Tài liệu Module 6: Transaction Processing on the Business Logic Layer docx

Contents Overview 1 Mechanics of Web-Based Purchasing 2 Using Commerce Server 2000 17 Lab 6: Creating Pipeline Objects for Review 37 Module 6: Transaction Processing on the Busines

Contents

Overview 1

Mechanics of Web-Based Purchasing 2

Using Commerce Server 2000 17

Lab 6: Creating Pipeline Objects for

Review 37

Module 6: Transaction Processing on the

Business Logic Layer

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2001 Microsoft Corporation All rights reserved

Microsoft, Active Directory, ActiveX, BizTalk Server, FoxPro, FrontPage, Hotmail, Jscript, Outlook, PowerPoint, Visio, Visual Basic, Visual C#, Visual C++, Visual Studio, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

Other product and company names mentioned herein may be the trademarks of their respective owners

Instructor Notes

This module provides students with an overview of the transactional and security issues that are encountered on the business logic layer of an e-business Web site The module then discusses the Microsoft® NET technologies that minimize these issues

After completing this module, students will be able to:

Identify the requirements of Web-based purchasing

Explain the mechanisms that can be used for credit card purchases

Identify the security issues related to conducting business-to-consumer (B2C) e-commerce

Explain the features of COM+

Describe how asynchronous processing can benefit B2C e-commerce

Describe the solutions available from Microsoft Commerce Server 2000 that address the security and transactional issues on the business logic layer

Materials and Preparation

This section provides the materials and preparation tasks that you need to teach this module

Required Materials

To teach this module, you need the following materials:

Microsoft PowerPoint® file 2260A_6.ppt

Module 6, “Transaction Processing on the Business Logic Layer”

Lab 6, “Creating Pipeline Objects for the OPP”

Preparation Tasks

To prepare for this module, you should:

Read all of the materials for this module

Complete the lab

Practice adding and removing objects from the plan pipeline for the

Module Strategy

Use the following strategy to present this module:

Mechanics of Web-Based Purchasing Enumerate the key pieces of information that must be gathered to enable a successful transaction Do not talk about issues on state management in this section because they have already been discussed in Module 5, “Managing

the Business Logic Layer,” in Course 2260A, Designing E-Business

Applications with Microsoft NET Enterprise Servers Also, discuss the legal

and tax issues involved in Web-based purchasing

Using COM+ in E-Commerce After determining what information to gather and the rules by which it will

be manipulated, the developer plans how to implement business logic on the site In this context, introduce the concept of COM+ Describe the

advantages of encapsulation and transaction processing, and describe the asynchronous communication mechanisms that COM+ offers Do not cover the role of COM+ in business-to-business (B2B) transactions because that topic is covered in Module 7, “Integrating with External Systems,” in

Course 2260A, Designing E-Business Applications with Microsoft NET

Enterprise Servers

Using Commerce Server 2000 Commerce Server 2000 includes many features that enable it to implement business logic in an e-commerce Web site In this section, examine those features, such as the Order Processing Pipeline (OPP) Be aware that the B2B element that was found in Microsoft Commerce Server 3.0 is now part

of Microsoft BizTalk Server™ 2000 and is discussed in Module 8,

“Exchanging Business Data,” in Course 2260A, Designing E-Business

Applications with Microsoft NET Enterprise Servers This section includes

a demonstration of modifying an OPP by using the Pipeline Editor

Lab 6: Creating Pipeline Objects for the OPP

In this lab, students will create a pipeline object to insert into the OPP The pipeline object will determine the handling cost associated with a

transaction at the Commerce Server 2000 Retail Solution Site

Overview

Mechanics of Web-Based Purchasing

Using COM+ in E-Commerce

Using Commerce Server 2000

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

After the customers that use an e-business site have chosen the goods or services that they wish to buy, the next step is to complete the purchase This process has several security and transactional issues associated with it This module describes such issues and discusses how they can be addressed

After completing this module, you will be able to:

Identify the requirements of Web-based purchasing

Explain the mechanisms that can be used for credit card purchases

Identify the security issues related to conducting business-to-consumer (B2C) e-commerce

Explain the features of COM+

Describe how asynchronous processing can benefit B2C e-commerce

Describe the solutions from Microsoft® Commerce Server 2000 that address the security and transactional issues on the business logic layer

In this module, you will learn

how to plan an e-commerce

transaction processing

architecture that will

overcome some problems of

Web-based purchasing at

the business logic layer

Mechanics of Web-Based Purchasing

Gathering User and Order Information

Handling Legal and Tax Issues

Selecting Payment Options

Securing the Payment for Orders

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

Implementing Web-based purchasing solutions involves more than simply presenting goods to the customer and accepting payment It includes issues such

as presenting payment options and gathering user information along with tax and legal issues

This section examines some of the processes that facilitate the purchase of goods at an e-commerce Web site

In this section, you will

examine some of the

processes that enable the

purchase of goods at an

e-commerce site

Gathering User and Order Information

Before a purchase, gather information about the list of products, billing address, shipping address, and payment details

To gather information:

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

The purchasing process on an e-commerce site has several stages For example, the site needs to track the products that shoppers have put into their carts before they proceed to the checkout routine

It is critical that you make the checkout process as clear and intuitive as possible If the checkout process is not user-friendly, the business can lose many customers

To gather the information, you must:

Present a series of forms to the user

To ease the input and validation of information, you can implement Microsoft ASP.NET Web forms These are easy to implement and provide fast feedback to the client about incorrect entries without requiring a round-trip to the server

purchase, the e-commerce

application must gather

relevant information Let’s

look at that information and

the methods that the

developer can use to

collect it

Store information about the current purchase in a session-based location

This session-based location would typically be an ASP.NET Session object;

however, when using Commerce Server 2000, the session-based location is

the OrderForm object The OrderForm object is discussed later in this

module

Store customer information, such as billing address, on a long-term basis Although this is not strictly necessary, it will improve the perceived ease of use of your e-commerce site You might typically store this information in a back-end database or Lightweight Directory Access Protocol (LDAP) directory

Preparing for the Purchase

Before the application can calculate the total price for the selected goods, certain factors must be considered, such as:

Discounts or promotions on individual products

Customer-specific discounts

Total number of items of each product purchased

Discounts based on multiple products purchased together

Shipping costs

Tax due on the products

The application must also check whether the goods a customer wants to order are currently in stock This will affect whether the purchase takes place and whether the purchase takes place immediately or at a later time when the supplier can supply the goods

Each of these purchasing calculations forms part of the business logic of the application The preferred method for incorporating business logic into a Microsoft NET application is encapsulating it in COM+ components The advantages of this approach are discussed later in this module

Handling Legal and Tax Issues

- Between nations and states

- Depending on the type of product purchased

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

Generally, the same rules that apply to any other form of commerce also govern e-commerce; however, you must give particular consideration to international

Is there any liability involved with the sale? If so, what sort of disclaimers

do you need to display?

Can you export the product to the user's location? For example, you must be aware of export restrictions on encryption products outside the United States

of America if you create an application for a vendor of such products

If the site is collecting personal details, does it comply with relevant data protection acts? Does it ensure that the privacy of children under 13 is preserved in accordance with the Federal Trade Commission Children's Online Privacy Protection Act (COPPA)?

These are just a few of the legal issues that e-commerce site developers must deal with Vendors are strongly recommended to seek professional legal advice before setting up their sites National and international law relating to

e-commerce changes rapidly, so it must be a regular part of site reviews to make sure the site remains in compliance

Topic Objective

To introduce the legal and

tax frameworks with which

e-commerce sites must

comply

Lead-in

Non-technical issues have a

significant impact on the

design of an e-commerce

site As a developer, you

need to be aware of these

issues so that you can

design a solution that is

flexible enough to cope with

changing rules and

regulations

Selecting Payment Options

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

There are many ways to transfer money between customer and vendor When you design an e-commerce Web site, you must select a system that customers can use confidently and that is appropriate for the value of goods that are sold

Electronic cash There are various mechanisms that allow the user to store hard cash in an electronic format (e-cash) and then transfer it to a vendor For example, users can transfer money to an electronic cash account directly from a bank account or by using a credit card The electronic cash that they receive has a unique identifier that is extremely hard to forge The user can pay for items

at Web sites that support e-cash For more information about e-cash, see the eCash Global Software Solutions Web site at http://www.digicash.com/

Micro-payments This variation on e-cash can be used for goods or services that are of small value, such as individual newspaper articles, technical white papers, and pay-per-play music tracks The cost of the transaction must be small enough

to make micro-payments worthwhile The solution for debiting the user’s account must also be as simple as possible The user does not want to continually fill in forms for every page of premium content that they visit

Topic Objective

To introduce some of the

payment options available to

shoppers

Lead-in

Most people think of credit

cards when they consider

how payments might be

made over the Web

However, there are other

options

Purchase order

By setting up an account facility between a customer and a vendor, a purchase-order number can be used instead of direct payment Usually, this

is practical only in business-to-business (B2B) scenarios, in which there is

an ongoing relationship between trading partners B2C e-commerce tends to

be more sporadic in nature and deals with lower volume, so the use of purchase orders is not usually appropriate for B2C e-commerce

Check or money order Although personal checks and money orders are valid payment methods at many shops, they have their drawbacks in e-commerce transactions Among the problems are the time lag between order and payment and the fact that checks and money orders are difficult to use in an international context

Securing the Payment for Orders

Payment over a secure channel must be secure, complete, and efficient

To implement a secure channel:

the payment pages

To process credit card information, you can use a batch system or real-time processing method

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

When payment information passes between customer and vendor, it must be protected from unauthorized access A secure channel can provide this protection

Payment Over a Secure Channel

The simplest way to obtain payment information from a user is to provide one

or more Hypertext Markup Language (HTML) forms The submission of payment information must be:

Secure The pages containing the forms must be accessed through only a secure channel, usually Secure Sockets Layer (SSL)

Complete All personal information requested from a user must be obtained in a consistent way This applies as much to the billing address as to the credit card number and expiration date

Efficient

If a user has registered as a member of an e-commerce site or has purchased products at the site before, it may be possible to offer default values for billing information, shipping address, and so on

The simplicity of the secure channel method has made it widespread across the Web

Topic Objective

To describe how to secure

the payment processing on

your e-commerce site

Lead-in

When payment information

passes between customer

and vendor, it must be

protected from unauthorized

access

Delivery Tip

While explaining server

certificates, point out to

students the options to be

used in Microsoft

Management Console

(MMC) of Internet

Information Services (IIS)

for initiating the request for a

certificate

Implementing a Secure Channel

To implement payment over a secure channel in a NET application, you must

Management Console (MMC) of Internet Information Services (IIS) You

can start the wizard-based configuration routine by clicking the Server Certificate button on the Directory Security tab

Create the payment pages by using HTML forms or ASP.NET Web forms

to accept credit card details and other user information

The forms used to submit payment information must include some side validation, such as verifying the correct number of digits in a card number

client-
Configure the Web server to provide secure access to the payment pages You can configure the Web server on the Internet Server Manager

Directory Security tab

Ensure that all the links to the payment pages require the use of a secure

channel by using the prefix https://

You can do this by updating all the current links with the prefix http:// to

https://

Add processing on the server side to take the credit card information and use

it to perform the fund transfer

The last step, processing the credit card, is the most complex one The process required to validate a card, including checking for stolen cards, is beyond the standard programming skills of most developers Therefore, there are several options for processing the credit card:

Store the credit card information and obtain authorization later by telephone The customer will be informed of the success or failure of the transaction through e-mail This is very labor intensive and slow

Use a batch system to submit a set of credit card details to a payment processor

Although this requires less effort than using the telephone, it is still not a real-time process

Submit the card information in real time

The customer will receive immediate feedback on the success or failure of the financial transaction

The type of processing you choose will depend on the performance requirements of your system Although real-time processing seems like the best option, it can slow down the overall transaction rate of the system, and a batch mechanism may be better In either case, you will need to use third-party software as part of your business logic This software will submit the card information to the payment processor for authorization As the developer, you will decide which software to use and how to integrate it with the site You will see how Commerce Server 2000 makes the process easier later in this module

Using COM+ in E-Commerce

Encapsulating Business Logic in Components

Transacting the Purchase Using COM+

Making the Purchase Asynchronous

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

After you have determined which information to gather and the rules by which

it will be manipulated, you will then decide how to implement business logic It

is recommended that developers implement business logic in COM+

components to develop applications that are easily scalable and manageable as part of the NET strategy

Encapsulating Business Logic in Components

Advantages of encapsulating business logic in COM+

components

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

A major advantage of using COM+ components is that they can encapsulate business logic You can write COM+ components in languages such as Microsoft Visual Basic®, Microsoft Visual C++®, and Microsoft Visual C#™ COM+ components can be invoked from Active Server Pages (ASP) or ASP.NET pages on IIS The components run on the Web server; because Web users do not access the COM+ components directly, there are no browser compatibility issues The advantages of implementing business logic in COM+ components are:

Atomicity Suitably written COM+ components can take part in a transaction This means that business operations, such as reducing stock levels, can be automatically undone if any other part of the purchase fails

Flexibility Separating business logic from user-interface workflow provides a high degree of flexibility, thereby allowing the developer to quickly reconfigure the system as application requirements change

Integration with Commerce Server

By implementing the appropriate COM interface, the developer can easily incorporate the component as part of a Commerce Server pipeline The interface that needs to be implemented to use components in the Commerce

Server pipeline is called IpipelineComponent

Topic Objective

To introduce the advantages

of COM+

Lead-in

COM+ components can be

written in languages such as

Visual Basic, Visual C++,

and C#

Delivery Tip

While explaining the

advantages of COM+

components, tell the

students that they can write

business logic in COM+

components and include

them in a Commerce Server

pipeline

Transacting the Purchase Using COM+

Transactional components can alter business data by:

table for batch processing at later time

If a COM+ component is a transactional component:

permanent only if the whole transaction succeeds

Transactional scripts can be used in ASP pages to make them function like transactional components

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

If you encapsulate the business logic of an e-commerce site in COM+

components and implement the presentation tier in ASP or ASP.NET pages, part or all of the interaction between the client and the server can be handled as fail-safe transactions This means that if the exchange of products for payments breaks down, any part of the transaction that has already been performed can be rolled back (reverted)

Using Transactional Components for Business Logic

Many components that implement business logic can perform alterations on the underlying business data, such as:

Inserting an order into the warehouse database

Inserting a credit card purchase record into a database table for batch processing at a later time

Reducing stock levels for products purchased

If the transaction between client and server fails after these updates have been made, the updates must be rolled back The simplest way to do this is to make the COM+ component that implements business logic a transactional

component Every update that the component makes to a transaction-aware resource will be made permanent only if the whole transaction succeeds

COM+ provides automatic transaction support for components that are marked

as transactional in the COM+ Catalog Therefore, the component developer is not required to have in-depth knowledge of transaction-processing application programming interfaces (APIs) in order to support transactions

Components have their transaction requirements marked in the COM+ Catalog The following table lists the transaction-requirement values a component can take along with their descriptions

Transaction requirements Description

transaction only if its client provides one

transaction However, if the client is transactional, COM+ will create a transaction before activating the object

regardless of its client’s status

transactions

Components usually indicate the success or failure of their part of the transaction programmatically If an error occurs in the business processing, a component instance can interact with the transactional system to indicate that the current transaction is to be terminated If no errors occur, the component instance can indicate its approval for the transactional system to attempt to commit the current transaction

A component can take part in transactions even if it has not been explicitly written to interact with the transactional system COM+ allows a component to

be configured in such a way that the return value of the method that has been called determines the success or failure of the transaction

Using Transactional Scripts for Workflow

In Microsoft Internet Information Server or Internet Information Services, ASP

or ASP.NET pages can be made to function like transactional components You

can do this by setting the TRANSACTION attribute for the ASP page to the

same values that are used for COM+ components in the COM+ Catalog, as shown in the following code:

End Sub Sub OnTransactionAbort() Response.Write "Update failed"

End Sub

%>

Making the Purchase Asynchronous

How COM+ Queued Components Work

1 COM+ instantiates a queued version of the component

on the local system

2 The local component records the method call made by the client application

3 The local component sends a representation of the method call through MSMQ to the target system

4 COM+ receives the message, instantiates the component, and delivers the method call as if it were the client

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

In an ideal situation, an application would complete all parts of a transaction in real time However, this is not always practical Network requests or database updates may take only a few seconds, but when an e-commerce site needs to scale to tens of thousands of users, such delays can critically obstruct the application’s scalability

COM+ Queued Components

COM+ queued components retain the calling semantics of COM while using Microsoft Message Queue Server (MSMQ) internally to asynchronously deliver the method call to the server It is quite easy to convert an existing COM+

component to use queuing with the QUEUEABLE attribute in the interface

definition After this attribute is included, the COM+ queued component works differently from a COM component, as outlined in the following steps:

1 COM+ instantiates a queued version of the component on the local system

2 The local component records the method call made by the client application

3 The local component sends a representation of the method call through MSMQ to the target system

4 COM+ receives the message at the target system, instantiates the component, and delivers the method call as if it were the client

All of this takes place without the intervention of the programmer

Using queued components has certain advantages over using MSMQ directly:

The programmer does not need to learn about the MSMQ API and how it works

A COM+ component can be replaced with a queued component at a later date without necessarily having to rewrite the script that uses the

the Microsoft Message

Queue Server (MSMQ) API

However, COM+ queued components do have some drawbacks Because the server does not get an opportunity to process the request when the call returns:

The return value of the method call does not reflect the success or failure of the call on the server Therefore, there is no way to inform the caller about the result of the operation

There is no mechanism that can be used for providing output parameters The server does not get a chance to fill out the values of any output parameters defined in the COM interface

In addition to MSMQ, you can use e-mail as a delivery mechanism You can use products such as Microsoft Exchange Server to programmatically generate e-mail messages with the appropriate content The target server can then process these e-mail messages

Using Commerce Server 2000

Handling Orders Using OPP

B2C Pipelines

Executing a Pipeline

Extending a Pipeline

Demonstration: Modifying a Pipeline

Integrating with Passport

Integrating with BizTalk Server 2000

*****************************I LLEGAL FOR N ON -T RAINER U SE *****************************

Commerce Server 2000 provides solutions to many of the issues that have been identified with processing on the business logic layer It provides many

features, including a framework to ease the integration of COM objects in an e-commerce site

This section explores the key features of Commerce Server 2000 that address the transactional and security issues on the business logic layer: Order Processing Pipeline (OPP), B2C pipelines, and integration with Microsoft Passport and Microsoft BizTalk Server™ 2000

Topic Objective

To introduce the solutions

from Commerce Server

2000 that address the

security and transactional

issues in the business logic

layer

Lead-in

Many of the transactional

and security issues

discussed earlier can be

solved by using Commerce

Server 2000