|
Designing and
Implementing Commerce Solutions with Microsoft Site Server 3.0
Commerce Edition
Establishing the Development Environment
Install and configure Microsoft Visual SourceSafe
Visual SourceSafe is a
source code control system that comes with Visual Studio Enterprise
Edition. (See also VSS Start Page)
VSS Client is installed on
every developer’s machine, allowing access to the centralized source code
database installed and administered with VSS Server.
NetSetup is the best way to
install VSS over a network. It installs only the VSS Client, not VSS
Server.
It is stored on the same
directory on the server, where VSS Server is installed, and can be
accessed over the network. No CD is necessary.
With NetSetup users can
install VSS Client without the help of an Administrator.
After the installation of
VSS Server, administrators have to configure it with VSS Administrator.
If the VSS Server directory
is shared, it’s better to set the right read-write permissions to users. If project security is
enabled, a user can have four levels of access
-
read-only
-
check out/check in
-
add/rename/delete
-
destroy
If security is not enabled
there are only read-only and read-write permissions. VSS Administrator is
used to set access rights.
VSS Client allows you to
store and retrieve files and to ensure that only one person at a time can
modify a file. Normally only one person can checkout a file at a time, but
this can be changed.
Files can be shared among
multiple projects. Changes made to a file are seen by all the projects. With branching, a file can go in two
directions. Under the Paths tab it’s possible to see the history of a
branched file.
Get Last Version is the
command used to retrieve the last version of a file. Also an older version
can be retrieved from History of File/Project.
A file with Get Last Version
can be retrieved only if it doesn’t exist, or is in read-only state. If
the file is not in read-only mode, VSS assumes that the file is checked
out and doesn’t replace it.
Label is the command used to
mark all the files in the project. It’s useful to mark all the files
before a major release so that if the release needs to be restored, files
can be immediately found.
Install and configure Microsoft Site Server 3.0,
Commerce Edition
Hardware Requirements
-
100MHz or higher (166MHz
recommended) Pentium or Alpha Processor
-
64MB RAM (128MB recommended)
-
Minimum 128MB of virtual memory
-
1GB free disk space (2GB
recommended)
-
Super VGA 1024x768 resolution
-
CD-ROM, Network card, Mouse
Software Requirements
-
Windows NT 4.0 SP3 or higher (SP3 is
installed with the Option Pack)
-
Windows NT 4.0 Option Pack
-
SQL Server 7.0 or SQL Server 6.5 SP4
(need an updated executable found in SS3 CD) or Oracle (examples need
some modifications to work with Oracle 7).
-
Internet Explorer 4.01 SP2 or later
(Netscape is a supported platform for site usage, but Explorer is needed
for site creation and administration)
-
Site Server 3.0 (Site Server is
needed before installing Commerce Server)
-
One or more NTFS Partitions, because
Site Server needs NTFS security
-
FrontPage 98 and Visual Interdev 6.0
are included in Site Server Commerce Edition, but are not
required.
Installation steps
-
Install the Database Server
-
Prepare two databases used for the
examples (SSCommerce and SSAdServer)
-
Prepare two ODBC System DSNs for the
two databases
-
Install Site Server 3.0
-
Install Site Server 3.0 Commerce
Edition
-
Install Site Server Service
Pack
Refer to Site Server Resource Kit for other information.
Creating User Services
Create dynamic Web pages by using ASP
ASP pages are loaded by ASP.DLL and the scripts
are executed with the appropriate language (commonly Jscript or VBScript).
ASP (3.0) has six intrinsic
objects:
|
|
|
|
|
It’s created when
the ASP DLL is loaded in response to the first request for an ASP
page. |
|
|
It’s present only in
ASP 3.0. To obtain an ASPError the GetLastError
method of the Server object is
used. |
|
|
It provides all the
information that the client sends to the server. |
|
|
It’s used to send
the contents to the client. |
|
|
It gives a series of
methods and properties useful in scripting
languages. |
|
|
It’s created for
each visitor at the first request of an ASP
page. |
Process user input from a form or a dialog box by
loading data into an object
Request object can be
used to get user input or other information like cookies, client
certificates or server variables.
Use the Microsoft Wallet control on the user
interface
Microsoft Wallet is a client side ActiveX
control that runs only in Internet Explorer.
There is a version for
Netscape but it doesn’t run properly.
The Wizard-generated code
uses Microsoft Wallet by default when the browser is Internet Explorer.
This causes a big problem
under Windows 2000 because the IE 5.01 supplied with it does not contain
the Microsoft Wallet control. This causes an empty place on the page. It’s
always possible to click the “Click here if you have problems with the
wallet”, but this isn’t a good solution. It’s not a good idea to use the
Wallet, because it’s not supported anymore.
To use the Microsoft Wallet
there is a Microsoft Wallet Webmaster Kit that contains binary files,
documentation and samples.
There is also a Microsoft
Wallet SDK that allows you to extend the support for different kind of
cards or for other payment methods with the IcreditCardOtherCard
interface.
Integrate a Commerce site with an existing Web
site
You can integrate a
commerce site with an existing one by looking at the default page of the
site and checking the links given to the catalog, to the shopping cart,
and so on.
Provide a personalized interface for users that is based on
user profiles or group membership
Personalization and Memberships are the features of Site Server 3.0
used to present unique personalized content to specified users. Personalization data can be
stored on the client (with cookies) or on the server, in the Membership
server. There are two ways to send
cookies with Site Server
-
Response.Cookies like every ASP
applications
-
Using the IssueCookie method of the
Verifusr object; e.g.,
Set VerUsr = Server.CreateObject(“Membership.Verifusr.1”)
VerUsr.IssueCookie “Name”, ...
‘ stores information on acookie
...
Response.Write “Welcome back “
& Request.Cookies(“Name”)
‘ is used to retrieve information
stored on a cookie
Other informations could be
found in Ten Tips for Optimizing Site Server 3.0 Commerce Edition
Personalization and Membership
Use AUO to provide a personalized interface
AUO stands for Active User Object and can be
used to retrieve or to set information about the current user in the
P&M Directory Service.
If an AUO is instantiated in
an ASP page and the current user is authenticated in the P&M Directory
Service of Site Server 3.0, the AUO is bound to the user. To use AUO the objects need
to be created and used like in this example
Dim objAUO
objAUO =
Server.CreateObject(“Membership.UserObjects”)
objAUO.property = value ‘ to set a
value
...
Response.Write “Welcome back “
& objAUO.name ‘ is an example of retrieving data from the AUO
For other examples refer to
Web Workshop - Using the Membership Directory and Active
User Object (AUO) for Session State Data
Use StandardSManager to provide a personalized interface
StandardSManager is the object that
can be used to create, delete and retrieve ShopperIDs in run-time.
Instantiate and invoke a COM component. COM components
include server objects, the Ad Server object, and pipeline components
To create a COM component
the CreateObject method of the Server object is used. For example, use the
following to know the browser type a COM component can be used with
Set browser =
Server.CreateObject(“MSWC.BrowserType”)
BrowserName = “Browser = “ &
browser.browser
Response.Write(BrowserName)
AD Server
AD Server
permits you to display advertising on your Web site.
AD Server consists of the
AdServer object, the AD Manager application and the AD Server database.
To work with AD Server the
global.asa must contain code that
-
Creates an instance of AdServer and
stores it in an Application Variable
-
Sets the connection string and other
configuration options
-
Sets the name of the instance of the
AdServer object
Here is sample code
Set AdSrv =
Server.CreateObject(“Commerce.AdServer”)
Set Application(“Ad”) = AdSrv
pathCfg =
Server.MapPath(“config/site.scf”)
‘ contains the DSN and other
options
Set dictCfg =
Server.CreateObject(“Commerce.Dictionary”)
Set fileCfg =
Server.CreateObject(“Commerce.FileDocument”)
Call
fileCfg.ReadDictionaryFromFile(pathCfg,”ASConfig”,dictCfg)
AdSrv.ConnectionString =
dictCfg.MASConnectionString
AdSrv.Application =
http//server/application
AdSrv.RedirectURL =
http://server/application/adredir.asp
‘ set this if you want to enable
the AD redirect feature Use these two lines of
code to show ads in a page
Set AdSrv = Application(“Ad”)
AdSrv.GetAd(Response)
Pipeline Components
To
instantiate an pipeline in ASP pages there are two ways
-
use the i_util.asp include
file that includes two methods, UtilRunPipe()
and UtilRunTxPipe()
-
directly invoke the Commerce.MtsPipeline or the Commerce.MtsTxPipeline component to load a pipeline and execute it
To instantiate a single pipeline
component from an ASP page or from other COM compliant languages, the
Micropipe component could be used.
Enable a Commerce site to send e-mail messages
Site Server has a
utility called Direct Mailer that can be useful to send automated e-mail to
user lists.
In the Membership Directory
there is a container called ou=Distribution
List that is used to store the alias of
the list and all the users.
Right-clicking on the
container allows you to create a new list.
Then you can use Direct
Mailer from the Tools directory of Site Server to schedule or send
automated e-mail.
Q200503 - How to Test Direct Mailer
To send an email from an ASP
page you can use the CDONTS component. Creating a CDONTS.NewMail
component, setting the “To”, “From”, “Cc” and “Body”, properties and
calling the Send method will invoke the SMTP server of IIS to send the
email.
Q186204 - HOWTO: Use CDONTS to Collect and Mail Information
From a User
Create a Web page that is dynamically constructed from data
in a database
To create a dynamic
page, Response.Write can be used to send data to the browser.
The result of a query on a
database can be stored in an ADO RecordSet and can be sent to the user.
To use ADO it’s better to
include the file that contains all the constants:
<!-- #include file=adovbs.inc
-->
Here is an example that
retrieves data from a DB and sends them to the browser:
‘ Create a Connection Object and
open it
Dim cnCustomers
Set cnCustomers =
Server.CreateObject(“ADODB.Connection”)
cnCustomers.Open “DSN= dsnName; UID= user;
PWD=password;”
‘ Retrieve data
Dim rsCustomers
Set rsCustomers =
Server.CreateObject(“ADODB.RecordSet”)
rsCustomers.Open “SELECT * FROM
Customers”, cnCustomers, _
adOpenStatic, adLockReadOnly,
adCmdText
‘ Show data
While Not rsCustomers.EOF
Response.Write(“Customer name:”
& rsCustomers(“name”))
Response.Write(“<br>”)
Wend
Add product-search capabilities to a Commerce site
Site Server 3.0 Commerce Edition can
use Microsoft Search to add product-search capabilities to a commerce
site.
The catalog of the db can be
created with the Web Based Administration tool.
The search page can be found
in http://localhost/siteserver/knowledge/search/database/search/catalog_name/search.htm
where the administrator sets catalog_name. A link is needed on the page of the site to
access the search page.
The search.htm page and the
result.asp can be modified to provide personalized content.
Creating and Managing Components and Pipelines
Write a pipeline component that implements business rules
or logic
A pipeline component can be
written in any COM compliant language such as Visual Basic or Visual C++,
but can also be written using a scripting language (such as VB Script or
Jscript) by using the SCRIPTOR component. When using the SCRIPTOR
component these entry points are available (showed in the calling order)
-
MSCSOpen(config): could contain initialization code
-
MSCSExecute(config, dictionary, context,
flags): is the core of the component,
and should return 1 if there were no errors
-
MSCSClose(config): could contain clean-up code
Config specifies the parameters passed to the script in the form name=value, Dictionary
contains the pipeline’s Dictionary (for example the OrderForm in an
Order Processing Pipeline), Context contains the pipeline’s context and Flags is reserved.
To use a SCRIPTOR component,
the administrator should add the SCRIPTOR to the pipeline, and set the
name of the file that has to be executed. If the script is little, it
could be edited directly into the user interface of the SCRIPTOR setting
the file to internal. Refer to Web Workshop - Scriptor Component 101: Executing Scripts in
a Pipeline Environment.
A compiled component must be
an ActiveX control that implements the IPipeLineComponent
interface. This interface has two
required methods that must be implemented (showed with VB syntax)
-
Private Sub
IPipeLineComponent_EnableDesign(ByVal fEnable As long)
-
Private Function
IPipeLineComponent_Execute(ByVal pdispOrder As Object, ByVal
pdispContext As Object, ByVal lFlags as Long)
The EnableDesign Sub is not
really needed, because it is called only by the administrative tools, and
not in a pipeline. But it is still required (it can be empty).
The Execute Function is the
core of the component.
A good component must also
support a property page, where the administrator can set application level
properties inside the administration tools. The property page is the
standard property page of an ActiveX control.
A component must be
registered in the Registry to allow the pipeline editor to use it. Two entries must be
set
Where component_clsid
is the class id of the component. pipeline_catid
is the pipeline category id (it could be always {CF7536D0-43C5-11D0-B85D-00C04FD7A0FA})
that allows the component to show up in the all
components list. stage_catid is the stage id and can be found in the
properties of the stage in the pipeline editor.
Refer to Implementing Pipeline Interfaces in Microsoft Site Server
3.0: Converting Existing COM Components.
Add error handling to pipeline components
Each component must return one of three
values
-
1 = Success – there were no errors
-
2 = Warning – there were errors but
were handled
-
3 = Failure – there were errors that
were non handled
The whole pipeline will
return the maximum error code.
If one component returns 3
(Failure) and other components return 1 (Success) the whole pipeline will
return 3.
Trap errors only if you are
sure that the component can handle it properly. If the component can’t
handle the error it’s better to return 3 (Failure), so that the error will
be trapped and shown by the pipeline.
Log errors into the System event log
When there is an error Site Server adds an item
to the NT event log.
To write in the NT event log
there is also the LogEvent method of the WScript object.
WSH Log Event
Debug a pipeline component
There are various ways to debug a pipeline
component
To set up the debugging
process please refer to Q247188 - How to Set Up a Visual InterDev 6.0 Project for
Debugging a Commerce Server Store
DumpOrder is a script file
that generates a text file that contains the OrderForm object at that
stage of the pipeline. To use DumpOrder,
the component must be inserted with the SCRIPTOR, and must be configured
with the name of the file to be written. The I_USRservername user must have write access to that file.
Do not turn on DumpOrder on a production
site. This component allows only one user a time, and creates some
security problems, because the log will contains sensitive
information.
Instructions needed to
enable the Pipeline log file are already present in the i_util.asp file (in the methods
UtilRunPipe() and UtilRunPipeTx()) used to launch a pipeline. The instructions
are commented and are:
Call
pipeline.SetLogFile(Request.ServerVariables(“APPL_LOCAL_PATH”) &
“config\txtpipeline.log”)
To enable logging the comments
must be deleted and the write access must be granted to the
I_USRservername to the “config” directory of the site (but you could
change the destination’s path).
Create a pipeline component that supports various
threading models
Single-Threaded Apartment
COM calls are done by sending messages to the window’s message
queue. This technique allows synchronizing concurrent calls to be serial.
Legacy code often ignores threading, and by default uses a single STA.
(See also Single-threaded apartments)
Multithreaded Apartment
COM calls are sent directly to the object. The object has to deal
with synchronization, because multiple calls can arrive from multiple
threads. (See also Multi-threaded apartments)
Multithreaded Apartment COM
components can’t be created in Visual Basic, only in Visual C++.
Add and remove components in a standard pipeline. Create a
new pipeline
The pipeline is a
container for the pipeline components. The pipeline components are
specified by a pipeline configuration, which is stored in the
pipeline configuration (.pcf) file and configured using the Pipeline
Editor. To work with pipelines there
are two editors
The Web-based editor allows
remote administration of a commerce site, but the standard Win32 editor is
more powerful.
To use all the power of the
Win32 editor it must be started in Enhanced Mode, with the /E switch from
the command line (or by modifying the standard windows shortcut).
Pipeline files have *.pcf extension.
If you add or remove
components you need to modify the wizard generated pages to reflect your
changes.
For example, if you remove
the Shipping component from a pipeline, you also have to remove the
Shipping row on ASP pages. If you add components that need to show a
result, you have to modify ASP pages to add the presentation of the
result.
An important thing about
pipelines is that there cannot be branches in the pipeline flow; there
cannot be a If ... Then ... Else situation.
Related to this fact there
is the “no-interference rule” that states that a component could write a
value in the pipeline dictionary if and only if preceding components do
not set up that value.
If it’s absolutely necessary
to have a selection of the stages based on the program execution, there is
the MICROPIPE component that allows executing a single pipeline component
from an ASP page.
This implies that all the
pipeline logic must be hard coded in the page. This allows a great control
of the process, but also a slower response from the system, because every
component must be instantiated individually.
Instantiate a pipeline that participates in a
transaction
Using the UtilRunTxPipe() from the
the i_util.asp include file or directly using the Commerce.MtsTxPipeline
component allows the pipeline to participate in a transaction. A flag in the pipeline
configuration (*.pcf) file is used to ensure that the pipeline requires a
transaction. The configuration may be designated for transaction
compatibility in one of these ways
-
Any pipeline. May be loaded
into any pipeline.
-
Requires transacted pipeline.
Must be loaded into an MtsTxPipeline pipeline.
-
Requires non-transacted
pipeline. Must be loaded into an MtsPipeline
pipeline.
Different kinds of pipelines
There two kinds of pipelines
The first is used in
business-to-consumer stores to perform tasks related with order
processing. It consists of three pipelines, the product pipeline,
the plan pipeline and the purchase pipeline. OPP and SCRIPTOR
The second is used in
business-to-business transactions to exchange information between two
organizations or between two departments of the same organization. It
consists of two pipelines, the transmit pipeline and the
receive pipeline.
Creating Data Services
Use OLE DB, ODBC, and ADO to access or manipulate a data
source
ODBC
ODBC was the
standard way to access Relational DB. ODBC is still most popular, but
Microsoft prefers that new applications use OLE DB to access DB.
RDO is the object model
built over ODBC.
OLE DB
OLE DB is the
new set of APIs to access Relational and non-Relational data. The most
important benefit of using OLE DB is that the same model is used to access
every kind of data (with the right provider). An ODBC provider for OLE DB
is given for backward compatibility with every relational database.
ADO
ADO is the object
model built on the top of OLE DB. Remember to use ADO or OLE DB in every
new application.
Access data
The object model
exposed by ADO is composed of 6 main objects, but not all are necessary to
query the database. For example, recordset can be obtained without opening
a connection and without sending a command. But using a connection allows
you to obtain more than one recordset, and using a command allows you to
send the same command without querying the metadata every time.
Connection
Used to
maintain connection information, like cursor type, connection string,
time-outs, and default database
Error
Used to report
extended error information. A collection of errors is used because one or
more errors could be returned.
Command
Contains
information about a command, like the query string, parameters, and so on.
Parameter
The Command
object can contain a collection of parameters. Each parameter type can be
declared by the programmer to improve performance, or can be discovered at
run-time.
Recordset
Is a set of
rows returned from a query, including cursors.
Field
Is used to
contain a set of information about a single column of data.
Handle database errors
The ADO Connection
object contains an error collection with these methods and properties
Count
Contains the
number of errors in the collection
Item
Is used to
retrieve an error from the collection
Clear
Is used to remove
all the errors from the collection
The Error object contains
these properties: Description, Number, HelpFile, HelpContext, Source,
SQLState, NativeError
Testing the Solution
Create a test plan that includes disaster recovery,
scalability, load balancing, and capacity planning
Disaster recovery can be achieved in certain
ways, such as backups, disk images, and so on. Be prepared to recover a
Site Server installation, because e-commerce Web sites are often attacked
by hackers.
Scalability can be obtained
in two ways: with bigger hardware, or with more servers that work
together.
Load balancing can be
obtained using more servers, and with software or hardware solutions that
are used to distribute the load on the less busy server.
Test your site to see how
many concurrent users it can handle, and plan accordingly the number of
servers needed.
Create test scripts
To
run InetMonitor you need to enable disk monitoring with diskperf –y.
The command Profile calibrates your
hardware. This process takes a lot of time.
After hardware calibration,
you can run the scripts to test the site. Scripts are text files that contain commands like GET, POST, LOOP,
ENDLOOP, RANDLIST, etc...
In InetMonitor you can run a
script. You can also set the server to be tested, number of users, users
start delay, test duration, number of threads, authentication level,
client timeout, HTTP version, if the Log is active or not, and which
cookie file to use on the simulated client.
As a result you have the
processor, memory and disk utilization, and the number of alerts and some
recommendations.
Execute the test plan
Steps required to execute the test plant are:
-
Publish a Commerce site to a staging
server (different than the development server. With this you can check
if all the components, all the pages and all the connections are
deployed well).
-
Test a Commerce site on various
browsers, both different browsers and different versions of the same
browser.
-
Test localization of components.
Deploying a Web Application
Normally there are three steps to deploy Web Applications. The
first step is to develop the application on the development server. After
that the application is copied to the staging server to allow beta testers
to check the application in a clean environment. Finally the application
is copied to the production server and made available to the final users.
Managing Access to a Commerce Site
Control access to data and objects on a Commerce site
Membership Server is used to
secure the site and manage users.
There can be multiple
Membership Servers, with different data providers.
When a user is authenticated
under Membership Server, he is automatically mapped to an NT user account
called MemProxyUser. If more Membership Servers exist, more users are created under
NT, each with the number of the instance of the Server.
The Window NT account can be
used to grant or deny access to Windows NT resources.
To enable Personalization
and Membership under IIS there is the option Membership Server Mapping under the
All Tasks context menu in the MMC snap-in of IIS.
After that you can see a new
Membership Authentication tab in the properties of the site. The authentication process,
where P&M is enabled, is the following
-
A user requests a page that is
mapped under the Membership Server
-
IIS calls the Membership Server that
checks if the user is valid
-
If the user is valid, the Windows NT
account, mapped to that Membership Server, is checked against the page
-
If the user has the permissions to
see the page the page is displayed.
There are three kinds of
situations
-
The user is invalid: the Logon
Troubleshooter page is displayed
-
The user is valid but does not have
the authorization for the page: Access Denied is displayed to the user
-
The user is valid and can see the
page: the page is sent to the browser
Every error page can be customized.
Administer user access to a Commerce site
Anonymous access should be enabled to allow
users to browse the home directory and the public site. To restrict access to the
private site, three kinds of authentications can be used
-
Automatic Cookie Authentication
-
HTML Forms Authentication
-
Other Password Authentication (that
includes Distributed Password Authentication and Clear Text / Basic
Authentication)
With Automatic Cookie Auth.
a cookie is sent automatically to the user, and the user is authenticated
without reentering passwords.
With HTML Forms
Authentication a logon html page is displayed to the user.
With Other Password
Authentication a logon dialog box is displayed to the user by the browser.
Administer client-side certificates by using Membership
Server
It’s possible to map
client-side certificates to users in the Membership Server.
Maintain secured communication for a Commerce
site
HTTPS (HTTP over SSL) is the
protocol used to maintain a secure communication between the client and
the server.
SSL is based on public key
cryptography and digital certificates. At least a server certificate is
needed to establish the communication. Server certificates could be
purchased from a certification authority (like Verisign) or can be created
using the Certificate Server. Creating a certificate can be cheaper, but
the client needs to trust the certification authority used by the server,
and the user gets prompted that the browser doesn’t know who has issued
the certificate. Q257591 - Description of the Secure Sockets Layer (SSL)
Handshake
Maintaining and Supporting an Application
Fix errors and take measures to prevent future
errors
Logic errors (known also as
bug) occur when the application can be executed, but doesn’t work as
expected.
Syntax errors occur when the
application can’t be executed because of the errors in the source code.
Tracing the flow of the
program with Response.Write or with log file is useful to see how the
program is executed.
Other things to know
High availability and scalability
Cluster server (or services in Windows 2000) can
be used when high availability issues are important.
Windows Load Balancing
Server (or Network Load Balancing in Windows 2000) can be used when there
are high availability and scalability issues.
Client-side scripting
Client-side scripting
is used to validate forms before sending them to the server, to process
little pieces of information on the client and so on.
Netscape only supports
Javascript on the client
Internet Explorer supports
both VBScript and JScript (that is the Microsoft version of JavaScript)
Every browser has its vesion
of the Document Object Model. | 
