....................................6 WEB CLASS HIERARCHY...........................................................7 ARCHITECTURE OF BOOKSTORE PROJECT .................................8 DATABASE DESIGN ..................................................................9 WEB APPLICATION N-TIER LOGGING & EXCEPTION HANDLING MECHANISM ..........................................................................10 WEB ARCHITECTURE SECURITY..............................................11 CONCLUSION ........................................................................12 ADDENDUM ...........................................................................13

1

METU

B O O K S T O R E

P R O J E C T

R E P O R T

Definition Of The Problem
In the world of software development there lots of improvement in the area of Architectural design and principles. The philosophies and implementation details are changing as the people guiding the development of the application. In this fantastic and yet sometimes complex world of software development there are some tried and true architecture patterns and software development guidelines employed by most architects. Also your design must have an ability to turn towards innovation instead of lending itself to common practices. Web services are one such area where architects must lean on their creative side and hope that their solutions are still successful. In this report we will explain an exciting voyage down the road of Web services application. From requirements to use cases, to database design, to component frameworks, to user interfaces, we will cover each and every aspect of system design required to build an application with collaborative Web services. The reason why we selected online Bookstore web service is everybody walking down the street has some idea about bookstores. It is easy to imagine common processes that exist in Bookstore. Here is the proposed problem definition that appears in a Bookstore (as an example). The example scenario consists of two companies: Ilteris’s Online Books, and Oney’s Wholesale Book Supplier. Oney’s company is merely a wholesale supplier of books. He has no storefront and no direct cusilteriser sales; he simply provides books at wholesale prices to other book suppliers. Ilteris’s company runs an online bookstore that allows internet cusilterisers to purchase books through his shopping cart. Ilteris carries no inventory; instead he accepts cusilteriser orders and passes these orders through to Oney who supplies the books. Because Oney has no storefront his only means of generating revenue is to have other bookstores place orders with him. In recognition of this, Oney has decided to build an ASP.NET application with a Web services layer to allow real-time sales with his vendors. In light of this, Ilteris has decided to increase his productivity and create his own online shopping cart system with ASP.NET and a Web services tie-in to Oney’s application. By making this business collaboration agreement, both hope to increase revenue and productivity1.

1

Ref: Scope Document : This scenario also explained in project scope document

METU

B O O K S T O R E

P R O J E C T

R E P O R T

List of Requirements
R E Q U I R E M E N T S O F W H O L E S A L E B O O K S U P P L I E R

The first client meeting is with Oney. After speaking with Oney about his requirements we establish the following information: • Must be able to accept orders from other vendors, specifically Ilteris Oney is the only wholesale supplier in Turkey. Due to this fact he has a requirement of accepting orders from the vendors. For our demonstration he must has a capability of accepting orders from Ilteris’s online bookstore. • Needs a way to manage his inventory of books Wholesale book supplier also needs a GUI to manage or view his bookstore. • Needs to be able to view and process orders Oney expressed that he needs have some functionality to view and process orders. • Wants his inventory to be secured from unauthorized vendors Being one of the most famous supplier , Oney is searching a mechanism that is accurate and secure. • Wants to provide access to his book inventory to select vendors He wants to add only the vendors that has certificate. On-certified vendors must not able to view his online bookstore.
R E Q U I R E M E N T S O F O N L I N E B O O K S T O R E V E N D O R

The next client meeting is with Ilteris. Ilteris has slightly more involved requirements because of the cusilteriser interaction. We learn the following from Ilteris: • Requires a public area for regular surfers and a secured area for authorized users Online bookstore requires his web site visitors not to access every single unit on their own. Due to fact that these mechanism involves view chart and process order mechanisms. • Needs to be able to track cusilteriser accounts Cusilteriser account must be tracked for bonus prices or promotions for future enhancements. • Must be able to search Oney’s database for books Cusilteriser must search Wholesale suppliers available books from bookstores web site • Needs a cusilteriser login screen Cusilteriser must have a login screen and authentication mechanism.
3

• Wants to let cusilterisers view the orders they’ve placed • Needs to have a way to let Oney’s application notify his system auilterisatically on order completion Wholesale book supplier must confirm the given order. • Wants a user friendly error page Any error happens in the systems must notify the visitor with the proper error page. This mechanism is required for cusilteriser to view the books that he is going to purchase. • Wants to notify cusilterisers by email when their order is completed When order is completed cusilterisers must be notified.METU – B O O K S T O R E P R O J E C T R E P O R T • Needs a shopping cart mechanism to let cusilterisers add/remove books from their cart In every online shopping site has some shopping cart mechanism. • Wants to display to the cusilteriser the number of items in their cart in an area that’s always viewable to the cusilteriser In every single page the cusilteriser must be notified . 4 . • Needs a way to place orders in Oney’s application For new orders that is appeared in Ilteris’s online Bookstore he needs to put them on the system.

Web Service Functions : Search Books service : This is for vendors to search books that are only available Create Order Service: To create order vendor uses this service.METU – B O O K S T O R E P R O J E C T R E P O R T USE – CASE’s of Wholesale Book Supplier F U N C T I O N S E X P L A N A T I O N S View Books Function : Owner of Wholesale book supplier can view the books that is in the stock. Edit Book Function : This function is for editing the books names . So vendor need not to check its availability or have to produce program for stock control Get Orders : This service is for other wholesale suppliers to get orders from any other wholesale book supplier 5 . View Search Orders : To search the confirmed orders owner can checks the availableness. Confirm Orders : This is for the status of confirmation on orders. prices etc.

METU – B O O K S T O R E P R O J E C T R E P O R T USE – CASE’s of Online Bookstore F U N C T I O N S E X P L A N A T I O N S Search Books : With using this function cusilteriser can search books from vendor Add Book to Chart : Cusilteriser can add his/her available and likely to buy books. Remove Book from Cart:: Cusilteriser can change her selection View Shopping Cart: : Cusilteriser can view her Shopping cart Create Order: Cusilteriser can create order Create Cusilteriser: System uses this function to create Cusilterisers Login Cusilteriser: This is a GUI for cusilteriser for login. 6 .

These tiers have some special functionalities.METU – B O O K S T O R E P R O J E C T R E P O R T Web Class Hierarchy As it is in layered approach 2 We have some classes and these classes are in some Tier. 2 Layered Approach : Refer to Architecture of bookstore project on page no:8 Polymorphism : Refer to OO Design principles 3 7 . But what we defined here is polymorphism3. Also as we can see some functions are overwritten while inherited.

8 . These are Presentation Layers . Business Logic layer . As any case in real life situation things can significantly subject to change. To give a clear example less assume that our database is changed from SQL Server to Oracle. When a business situation appears and this business situation requires some modification on the system it only effects the layer that is the change exist. Data Tier Layer and actual Database procedures and Server layer.METU – B O O K S T O R E P R O J E C T R E P O R T Architecture Of Bookstore Project Bookstore Project has n-Tiered Architecture. This layered approach is for only maintainability of the system. In layered approach the programmer only modifies the data Tier layer which is dealing with connection string etc. Especially the data connection strings and data adapters need to be changed. But this change can have some side effects due to time pass. Architecture consist of 4 tiers. If we did not enforce the system as a layered approach any programmer can put the data connection string on the Forms (which is infect in Presentation Layer and must not be changed) and to make this change he must edit the Forms that exist in the system.

We inform the client about his ws_token and client connects to our webservice with a SOAP message involving this security key.METU – B O O K S T O R E P R O J E C T R E P O R T DataBase Design Wholesale Book supplier database is shown in figure. client_Id . Availability . Client table has also a field about ws_token. These are Order table . Book table is for book name. client and Book tables. whom submitted the order and creation date to store date information about order. book price and availability id which is foravailability table. In Order Table we store order status which can be pending or complete . author . 9 . This field is used for security measure. There exist five tables in database. Availability table is for books which can be in stock or in out of stock. Client table stores bookstore vendors whom can access the wholesale book supplier datas or webservices. Order Book . Order book table stores matching of the book and order connection.

10 . and a Web service layer. we can easily identify and trace our exceptions at any point in our application. In our scenario our layering is fairly straightforward. Application layering is an object oriented (OO) design principle known as encapsulation. Below in figure diagrams the exception flow in both of our applications.METU – B O O K S T O R E P R O J E C T R E P O R T Web Application N-Tier Logging & Exception Handling Mechanism One of the most important aspects of proper system design is exception handling. This means we have a database layer. By implementing correct encapsulation between classes and components. Each layer is represented by a tier in our framework. By implementing a cusilteris exception class for each layer. an ASPX layer. your exception handling becomes almost auilterisatic. a business layer. The key to understanding exception flow is application layering.

Below figure depicts the protocol policies for online bookstore's application. 11 . thus preventing the Web service from being accessed in certain ways. we accomplish the following: • Prevent the discovery and prevent the ability to invoke our Web service through any means other than HttpSoap. This allows the developer to be the only distributor of Web service access. By defining properties of this SOAP header class we can set properties that will allow the Web service to determine if the consumer is in fact authorized to access the application. and also remove the ability to generate WSDL documents which would allow unauthorized users to generate Web references and proxy classes for our Web services. which essentially means the consumers must have a valid proxy class prior to the Web service lock-down. When dealing with Web services however. There are two main aspects of application security: authorization/authentication and data transmission. we entirely prevent the invocation of our Web services via Post and Get. The second security measure is the lock-down of specific protocols. HttpGet and Documentation protocols. To secure Oney's Web services implemented a cusilteris SOAP header. which is essentially an inner class definition with some public properties that gets wrapped into the SOAP envelope during a Web method call. our security responsibilities as a developer are quite different. and also prevent data from being captured in transit.METU – B O O K S T O R E P R O J E C T R E P O R T Web Architecture Security Security is probably the biggest technology related buzzword . We want to keep out the people who shouldn't be accessing our system to begin with. By using both security measures in conjunction. By removing the HttpPost.

This is why implementing fully onlinebookstore project requires many function even it is not revelant with our project. So we restrict our proposal to reflect this fact. We only implemented wholesalebook supplier. Even our project proposal involves implementing both bookstore and wholesale supplier. they would not pass the authentication checks because they wouldn't have valid ClientIds or WSTokens which must be present in our cusilteris SOAP header. Class Diagrams . This is the goal of enterprise application design.4 4 Ref: Project Proposal 12 . Nevertheless what we gain from this project are • • • • • Preparing the project scope Preparing requirement involving the scope Preparing a design document with the proper methods.METU – B O O K S T O R E P R O J E C T R E P O R T • If somehow a user managed to discover the Web service they would not be able to generate the WSDL file for the service because the Documentation protocol is removed. Conclusion In this project main aim was only implementing the web services and wholesale owner functions. What the product actually does is through a solid architecture framework. (Use Cases . The most critical point to remember about everything that’s been implemented is that the application is not defined by its functionality. That is the ultimate goal of an engineer. multi tier components implemented in these applications. If somehow an unauthorized user managed to acquire a proxy class or WSDL file by some extraneous means. to create a reusable framework that can be applied to any requirements possibly conceivable. and has no reusable features or framework. We’re also able to expand the application to any size without affecting other components which reduces code volume. block diagrams and architecture) Programming with a design document ready Testing with Use cases Because of the well designed. providing additional features is a fairly easy process. The most common mistake by most developers is to take a set of requirements and design an application that is one dimensional. but rather by the underlying design used to implement the features. But for to show the real situation in this area we will try to also implement the online bookstore part but to confess it is not easy task to accomplish in a short period.

Int Friend Shared PARAM_AVAILABILITY_ID_SIZE As Integer = 4 ' Table field names.Db Imports WSB2BUtil Public Class AvailabilityDb Private Const CLASS_NAME As String = "AvailabilityDb" '#################################################################### ##################################################### ' DB Configuration Properties '#################################################################### ##################################################### Friend Shared WSB2B_GET_AVAILABILITY As String = "WSB2B_GET_AVAILABILITY" Friend Shared PARAM_AVAILABILITY_ID_NAME As String = "@paramAvailabilityId" Friend Shared PARAM_AVAILABILITY_ID_TYPE As SqlDbType = SqlDbType. used for dataset references Public Shared FIELD_AVAILABILITY_ID As String = "AVAILABILITY_ID" Public Shared FIELD_AVAILABILITY_NAME As String = "AVAILABILITY_NAME" Friend Shared AVAILABILITY_TABLE_NAME As String = "AVAILABILITY" '#################################################################### ##################################################### ' Returns the entire availability table '#################################################################### ##################################################### Public Function GetAllAvailability() As DataSet Const METHOD_NAME As String = "GetAllAvailability" Dim DbObj As DbAccess = New DbAccess Try 13 .METU – B O O K S T O R E P R O J E C T R E P O R T Addendum Availability.

WriteLogEntry(ex.NVarChar Friend Shared PARAM_AUTHOR_SIZE As Integer = 50 14 . ex) Finally DbObj.WSB2B_GET_AVAILABILITY.vb Imports WSB2BUtil Public Class BookDb Private Const CLASS_NAME As String = "BookDb" '#################################################################### ##################################################### ' DB Configuration Properties '#################################################################### ##################################################### Friend Shared WSB2B_GET_BOOKS As String = "WSB2B_GET_BOOKS" Friend Shared WSB2B_UPDATE_BOOK As String = "WSB2B_UPDATE_BOOK" Friend Shared WSB2B_GET_BOOKS_DYNAMIC As String = "WSB2B_GET_BOOKS_DYNAMIC" Friend Shared PARAM_BOOK_ID_NAME As String = "@paramBookId" Friend Shared PARAM_BOOK_ID_TYPE As SqlDbType = SqlDbType.Close() DbObj = Nothing End Try End Function End Class BookDb. Nothing.Message. Me.Int Friend Shared PARAM_BOOK_ID_SIZE As Integer = 4 Friend Shared PARAM_AUTHOR_NAME As String = "@paramAuthor" Friend Shared PARAM_AUTHOR_TYPE As SqlDbType = SqlDbType. Me.METU – B O O K S T O R E P R O J E C T R E P O R T Dim ReturnValue As Int32 Return DbObj. METHOD_NAME) Throw New DbTierException(ex.AVAILABILITY_TABLE_NAME) Catch ex As Exception Log.ExecuteDataset(Me.CLASS_NAME.

BookName)) params. used for dataset references FIELD_BOOK_ID As String = "BOOK_ID" FIELD_BOOK_NAME As String = "BOOK_NAME" FIELD_AUTHOR As String = "AUTHOR" FIELD_PRICE As String = "PRICE" BOOK_TABLE_NAME As String = "BOOK" '#################################################################### ##################################################### ' Returns a set of books. Me.METU – B O O K S T O R E P R O J E C T R E P O R T Friend Shared PARAM_BOOK_NAME_NAME As String = "@paramBookName" Friend Shared PARAM_BOOK_NAME_TYPE As SqlDbType = SqlDbType.PARAM_BOOK_NAME_TYPE. BookId)) params.SmallMoney Friend Shared PARAM_PRICE_SIZE As Integer = 4 Friend Shared PARAM_WHERE_CLAUSE_NAME As String = "@paramWhereClause" Friend Shared PARAM_WHERE_CLAUSE_TYPE As SqlDbType = SqlDbType.Add(DbObj. filtered by the criteria parameters '#################################################################### ##################################################### Public Function GetBooks(ByVal BookId As Int32. _ 15 .MakeParam(Me.NVarChar Friend Shared PARAM_WHERE_CLAUSE_SIZE As Integer = 1000 ' Table field Public Shared Public Shared Public Shared Public Shared Friend Shared names. ByVal AuthorName As String.PARAM_BOOK_NAME_SIZE.PARAM_AUTHOR_NAME. AvailabilityDb.PARAM_AUTHOR_SIZE.Add(DbObj.PARAM_BOOK_ID_SIZE.MakeParam(Me. Me. Me.PARAM_AVAILABILITY_ID_NAME. ByVal AvailabilityId As Int32) As DataSet Const METHOD_NAME As String = "GetBooks" Dim DbObj As DbAccess = New DbAccess Try Dim params As Collection = New Collection params.Add(DbObj. Me.MakeParam(Me.NVarChar Friend Shared PARAM_BOOK_NAME_SIZE As Integer = 100 Friend Shared PARAM_PRICE_NAME As String = "@paramPrice" Friend Shared PARAM_PRICE_TYPE As SqlDbType = SqlDbType. Me.PARAM_BOOK_ID_TYPE.PARAM_BOOK_ID_NAME.PARAM_BOOK_NAME_NAME.PARAM_AVAILABILITY_ID_TYPE.MakeParam(AvailabilityDb.PARAM_AUTHOR_TYPE. ByVal BookName As String. AuthorName)) params. Me.Add(DbObj.

PARAM_AUTHOR_NAME. Me. params) Catch ex As Exception Log. ByVal Price As Double. Me. Me.BOOK_TABLE_NAME) Catch ex As Exception Log.Add(DbObj. AvailabilityId)) Return DbObj. Me.PARAM_BOOK_ID_TYPE. ByVal AuthorName As String. Me.MakeParam(Me.MakeParam(Me. AuthorName)) params. BookName)) params.MakeParam(AvailabilityDb.PARAM_BOOK_NAME_NAME.Add(DbObj.WriteLogEntry(ex.PARAM_PRICE_NAME.Add(DbObj.ExecuteProc(Me.PARAM_PRICE_SIZE.Message.PARAM_AVAILABILITY_ID_SIZE. Me. METHOD_NAME) Throw New DbTierException(ex.PARAM_AUTHOR_TYPE. Me.MakeParam(Me. params.PARAM_PRICE_TYPE.PARAM_BOOK_ID_NAME. AvailabilityDb.PARAM_BOOK_NAME_SIZE. Me.WSB2B_GET_BOOKS.PARAM_AVAILABILITY_ID_SIZE.PARAM_BOOK_NAME_TYPE.WriteLogEntry(ex.PARAM_BOOK_ID_SIZE.CLASS_NAME. Me. Me. Price)) params.Close() DbObj = Nothing End Try End Function '#################################################################### ##################################################### ' Updates the BookId specified with the parameter values '#################################################################### ##################################################### Public Sub UpdateBook(ByVal BookId As Int32.ExecuteDataset(Me.WSB2B_UPDATE_BOOK.Add(DbObj.PARAM_AUTHOR_SIZE. BookId)) params.Message. ex) Finally DbObj.CLASS_NAME.PARAM_AVAILABILITY_ID_TYPE. _ AvailabilityDb.MakeParam(Me. ex) Finally 16 .PARAM_AVAILABILITY_ID_NAME. AvailabilityId)) DbObj.METU – B O O K S T O R E P R O J E C T R E P O R T AvailabilityDb. _ ByVal AvailabilityId As Int32) Const METHOD_NAME As String = "UpdateBook" Dim DbObj As DbAccess = New DbAccess Try Dim params As Collection = New Collection params. Me.Add(DbObj. METHOD_NAME) Throw New DbTierException(ex. ByVal BookName As String.

ExecuteDataset(Me. params. METHOD_NAME) Throw New DbTierException(ex.WSB2B_GET_BOOKS_DYNAMIC. Me.Close() DbObj = Nothing End Try End Sub '#################################################################### ##################################################### ' Returns a set of books.Append(Utils. ex) Finally DbObj.Append(" WHERE ").BOOK_TABLE_NAME) Catch ex As Exception Log.CLASS_NAME.Append(Me.ConvertCollectionToCSV(BookIds)).WriteLogEntry(ex. Predicate.StringBuilder Predicate.METU – B O O K S T O R E P R O J E C T R E P O R T DbObj.Message.MakeParam(Me.PARAM_WHERE_CLAUSE_SIZE. Me.Append(" IN(").FIELD_BOOK_ID).PARAM_WHERE_CLAUSE_NAME.Close() DbObj = Nothing End Try End Function End Class 17 .Add(DbObj.Append(")") params.ToString())) Return DbObj.PARAM_WHERE_CLAUSE_TYPE. Me. Me. filtered by the ids in the arraylist '#################################################################### ##################################################### Public Function GetBooksByIds(ByVal BookIds As ArrayList) As DataSet Const METHOD_NAME As String = "GetBooksByIds" Dim DbObj As DbAccess = New DbAccess Try Dim params As Collection = New Collection Dim Predicate As New Text.

METU – B O O K S T O R E P R O J E C T R E P O R T ClientDb.NVarChar Friend Shared PARAM_WS_TOKEN_SIZE As Integer = 100 ' Table field Public Shared Public Shared Public Shared Friend Shared names.NVarChar Friend Shared PARAM_CLIENT_NAME_SIZE As Integer = 50 Friend Shared PARAM_WS_TOKEN_NAME As String = "@paramWsToken" Friend Shared PARAM_WS_TOKEN_TYPE As SqlDbType = SqlDbType.vb Imports WSB2BUtil Public Class ClientDb Private Const CLASS_NAME As String = "ClientDb" '#################################################################### ##################################################### ' DB Configuration Properties '#################################################################### ##################################################### Friend Shared WSB2B_GET_CLIENTS As String = "WSB2B_GET_CLIENTS" Friend Shared PARAM_CLIENT_ID_NAME As String = "@paramClientId" Friend Shared PARAM_CLIENT_ID_TYPE As SqlDbType = SqlDbType.Int Friend Shared PARAM_CLIENT_ID_SIZE As Integer = 4 Friend Shared PARAM_CLIENT_NAME_NAME As String = "@paramClientName" Friend Shared PARAM_CLIENT_NAME_TYPE As SqlDbType = SqlDbType. used for dataset references FIELD_CLIENT_ID As String = "CLIENT_ID" FIELD_CLIENT_NAME As String = "CLIENT_NAME" FIELD_WS_TOKEN As String = "WS_TOKEN" CLIENT_TABLE_NAME As String = "CLIENT" ' Static variable for application object storage/retrieval Public Shared CLIENT_DS_REF As String = "CLIENT_DS" 18 .

METHOD_NAME) Throw New DbTierException(ex.Data. Public NotInheritable Class DbAccess Implements IDisposable Private conn As SqlConnection '#################################################################### ##################################################### ' FRIEND METHODS 19 .CLIENT_TABLE_NAME) Catch ex As Exception Log.WSB2B_GET_CLIENTS. scalable best practices for ' common uses of SqlClient.SqlClient Imports System.vb Imports System. ex) Finally DbObj.WriteLogEntry(ex.Close() DbObj = Nothing End Try End Function End Class DbAccess.Message. Nothing.CLASS_NAME. Me.METU – B O O K S T O R E P R O J E C T R E P O R T '#################################################################### ##################################################### ' Returns the entire client table '#################################################################### ##################################################### Public Function GetAllClients() As DataSet Const METHOD_NAME As String = "GetAllClients" Dim DbObj As DbAccess = New DbAccess Try Dim ReturnValue As Int32 Return DbObj.ConfigurationSettings ' The SqlHelper class is intended to encapsulate high performance.Xml Imports System.Configuration.ExecuteDataset(Me. Me.

TableName) 'detach the SqlParameters from the command object. "GetOrders". CType(Nothing.METU – B O O K S T O R E P R O J E C T R E P O R T '#################################################################### ##################################################### ' Execute a SqlCommand (that returns a resultset) against the specified SqlConnection ' using the provided parameters. SqlTransaction). ByVal TableName As String) As DataSet 'create a command and prepare it for execution Dim cmd As New SqlCommand Dim ds As New DataSet Dim da As SqlDataAdapter PrepareCommand(cmd.StoredProcedure. new SqlParameter("@prodid".Parameters. CommandType. ByVal commandParameters As Collection. commandText.a collection of SqlParamters used to execute the command ' Returns: a dataset containing the resultset generated by the command Friend Overloads Function ExecuteDataset(ByVal commandText As String.StoredProcedure. etc.: ' Dim ds as Dataset = ExecuteDataset(CommandType.Clear() 'return the dataset Return ds End Function 'ExecuteDataset 20 . so they can be used again cmd.the stored procedure name or T-SQL command ' -commandParameters . ' e. da.Fill(ds. commandParameters) 'create the DataAdapter & DataSet da = New SqlDataAdapter(cmd) 'fill the DataSet using default values for DataTable names.g. 24)) ' Parameters: ' -commandText .

the name of the stored procedure ' -params . ByVal Size As Int32.ToString(). CType(Nothing.Length > 0) Then param.Value = Value End If Else If (Not Value Is Nothing AndAlso Value.Value = Value End If ElseIf TypeOf Value Is Int32 Then If CType(Value. Used for create/update/delete functions.Direction = ParameterDirection.Value = Value End If End If Return param End Function 21 . DbType) End If param. DbType. ' Parameters: ' -procName . ByVal Value As Object) As SqlParameter Dim param As SqlParameter If Size > 0 Then param = New SqlParameter(ParamName. CommandType.ToDateTime(Value). procName. Size) Else param = New SqlParameter(ParamName. Int32) <> 0 Then param. params) cmd.StoredProcedure.METU – B O O K S T O R E P R O J E C T R E P O R T ' Execute a SqlCommand that has no return values.Close() End Sub ' Creates an Sql parameter object Friend Function MakeParam(ByVal ParamName As String. ByVal params As Collection) Dim cmd As New SqlCommand PrepareCommand(cmd. SqlTransaction).ExecuteNonQuery() Me.Input If TypeOf Value Is DateTime Then If (Not Value Is Nothing AndAlso Convert.Year <> 1) Then param. ByVal DbType As SqlDbType.a collection of SqlParamters used to execute the command Friend Sub ExecuteProc(ByVal procName As String.

ByVal commandParameters As Collection) Dim p As SqlParameter For Each p In commandParameters 'check for derived output value with no value assigned If p.an array of SqlParameters to be associated with the command or 'null' if no parameters are required Private Sub PrepareCommand(ByVal command As SqlCommand.the SqlCommand to be prepared ' -transaction .Parameters. _ ByVal commandType As CommandType.a valid SqlTransaction. _ 22 . command type and parameters ' to the provided command.Value Is Nothing Then p.) ' -commandText .an array of SqlParameters tho be added to command Private Sub AttachParameters(ByVal command As SqlCommand. or 'null' ' -commandType . ' Parameters: ' -command .The command to which the parameters will be added ' -commandParameters . ' Parameters: ' -command . ' This behavior will prevent default values from being used. transaction.the CommandType (stored procedure.METU – B O O K S T O R E P R O J E C T R E P O R T '#################################################################### ##################################################### ' PRIVATE METHODS '#################################################################### ##################################################### ' This method is used to attach array of SqlParameters to a SqlCommand. _ ByVal transaction As SqlTransaction. but ' this will be the less common case than an intended pure output parameter (derived as InputOutput) ' where the user provided no input value.the stored procedure name or T-SQL command ' -commandParameters .Value = Nothing End If command. _ ByVal commandText As String. etc.Direction = ParameterDirection.Add(p) Next p End Sub 'AttachParameters ' This method opens (if necessary) and assigns a connection.InputOutput And p. text. ' This method will assign a value of DbNull to any parameter with a direction of ' InputOutput and a value of null.

Close() conn.Open() 'associate the connection with the command command.CommandText = commandText 'if we were provided a transaction.Open() End If End Sub Friend Sub Close() ' Close the connection and cleanup the class with the Dispose() method Me.Transaction = transaction End If 'set the command type command. If Not (transaction Is Nothing) Then command.METU – B O O K S T O R E P R O J E C T R E P O R T ByVal commandParameters As Collection) 'if the provided connection is not open.Dispose() End Sub Public Sub Dispose() Implements IDisposable. assign it. commandParameters) End If Return End Sub 'PrepareCommand Private Sub Open() ' Open the connection If conn Is Nothing Then conn = New SqlConnection(AppSettings("DatabaseConnString")) conn.Dispose() 23 .CommandType = commandType 'attach the command parameters if they are provided If Not (commandParameters Is Nothing) Then AttachParameters(command.Dispose If Not conn Is Nothing Then conn. we will open it Me.Connection = conn 'set the command text (stored procedure name or SQL statement) command.

used for dataset references FIELD_ORDER_ID As String = "ORDER_ID" FIELD_ORDER_STATUS As String = "ORDER_STATUS" FIELD_CREATION_DATE As String = "CREATION_DATE" ORDER_TABLE_NAME As String = "ORDER" 24 .Db Imports WSB2BUtil Public Class OrderDb Private Const CLASS_NAME As String = "OrderDb" '#################################################################### ##################################################### ' DB Configuration Properties '#################################################################### ##################################################### Friend Shared WSB2B_GET_ORDERS As String = "WSB2B_GET_ORDERS" Friend Shared WSB2B_CREATE_ORDER As String = "WSB2B_CREATE_ORDER" Friend Shared WSB2B_CREATE_ORDER_BOOK_REL As String = "WSB2B_CREATE_ORDER_BOOK_REL" Friend Shared WSB2B_CONFIRM_ORDER As String = "WSB2B_CONFIRM_ORDER" Friend Shared PARAM_ORDER_ID_NAME As String = "@paramOrderId" Friend Shared PARAM_ORDER_ID_TYPE As SqlDbType = SqlDbType.NVarChar Friend Shared PARAM_ORDER_STATUS_SIZE As Integer = 20 ' Table field Public Shared Public Shared Public Shared Friend Shared names.SuppressFinalize(Me) End Sub End Class Order.METU – B O O K S T O R E P R O J E C T R E P O R T conn = Nothing End If GC.Int Friend Shared PARAM_ORDER_ID_SIZE As Integer = 4 Friend Shared PARAM_ORDER_STATUS_NAME As String = "@paramOrderStatus" Friend Shared PARAM_ORDER_STATUS_TYPE As SqlDbType = SqlDbType.

Me.METU – B O O K S T O R E P R O J E C T R E P O R T '#################################################################### ##################################################### ' Possible order statuses. Me.PARAM_ORDER_STATUS_TYPE. ByVal OrderStatus As String.PARAM_CLIENT_ID_NAME. Me.PARAM_ORDER_ID_SIZE.CLASS_NAME. Me.Add(DbObj. ByVal ClientId As Int32) As DataSet Const METHOD_NAME As String = "GetOrders" Dim DbObj As DbAccess = New DbAccess Try Dim params As Collection = New Collection params. params.PARAM_CLIENT_ID_SIZE. ClientId)) Return DbObj.WriteLogEntry(ex.Add(DbObj. METHOD_NAME) Throw New DbTierException(ex. defined as static constants '#################################################################### ##################################################### Public Shared ORDER_STATUS_PENDING As String = "Pending" Public Shared ORDER_STATUS_COMPLETE As String = "Complete" '#################################################################### ##################################################### ' Searches the orders table with the parameters specified '#################################################################### ##################################################### Public Function GetOrders(ByVal OrderId As Int32.Add(DbObj.WSB2B_GET_ORDERS.PARAM_ORDER_STATUS_NAME.Close() DbObj = Nothing End Try End Function '#################################################################### ##################################################### 25 .PARAM_CLIENT_ID_TYPE.PARAM_ORDER_STATUS_SIZE. Me. Me. OrderId)) params.MakeParam(Me. OrderStatus)) params.ORDER_TABLE_NAME) Catch ex As Exception Log. ClientDb.MakeParam(Me.MakeParam(ClientDb. ClientDb.PARAM_ORDER_ID_NAME.ExecuteDataset(Me.PARAM_ORDER_ID_TYPE.Message. ex) Finally DbObj.

ClientDb.PARAM_CLIENT_ID_SIZE.PARAM_BOOK_ID_NAME.MakeParam(ClientDb.PARAM_ORDER_ID_NAME. Me. Me. ByVal BookIds As ArrayList.Add(DbObj. Me.PARAM_ORDER_ID_TYPE. ByVal ClientId As Int32) Const METHOD_NAME As String = "CreateOrder" Dim DbObj As DbAccess = New DbAccess Try Dim params As Collection = New Collection params.PARAM_ORDER_ID_SIZE.Add(DbObj.PARAM_ORDER_ID_NAME. Me.MakeParam(Me.PARAM_BOOK_ID_SIZE.WriteLogEntry(ex. OrderId)) params.PARAM_CLIENT_ID_TYPE. ClientDb.CLASS_NAME. and each book in the order Dim BookId As Int32 For Each BookId In BookIds params = New Collection params. Me.WSB2B_CREATE_ORDER.Close() DbObj = Nothing End Try End Sub '#################################################################### ##################################################### ' Confirms a pending order by updating its status to Complete 26 .PARAM_CLIENT_ID_NAME. BookDb.ExecuteProc(Me.ORDER_STATUS_PENDING)) params.PARAM_ORDER_STATUS_SIZE. params) Next Catch ex As Exception Log.METU – B O O K S T O R E P R O J E C T R E P O R T ' Creates a new pending order '#################################################################### ##################################################### Public Sub CreateOrder(ByVal OrderId As Int32.PARAM_ORDER_ID_TYPE.PARAM_ORDER_STATUS_NAME. ClientId)) ' Create the main order entry DbObj.PARAM_ORDER_ID_SIZE. params) ' Now create an association relationship between the order.WSB2B_CREATE_ORDER_BOOK_REL.Add(DbObj.MakeParam(Me.MakeParam(BookDb. METHOD_NAME) Throw New DbTierException(ex.PARAM_BOOK_ID_TYPE.PARAM_ORDER_STATUS_TYPE.MakeParam(Me. OrderId)) params. BookDb.Add(DbObj. ex) Finally DbObj.ExecuteProc(Me.Add(DbObj. Me. Me.Message. BookId)) DbObj. Me.

PARAM_ORDER_ID_SIZE.Close() DbObj = Nothing End Try End Sub End Class DbTierException.PARAM_ORDER_STATUS_NAME.PARAM_ORDER_STATUS_TYPE.MakeParam(Me.New(message. Me.ORDER_STATUS_COMPLETE)) DbObj. METHOD_NAME) Throw New DbTierException(ex.ApplicationException Public Sub New(ByVal message As String) MyBase.WSB2B_CONFIRM_ORDER.Add(DbObj.New(message) End Sub Public Sub New(ByVal message As String. innerException) End Sub End Class 27 . Me. ex) Finally DbObj. Me.Message.CLASS_NAME.METU – B O O K S T O R E P R O J E C T R E P O R T '#################################################################### ##################################################### Public Sub ConfirmOrder(ByVal OrderId As Int32) Const METHOD_NAME As String = "ConfirmOrder" Dim DbObj As DbAccess = New DbAccess Try Dim params As Collection = New Collection params. Me.MakeParam(Me.PARAM_ORDER_STATUS_SIZE.PARAM_ORDER_ID_TYPE. params) Catch ex As Exception Log. ByVal innerException As Exception) MyBase.Add(DbObj.WriteLogEntry(ex.vb Public Class DbTierException Inherits System. OrderId)) params.PARAM_ORDER_ID_NAME. Me.ExecuteProc(Me. Me.

Web.Container End Sub Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean) 'CODEGEN: This procedure is required by the Web Services Designer 'Do not modify it using the code editor.Security System.Services.Web.WebService #Region " Web Services Designer Generated Code " Public Sub New() MyBase.New() 'This call is required by the Web Services Designer. If disposing Then If Not (components Is Nothing) Then components.METU – B O O K S T O R E P R O J E C T R E P O R T BookWS.IContainer 'NOTE: The following procedure is required by the Web Services Designer 'It can be modified using the Web Services Designer. 'Do not modify it using the code editor. InitializeComponent() 'Add your own initialization code after the InitializeComponent() call End Sub 'Required by the Web Services Designer Private components As System.Diagnostics.asmx Imports Imports Imports Imports Imports Imports System.Services System.ComponentModel.DebuggerStepThrough()> Private Sub InitializeComponent() components = New System.Web.Dispose() 28 .Web.Protocols BizTier DbTier WSB2BUtil ' Class defining the SOAP Header security context for this Web Service Public Class BookSecurityContext Inherits SoapHeader Public ClientId As Int32 Public WSToken As String End Class <WebService(Namespace:="http://tempuri.org/")> _ Public Class BookWS Inherits System. <System.Services.ComponentModel.

the method searches the books in the Db based on the parameters '==================================================================== ============================================================ <WebMethod().CLASS_NAME. the method returns a dataset of all the books in the array list 29 . SoapHeader("BookSecurityCtx")> _ Public Function SearchBooks(ByVal BookId As Int32.Message. BookName. AvailabilityId) Catch BizEx As BizTierException 'Exception has already been logged. just throw it to the consumer Throw BizEx Catch DbEx As DbTierException 'Exception has already been logged.WriteLogEntry(ex. just throw it to the consumer Throw DbEx Catch ex As Exception Log. ByVal BookName As String.SecurityException("Unauthorized access") Dim BookObj As New BookServices Return BookObj.METU – B O O K S T O R E P R O J E C T R E P O R T End If End If MyBase.Authenticate(BookSecurityCtx) = False Then Throw New System. METHOD_NAME) Throw New WSException(ex.GetBooks(BookId. ByVal AuthorName As String.Security. Me. AuthorName. ex) End Try End Function '==================================================================== ============================================================ ' This method uses the SOAP Header parameters to determine the web service consumer ' If authenticated. ByVal AvailabilityId As Int32) As DataSet Const METHOD_NAME As String = "SearchBooks" Try If WebUtil.Dispose(disposing) End Sub #End Region Public BookSecurityCtx As BookSecurityContext Private Const CLASS_NAME As String = "BookWS" Private WebUtil As New WSUtil '==================================================================== ============================================================ ' This method uses the SOAP Header parameters to determine the web service consumer ' If authenticated.

CLASS_NAME.GetBooksByIds(BookIds) Catch BizEx As BizTierException 'Exception has already been logged. Me.WriteLogEntry(ex.Authenticate(BookSecurityCtx) = False Then Throw New System. SoapHeader("BookSecurityCtx")> _ Public Function GetBooksByIds(ByVal BookIds As ArrayList) As DataSet Const METHOD_NAME As String = "GetBooksByIds" Try If WebUtil. just throw it to the consumer Throw BizEx Catch DbEx As DbTierException 'Exception has already been logged. the method returns all of the possible availabilities '==================================================================== ============================================================ <WebMethod(). METHOD_NAME) 30 .Message.GetAllAvailability() Catch BizEx As BizTierException 'Exception has already been logged. ex) End Try End Function '==================================================================== ============================================================ ' This method uses the SOAP Header parameters to determine the web service consumer ' If authenticated.SecurityException("Unauthorized access") Dim AvailObj As New AvailabilityServices Return AvailObj. SoapHeader("BookSecurityCtx")> _ Public Function GetAvailabilityDs() As DataSet Const METHOD_NAME As String = "GetAvailabilityDs" Try If WebUtil.SecurityException("Unauthorized access") Dim BookObj As New BookServices Return BookObj. just throw it to the consumer Throw DbEx Catch ex As Exception Log. just throw it to the consumer Throw BizEx Catch DbEx As DbTierException 'Exception has already been logged.Authenticate(BookSecurityCtx) = False Then Throw New System.METU – B O O K S T O R E P R O J E C T R E P O R T '==================================================================== ============================================================ <WebMethod().Security. just throw it to the consumer Throw DbEx Catch ex As Exception Log.WriteLogEntry(ex. Me. METHOD_NAME) Throw New WSException(ex.CLASS_NAME.Security.

Web.Security System.Web.UpdateBook(BookId.Services System.Protocols BizTier DbTier WSB2BUtil ' Class defining the SOAP Header security context for this Web Service Public Class OrderSecurityContext Inherits SoapHeader Public ClientId As Int32 Public WSToken As String End Class <WebService(Namespace:="http://tempuri.Services. ByVal Price As Double.Message. ByVal BookName As String. AvailabilityId) Return "12" End Function End Class OrderWS.Web. AuthorName.WebService #Region " Web Services Designer Generated Code " Public Sub New() MyBase.Web. SoapHeader("BookSecurityCtx")> _ Public Function GetAnani(ByVal BookId As String. InitializeComponent() 31 . Price.METU – B O O K S T O R E P R O J E C T R E P O R T Throw New WSException(ex. BookName.Services.asmx Imports Imports Imports Imports Imports Imports System. ByVal AuthorName As String.org/")> _ Public Class OrderWS Inherits System. ex) End Try End Function <WebMethod().New() 'This call is required by the Web Services Designer. ByVal AvailabilityId As Double) As String Const METHOD_NAME As String = "GetAnani" Dim BizObj As New BookServices BizObj.

ComponentModel. <System.Container End Sub Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean) 'CODEGEN: This procedure is required by the Web Services Designer 'Do not modify it using the code editor.Diagnostics.Dispose(disposing) End Sub #End Region Public OrderSecurityCtx As OrderSecurityContext Private Const CLASS_NAME As String = "OrderWS" Private WebUtil As New WSUtil '==================================================================== ============================================================ ' This method uses the SOAP Header parameters to determine the web service consumer ' If authenticated.DebuggerStepThrough()> Private Sub InitializeComponent() components = New System.ClientId) 32 . ByVal BookIds As ArrayList) As Boolean Const METHOD_NAME As String = "CreateOrder" Try If WebUtil. 'Do not modify it using the code editor.IContainer 'NOTE: The following procedure is required by the Web Services Designer 'It can be modified using the Web Services Designer. OrderSecurityCtx. If disposing Then If Not (components Is Nothing) Then components. the method creates a new cusilteriser order '==================================================================== ============================================================ <WebMethod().METU – B O O K S T O R E P R O J E C T R E P O R T 'Add your own initialization code after the InitializeComponent() call End Sub 'Required by the Web Services Designer Private components As System.SecurityException("Unauthorized access") Dim OrderObj As New OrderServices OrderObj.ComponentModel.Security.Authenticate(OrderSecurityCtx) = False Then Throw New System. SoapHeader("OrderSecurityCtx")> _ Public Function CreateOrder(ByVal OrderId As Int32.CreateOrder(OrderId. BookIds.Dispose() End If End If MyBase.

ClientId) Catch BizEx As BizTierException 'Exception has already been logged. ex) End Try End Function '==================================================================== ============================================================ ' This method uses the SOAP Header parameters to determine the web service consumer ' If authenticated. just throw it to the consumer Throw BizEx Catch DbEx As DbTierException 'Exception has already been logged.METU – B O O K S T O R E P R O J E C T R E P O R T Return True Catch BizEx As BizTierException 'Exception has already been logged. just throw it to the consumer Throw DbEx Catch ex As Exception Log.CLASS_NAME. ByVal OrderStatus As String.Message.CLASS_NAME. just throw it to the consumer Throw BizEx Catch DbEx As DbTierException 'Exception has already been logged.SecurityException("Unauthorized access") Dim OrderObj As New OrderServices Return OrderObj.WriteLogEntry(ex. SoapHeader("OrderSecurityCtx")> _ Public Function GetOrders(ByVal OrderId As Int32. ex) End Try End Function End Class 33 . OrderStatus. METHOD_NAME) Throw New WSException(ex.WriteLogEntry(ex. ByVal ClientId As Int32) As DataSet Const METHOD_NAME As String = "CreateOrder" Try If WebUtil.Authenticate(OrderSecurityCtx) = False Then Throw New System.Message.Security. METHOD_NAME) Throw New WSException(ex. just throw it to the consumer Throw DbEx Catch ex As Exception Log.GetOrders(OrderId. Me. the method searches orders based on the parameter criteria '==================================================================== ============================================================ <WebMethod(). Me.

WebControls.Web. ByVal e As System.Label #Region " Web Form Designer Generated Code " 'This call is required by the Web Form Designer.UI.Button Protected WithEvents txtPrice As System.Web.Web.Diagnostics.Label Protected WithEvents Label4 As System.UI.WebControls.RequiredFieldValidator Protected WithEvents RequiredFieldValidator1 As System.Label Protected WithEvents btnUpdate As System.WebControls.aspx.UI.Web.WebControls.Web.UI.UI.Web.Web.IsPostBack Then ' Get a reference to the viewbooks page which invokes this webform 34 .EventArgs) Handles MyBase.DebuggerStepThrough()> Private Sub InitializeComponent() End Sub Private Sub Page_Init(ByVal sender As System.Page Protected WithEvents Label2 As System.Load 'Put user code to initialize the page here ' Ensure the msg label is invisible on load Me.Web.TextBox Protected WithEvents txtBookName As System.Button Protected WithEvents rfvBookName As System.TextBox Protected WithEvents txtAuthor As System.Label Protected WithEvents Label5 As System.WebControls.Web.UI.WebControls.Web.UI.UI.Web.WebControls.UI.UI.Web.UI. ByVal e As System.WebControls.TextBox Protected WithEvents cboAvailability As System.Label Protected WithEvents Label1 As System.UI.WebControls.WebControls.Web.Visible = False If Not Page.WebControls.Web.WebControls.WebControls. InitializeComponent() End Sub #End Region Private Sub Page_Load(ByVal sender As System.lblMsg.Web.Object.UI.EventArgs) Handles MyBase.Label Protected WithEvents Label3 As System. <System.RequiredFieldValidator Protected WithEvents lblMsg As System.UI.METU – B O O K S T O R E P R O J E C T R E P O R T Editbook.UI.Init 'CODEGEN: This method call is required by the Web Form Designer 'Do not modify it using the code editor.DropDownList Protected WithEvents btnCancel As System.vb Imports DbTier Imports BizTier Public Class EditBook Inherits System.WebControls.Object.

txtBookName.GetBooks(Convert.BookId ' Instantiate our business tier objects required Dim BookObj As New BookServices Dim AvailObj As New AvailabilityServices ' Retrieve the Book being edited Dim BookDs As DataSet = BookObj.FIELD_AVAILABILITY_ID Me.METU – B O O K S T O R E P R O J E C T R E P O R T Dim ViewBookRef As ViewBooks = CType(Context.FIELD_AUTHOR) Me.DataSource = AvailDs.Item(BookDb.Handler.Item(BookDb.Tables(0) Me.Text = . Nothing.Items.txtAuthor.ToInt32(BookId). Nothing) ' Populate our form with the book info If Not BookDs Is Nothing Then With BookDs.cboAvailability.Object.Tables(0).FindByValue(.FIELD_BOOK_NAME) Me.Selected = True ' Add the BookId to the viewstate so we can retrieve it on the next postback Me.cboAvailability.VIEW_BOOKS) End Sub '#################################################################### ##################################################### ' Updates the book information to the database 35 .Click Server.FIELD_BOOK_ID.Text = .FIELD_AVAILABILITY_NAME Me.FIELD_AVAIL ABILITY_ID)).GetAllAvailability() Me.Rows(0) Me.txtPrice.cboAvailability.Add(BookDb.DataBind() ' Once the form is databound we can select the availability Id of the book in the dropdown Me.Item(BookDb. ViewBooks) ' Grab the BookId from the form Dim BookId As String = ViewBookRef.ViewState.EventArgs) Handles btnCancel.FIELD_PRICE) ' Populate the availability drop down Dim AvailDs As DataSet = AvailObj.cboAvailability.Transfer(WebPageNames. Nothing. ByVal e As System.Item(AvailabilityDb. BookId) End With End If End If End Sub Private Sub btnCancel_Click(ByVal sender As System.DataTextField = AvailabilityDb.DataValueField = AvailabilityDb.Text = .

txtPrice.EventArgs) Handles btnUpdate.0 Transitional//EN"> <HTML> <HEAD> <title>EditBook</title> 7.Visible = True Me.Visible = True Me.0"> <meta name="CODE_LANGUAGE" content="Visual Basic 7.Text = "The book was updated successfully" Catch ex As Exception Me. Me.METU – B O O K S T O R E P R O J E C T R E P O R T '#################################################################### ##################################################### Private Sub btnUpdate_Click(ByVal sender As System.Text.cboAvailability.EditBook"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4. ByVal e As System.Click ' Our validation controls have already ensured the correct fields are populated Try Dim BizObj As New BookServices BizObj. Me.Item(BookDb.vb" Inherits="WSB2BOney.Text = "There was an error updating the book" End Try End Sub End Class EditBook.Object.txtBookName.0"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.lblMsg.ViewState. Me.SelectedItem.com/intellisense/ie5"> <link rel="stylesheet" href="Styles.Text.ascx" %> <%@ Page Language="vb" AutoEventWireup="false" Codebehind="EditBook. _ Me.Text.UpdateBook(Me.lblMsg.css"> 36 <meta name="GENERATOR" content="Microsoft Visual Studio.aspx <%@ Register TagPrefix="uc1" TagName="NavBar" Src="NavBar.txtAuthor.NET .Value) Me.lblMsg.lblMsg.FIELD_BOOK_ID).aspx.microsoft.

HEIGHT: 208px" ms_positioning="GridLayout"> <asp:Button id="btnUpdate" style="Z-INDEX: 100. POSITION: absolute. POSITION: absolute. LEFT: 24px. TOP: 168px" tabIndex="6"></asp:Button> <asp:RequiredFieldValidator id="rfvBookName" style="ZINDEX: 102. POSITION: absolute. TOP: 80px" runat="server" Book</asp:Label> <DIV class="FORM_CONTAINER" style="Z-INDEX: 101. WIDTH: 492px. LEFT: 24px. LEFT: 96px. LEFT: 12px. TOP: 192px" runat="server" 37 . LEFT: 56px. TOP: 100px" runat="server" ErrorMessage="Price is required" ControlToValidate="txtPrice"></asp:RequiredFieldValidator> <asp:Label id="lblMsg" style="Z-INDEX: 111. POSITION: absolute. POSITION: absolute. LEFT: 340px. LEFT: 16px. POSITION: absolute. POSITION: absolute. TOP: 48px" runat="server" ErrorMessage="Book name is required" ControlToValidate="txtBookName"></asp:RequiredFieldValidator> <asp:RequiredFieldValidator id="RequiredFieldValidator1" style="Z-INDEX: 103. POSITION: absolute. TOP: 72px. LEFT: 416px. TOP: 172px" runat="server" Height="16px" Width="309px" Visible="False"></asp:Label></DIV> CssClass="ASP_TEXT" runat="server" CssClass="BUTTON" Text="Back" runat="server" CssClass="BUTTON" Text="Save" Width="456px" CssClass="TITLE" Height="28px">Edit <asp:TextBox id="txtPrice" style="Z-INDEX: 109. TOP: 168px" tabIndex="5"></asp:Button> <asp:Button CausesValidation="False" id="btnCancel" style="Z-INDEX: 101.METU – B O O K S T O R E P R O J E C T R E P O R T </HEAD> <body MS_POSITIONING="GridLayout"> <form id="Form1" method="post" runat="server"> <P><uc1:NavBar runat="server"></uc1:NavBar></P> id="NavBar1" <asp:Label id="Label1" style="Z-INDEX: 102.

LEFT: 268px. LEFT: 24px. POSITION: absolute.aspx 38 . LEFT: 24px. POSITION: absolute. LEFT: 24px. POSITION: absolute. TOP: 172px" runat="server" CssClass="ASP_LABEL">Availability</asp:Label> <asp:Label id="Label4" style="Z-INDEX: 105. LEFT: 268px. TOP: 120px" runat="server" CssClass="ASP_LABEL">Book Name</asp:Label> <asp:TextBox id="txtBookName" style="Z-INDEX: 107. TOP: 172px" runat="server" CssClass="ASP_LABEL">Price</asp:Label> <asp:Label id="Label3" style="Z-INDEX: 104.METU – B O O K S T O R E P R O J E C T R E P O R T Width="132px" tabIndex="2"></asp:TextBox> CssClass="ASP_TEXT" <asp:TextBox id="txtAuthor" style="Z-INDEX: 108. TOP: 140px" runat="server" Width="216px" CssClass="ASP_TEXT" MaxLength="100" tabIndex="1"></asp:TextBox> <asp:DropDownList id="cboAvailability" style="Z-INDEX: 110. LEFT: 268px. TOP: 120px" runat="server" CssClass="ASP_LABEL">Author</asp:Label> <asp:Label id="Label2" style="Z-INDEX: 103. POSITION: absolute. POSITION: absolute. TOP: 192px" runat="server" Width="216px" CssClass="ASP_TEXT" tabIndex="4"></asp:DropDownList> </form> </body> </HTML> Homepage. POSITION: absolute. POSITION: absolute. TOP: 140px" runat="server" Width="216px" CssClass="ASP_TEXT" MaxLength="50" tabIndex="3"></asp:TextBox> <asp:Label id="Label5" style="Z-INDEX: 106. LEFT: 268px.

0"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas. POSITION: absolute. LEFT: 20px. POSITION: absolute. LEFT: 32px. TOP: 244px" runat="server" Width="748px"></asp:Label><uc1:NavBar runat="server"></uc1:NavBar> id="NavBar1" CssClass="ASP_TEXT_BLUE_BOLD">Number <meta name="GENERATOR" content="Microsoft Visual Studio. TOP: 116px" runat="server" CssClass="ASP_LABEL" Welcome to Wholesale Bookstore Administration</asp:Label> 39 Width="924px"> .aspx.ascx" %> <%@ Page Language="vb" AutoEventWireup="false" Codebehind="HomePage.com/intellisense/ie5"> <link rel="stylesheet" href="Styles.vb" Inherits="WSB2BOney.0"> <meta name="CODE_LANGUAGE" content="Visual Basic 7. TOP: 224px" runat="server" of Pending orders</asp:Label> <asp:Label id="lblOrders" style="Z-INDEX: 103.METU – B O O K S T O R E P R O J E C T R E P O R T <%@ Register TagPrefix="uc1" TagName="NavBar" Src="NavBar.microsoft.css"> </HEAD> <body MS_POSITIONING="GridLayout"> <form id="Form1" method="post" runat="server"> <P> <asp:Label id="Label3" style="Z-INDEX: 105. LEFT: 32px.HomePage"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4. POSITION: absolute.0 Transitional//EN"> <HTML> <HEAD> <title>HomePage</title> 7.NET <asp:Label id="lblTitle" style="Z-INDEX: 101.

aspx.vb Imports DbTier Imports BizTier Public Class HomePage Inherits System.Diagnostics. TOP: 152px.Object.Web.Load 'Put user code to initialize the page here CssClass="ASP_TEXT_BLUE_BOLD">Today's 40 .WebControls.Web. WIDTH: 920px.WebControls.Object.Page Protected WithEvents lblDate As System.UI. TOP: 164px" runat="server" Date</asp:Label></P> <DIV class="FORM_CONTAINER" style="LEFT: 16px. InitializeComponent() End Sub #End Region Private Sub Page_Load(ByVal sender As System.Label Protected WithEvents Label1 As System. POSITION: absolute.Init 'CODEGEN: This method call is required by the Web Form Designer 'Do not modify it using the code editor.UI.Web.Label Protected WithEvents lblTitle As System.EventArgs) Handles MyBase. ByVal e As System. POSITION: absolute.METU – B O O K S T O R E P R O J E C T R E P O R T <asp:Label id="lblDate" style="Z-INDEX: 102. LEFT: 32px. POSITION: absolute.UI.EventArgs) Handles MyBase.UI. TOP: 184px" runat="server" Width="752px"></asp:Label> <asp:Label id="Label1" style="Z-INDEX: 104. LEFT: 32px.Label #Region " Web Form Designer Generated Code " 'This call is required by the Web Form Designer. ByVal e As System.DebuggerStepThrough()> Private Sub InitializeComponent() End Sub Private Sub Page_Init(ByVal sender As System.Web. <System.Web.Web.Label Protected WithEvents Label3 As System.Label Protected WithEvents lblOrders As System.UI. HEIGHT: 180px" ms_positioning="GridLayout"></DIV> </form> </body> Homepage.WebControls.WebControls.WebControls.UI.

com/intellisense/ie5" %> <link rel="stylesheet" href="Styles.NavBar" TargetSchema="http://schemas.ToLongDateString End If End Sub End Class NavBar.METU – B O O K S T O R E P R O J E C T R E P O R T If Not Page.Count Else Me.css"> <div align="center"> <asp:Button CausesValidation="False" runat="server" CssClass="BUTTON" id="btnHome" Text="Home" tabIndex="-1"></asp:Button>&nbsp.Tables(0).lblOrders.lblDate.Text = OrderDs.GetOrders(Nothing. Nothing) If Not OrderDs Is Nothing Then Me.ascx <%@ Control Language="vb" AutoEventWireup="false" Codebehind="NavBar.lblOrders.Rows. OrderDb.Text = "No pending orders" End If Me. <asp:Button CausesValidation="False" id="btnViewOrders" Text="View Orders" runat="server" CssClass="BUTTON" tabIndex="-1"></asp:Button>&nbsp.microsoft. <hr width="100%" color="#000099"> </div> 41 .vb" Inherits="WSB2BOney. <asp:Button CausesValidation="False" id="btnViewBooks" Text="View Books" runat="server" CssClass="BUTTON" tabIndex="-1"></asp:Button>&nbsp.Text = Now.ascx.ORDER_STATUS_PENDING.IsPostBack Then ' Retrieve the number of pending orders Dim OrderObj As New OrderServices Dim OrderDs As DataSet = OrderObj.

POSITION: absolute.0"> <meta name="CODE_LANGUAGE" content="Visual Basic 7. LEFT: 20px.com/intellisense/ie5"> <link rel="stylesheet" href="Styles.css"> </HEAD> <body MS_POSITIONING="GridLayout"> <form id="Form1" method="post" runat="server"> <P> <asp:Label id="lblMsg" style="Z-INDEX: 107.ascx" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4. TOP: 260px" runat="server" Height="28px" CssClass="TITLE" Width="456px" Visible="False"></asp:Label><uc1:NavBar id="NavBar1" runat="server"></uc1:NavBar></P> <asp:Label id="Label1" style="Z-INDEX: 102.vb" Inherits="WSB2BOney. POSITION: absolute.aspx <%@ Page Language="vb" AutoEventWireup="false" Codebehind="SearchOrders. LEFT: 24px.microsoft.0 Transitional//EN"> <HTML> <HEAD> <title>EditBook</title> 7.SearchOrders"%> <%@ Register TagPrefix="uc1" TagName="NavBar" Src="NavBar.aspx.NET Width="456px" CssClass="TITLE" Height="28px">Search . POSITION: absolute.0"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.METU – B O O K S T O R E P R O J E C T R E P O R T SearchOrders. TOP: 212px" 42 <meta name="GENERATOR" content="Microsoft Visual Studio. LEFT: 24px. TOP: 76px" runat="server" Orders</asp:Label> <asp:DataGrid OnItemCommand="Confirm_Order" id="dgResults" style="Z-INDEX: 106.

LEFT: 16px. TOP: 68px. LEFT: 396px. LEFT: 268px. LEFT: 4px. HEIGHT: 136px" ms_positioning="GridLayout"> <asp:Button id="btnSearch" style="Z-INDEX: 100. POSITION: absolute. TOP: 96px" runat="server" Text="Search" tabIndex="3"></asp:Button> CssClass="BUTTON" <asp:DropDownList id="cboClients" style="Z-INDEX: 110. WIDTH: 492px. POSITION: absolute. TOP: 116px" runat="server" CssClass="ASP_LABEL">Order Status</asp:Label> 43 . POSITION: absolute. POSITION: absolute.METU – B O O K S T O R E P R O J E C T R E P O R T CellPadding="3" runat="server" CssClass="DG_NORMAL" Visible="False" AutoGenerateColumns="False"> <HeaderStyle CssClass="DG_HEADER"></HeaderStyle> <Columns> <asp:BoundColumn HeaderText="Order Id"></asp:BoundColumn> DataField="ORDER_ID" <asp:BoundColumn DataField="BOOK_NAME" HeaderText="Book Name"></asp:BoundColumn> <asp:BoundColumn DataField="CLIENT_NAME" HeaderText="Client"></asp:BoundColumn> <asp:BoundColumn DataField="ORDER_STATUS" HeaderText="Status"></asp:BoundColumn> <asp:BoundColumn DataField="CREATION_DATE" HeaderText="Order Date"></asp:BoundColumn> <asp:ButtonColumn ButtonType="PushButton" Text="Confirm" Visible="False"></asp:ButtonColumn> </Columns> </asp:DataGrid> <DIV class="FORM_CONTAINER" style="Z-INDEX: 100. TOP: 64px" tabIndex="1" runat="server" Width="216px"></asp:DropDownList></DIV> CssClass="ASP_TEXT" <asp:Label id="Label3" style="Z-INDEX: 104.

DropDownList Protected WithEvents cboClients As System.UI.DropDownList Protected WithEvents btnSearch As System. POSITION: absolute.WebControls.Web.Web.METU – B O O K S T O R E P R O J E C T R E P O R T <asp:Label id="Label2" style="Z-INDEX: 103.Label Protected WithEvents cboStatus As System.WebControls.UI.WebControls.Label Protected WithEvents dgResults As System. <System.UI.vb Imports DbTier Imports BizTier Imports WSB2BUtil Public Class SearchOrders Inherits System. TOP: 116px" runat="server" CssClass="ASP_LABEL"> Client</asp:Label> <asp:DropDownList id="cboStatus" style="Z-INDEX: 105.UI.EventArgs) Handles MyBase.Button Protected WithEvents lblMsg As System.UI. POSITION: absolute.Web.Page Protected WithEvents Label1 As System.Web.WebControls. LEFT: 24px.WebControls.Web. ByVal e As System.Label Protected WithEvents Label2 As System.Web.aspx. InitializeComponent() End Sub #End Region 44 .Diagnostics.UI.DebuggerStepThrough()> Private Sub InitializeComponent() End Sub Private Sub Page_Init(ByVal sender As System.WebControls.WebControls.UI.Label Protected WithEvents Label3 As System.WebControls. TOP: 136px" runat="server" Width="216px" CssClass="ASP_TEXT" tabIndex="2"></asp:DropDownList> </form> </body> </HTML> SearchOrders.Object.Web.Web.Web.UI.DataGrid #Region " Web Form Designer Generated Code " 'This call is required by the Web Form Designer. LEFT: 268px.Init 'CODEGEN: This method call is required by the Web Form Designer 'Do not modify it using the code editor.UI.

METU – B O O K S T O R E P R O J E C T R E P O R T Private Sub Page_Load(ByVal sender As System.IsNull(Me.DataValueField = ClientDb.IsPostBack Then Dim ClientObj As New ClientServices Dim ClientDs As DataSet = ClientObj. If filtered by status=Pending.Add("") 'blank entry Me.lblMsg.cboStatus.DataSource = OrderDs.DataSource = ClientDs.dgResults.FIELD_CLIENT_ID Me.ORDER_STATUS_COMPLETE) Me.Items.cboClients.cboStatus.DataTextField = ClientDb.Tables(0) Me. ByVal e As System.dgResults.cboClients.Item(5).cboClients. we provide a button ' allowing the user to confirm and complete the order '#################################################################### ##################################################### Private Sub btnSearch_Click(ByVal sender As System.Visible = True End If 45 .DataBind() Me.Visible = False Me.Visible = False End If Me.Visible = True Me.DataBind() Me.SelectedItem. Me.dgResults.Object.ORDER_STATUS_PENDING) Me.Value) Then ClientId = Convert.SelectedItem.Visible = True End If End Sub '#################################################################### ##################################################### ' This method searches the database for orders that have been placed.GetOrders(Nothing.Items.Items.Visible = False Me.Text = OrderDb.Tables(0) Me.Value) End If Dim OrderDs As DataSet = OrderObj.Value.lblMsg.Visible = True Else Me.Object.EventArgs) Handles btnSearch.dgResults.ORDER_STATUS_PENDING Then Me.Columns.Click Dim OrderObj As New OrderServices Dim ClientId As Int32 = Nothing If Not Utils.Items.Load 'Put user code to initialize the page here If Not Page.SelectedItem.cboStatus.cboStatus. "") Me.FIELD_CLIENT_NAME Me.EventArgs) Handles MyBase.cboClients.dgResults.Item(5).ToInt32(Me.SelectedItem.GetAllClients() Me.dgResults.Insert(0.cboClients.cboStatus.Add(OrderDb. ByVal e As System. ClientId) If Not OrderDs Is Nothing Then If Me.cboClients.Add(OrderDb.Columns.

Text) Dim OrderObj As New OrderServices 'Get the information regarding the order Dim OrderDs As DataSet = OrderObj.EndConfirmOrder(AsyncResult) 46 .lblMsg.Text = "The order has been sent for completion processing" Me.Visible = False End Sub '#################################################################### ##################################################### ' Callback function for when Ilteris's application completes the confirm order method.lblMsg. Nothing.OrderSecurityContextValue = WSUtil.Cells(0).AsyncState. ByVal e As DataGridCommandEventArgs) ' Grab the Id of the order being confirmed Dim OrderId As Int32 = Convert.BeginGetOrders(OrderId. OrderWS) 'Dim OrderId As Int32 = ProxyObj. we need to check the client Id and invoke ' the correct web service method for that particular client. Since ' Ilteris is the only client in our example.GetOrderSecurityContext() 'OrderProxy.GetOrders(OrderId.dgResults. OrderDs.Item.Visible = True Me. Nothing) '## NOTE ## ' If we add additional clients. OrderProxy) Me. ' The call is made asynchronously to allow for fast user response '#################################################################### ##################################################### Public Sub Confirm_Order(ByVal sender As Object.METU – B O O K S T O R E P R O J E C T R E P O R T End Sub '#################################################################### ##################################################### ' Confirms a pending order by invoking Ilteris's web service and updating the order in his application first. New AsyncCallback(AddressOf CompleteOrder).ToInt32(e. At this point everything is ok ' and we can update our own database's reference of the order to completed '#################################################################### ##################################################### Private Sub CompleteOrder(ByVal AsyncResult As IAsyncResult) Dim ProxyObj As OrderWS = CType(AsyncResult. we invoke his web service directly Dim OrderProxy As New OrderWS 'OrderProxy.

pwd=tikibiriki.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="DatabaseConnString" value="server=ILTERIS. Possible modes are "Windows". Add <error> tags for each of the errors you want to handle. "Passport" and "None" "None" No authentication is performed. --> <compilation defaultLanguage="vb" debug="true" /> CUSILTERIS ERROR MESSAGES Set cusilterisErrors mode="On" or "RemoteOnly" to enable cusilteris error messages. This setting is recommended for security purposes. Digest.web> DYNAMIC DEBUG COMPILATION Set compilation debug="true" to insert debugging symbols (. "Off" Always display detailed ASP. or Integrated Windows) according to 47 <!-- <!-- <!-- . "Forms".pdb information) into the compiled page. refer to the documentation about debugging ASP. "RemoteOnly" Display cusilteris (friendly) messages only to users not running on the local Web server. so that you do not display application detail information to remote clients. "On" Always display cusilteris (friendly) messages. database=OneyDb."/> <add key="LogFileName" value="c:\inetpub\wwwroot\Oney\logs\Log. --> <cusilterisErrors mode="RemoteOnly" /> AUTHENTICATION This section sets the authentication policies of the application.config <?xml version="1. For more information.ConfirmOrder(OrderId) End Sub End Class Web. uid=tiki. so update the order in Oney's app also Dim OrderObj As New OrderServices 'OrderObj.NET files.log" /> </appSettings> <system. you should set this value to true only when debugging and to false at all other times. "Off" to disable. "Windows" IIS performs authentication (Basic.NET error information.METU – B O O K S T O R E P R O J E C T R E P O R T ' We can be guaranteed that Ilteris's app has completed the order. Because this creates a larger file that executes more slowly.

Otherwise.METU – B O O K S T O R E P R O J E C T R E P O R T its settings for the application. "Passport" Authentication is performed via a centralized authentication service provided by Microsoft that offers a single logon and core profile services for member sites. a session can be tracked by adding a session identifier to the URL. "Forms" You provide a cusilteris form (Web page) for users to enter their credentials. --> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <!-users="[comma separated list of users]" roles="[comma separated list of <allow users="[comma separated list of users]" roles="[comma separated list of <!-- SESSION STATE SETTINGS By default ASP.1:42424" sqlConnectionString="data source=127.axd" page from your web application root.0.0.1. A user credential token is stored in a cookie. If cookies are not available. Wildcards: "*" mean everyone. To disable cookies.NET uses cookies to identify which requests belong to a particular session. --> <sessionState mode="InProc" stateConnectionString="tcpip=127. --> <authentication mode="Windows" /> AUTHORIZATION This section sets the authorization policies of the application. --> <authorization> <allow users="*" /> <!-. the trace information will be displayed at the botilteris of each page. and then you authenticate them in your application.Trusted_Connection=yes" 48 <!-- .Allow all users --> <!-roles]"/> <deny roles]"/> --> </authorization> APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every page within an application. Anonymous access must be disabled in IIS. "?" means anonymous (unauthenticated) users. You can allow or deny access to application resources by user or role. set sessionState cookieless="true". Set trace enabled="true" to enable application trace logging. If pageOutput="true".0. you can view the application trace log by browsing the "trace.0.

HttpApplication #Region " Component Designer Generated Code " Public Sub New() MyBase.Web Imports System.Diagnostics.New() 'This call is required by the Component Designer. InitializeComponent() 'Add any initialization after the InitializeComponent() call End Sub 'Required by the Component Designer Private components As System.SessionState Imports BizTier Imports DbTier Imports WSB2BUtil Public Class Global Inherits System. ByVal e As EventArgs) ' Fires when the application is started Dim ClientObj As New ClientServices 49 .Container() End Sub #End Region Sub Application_Start(ByVal sender As Object. --> <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> </system. <System.DebuggerStepThrough()> Private Sub InitializeComponent() components = New System.ComponentModel.METU – B O O K S T O R E P R O J E C T R E P O R T cookieless="false" timeout="20" /> GLOBALIZATION This section sets the globalization settings of the application.ComponentModel.web> </configuration> <!-- Global.IContainer 'NOTE: The following procedure is required by the Component Designer 'It can be modified using the Component Designer. 'Do not modify it using the code editor.Web.Web.asax Imports System.

WriteLogEntry(Server.GetAllClients()) End Sub Sub Session_Start(ByVal sender As Object. text-transform: none.GetLastError.asax". ByVal e As EventArgs) ' Fires at the beginning of each request End Sub Sub Application_AuthenticateRequest(ByVal sender As Object. font-family: Verdana. font-size: 0. ByVal e As EventArgs) ' Fires when the application ends End Sub End Class Styless. ByVal e As EventArgs) ' Fires upon attempting to authenticate the use End Sub Sub Application_Error(ByVal sender As Object. ByVal e As EventArgs) ' Only log errors which did not originate from our components If Not TypeOf Server. background-color: whitesmoke.GetLastError(). ClientObj.GetBaseException.METU – B O O K S T O R E P R O J E C T R E P O R T Application.Add(ClientDb.GetLastError().css /* Default CSS Stylesheet for a new Web Application project */ BODY { font-weight: normal.8em. Helvetica. "Global.InnerException() Is DbTierException Then Log.CLIENT_DS_REF. } 50 . ByVal e As EventArgs) ' Fires when the session is started End Sub Sub Application_BeginRequest(ByVal sender As Object.InnerException() Is BizTierException And Not TypeOf Server. "Application_Error") End If End Sub Sub Session_End(ByVal sender As Object. word-spacing: normal. letter-spacing: normal. sans-serif. ByVal e As EventArgs) ' Fires when the session ends End Sub Sub Application_End(ByVal sender As Object.

border-top: lightgrey thin solid. font-size: 10pt. } . } . font-size: 10pt. color: black. font-family: Tahoma. font-weight:bold. font-size: 11pt. font-family: Tahoma. font-size: 12px.ASP_TEXT_BLUE_BOLD { font-size: 9pt.DG_NORMAL { border-right: lightgrey thin solid.DG_HEADER { font-weight: bold.ASP_LABEL { font-weight: bold. text-decoration: none. background-color: #ccffff. background-color: #ccffff. background-color: white.ASP_TEXT { font-size: 9pt. font-family: Tahoma. } . font-family: Tahoma. background-color: #33ffff. color: #000000. 51 . } . font-size: 12px. color: #000099. text-decoration: none. font-family: Tahoma.METU – B O O K S T O R E P R O J E C T R E P O R T . } . border-left: lightgrey thin solid. color:darkblue. border-botilteris: lightgrey thin solid. text-decoration: none.BUTTON { font-weight: bold.DG_SELECTED { font-weight: bold. color: #000099. font-family: Tahoma. } .

BACKGROUND-COLOR: #f5f5f5.METU – B O O K S T O R E P R O J E C T R E P O R T font-family: Tahoma. font-size: 12pt. text-decoration: none.TITLE { font-weight: bold. } . color: #000099. font-family: Tahoma.FORM_CONTAINER { BORDER-TOP-STYLE: outset. BORDER-RIGHT-STYLE: outset. } . BORDER-LEFT-STYLE: outset. POSITION: absolute. BORDER-BOTILTERIS-STYLE: outset. } 52 .