"I'm confident that Implementing B2B Commerce with .NET will pay for itself many times over. That, after all, is what great computer books are all about."
--From the Foreword by Jeff Prosise
As companies worldwide flock to get their Web-based B2B capabilities up and running, developers are faced with the reality of designing, developing, and implementing these systems.
Written for applications developers, programmers, and technical managers, Implementing B2B Commerce with .NET provides in-depth, technical information on the technologies and techniques you need to build effective and secure Web-based B2B solutions for the Microsoft .NET platform. Based on the author's extensive professional experience, this book explores the purpose and advantages of B2B Web systems, and provides specific information on the tools that aid in their development.
You will find detailed explanations of relevant .NET technologies and how to use them to build B2B systems. In addition, the book presents experience-based methods and strategies for managing the development process, as well as extensive coverage of the wide range of B2B applications possible--from simple transaction processing to sophisticated, customized supplier and partner communications.
Specific topics covered include:
Plenty of real-world code examples illustrate concepts and provide you with valuable building blocks for your own projects. With these specific technologies and methods for building B2B Web systems, along with an understanding of the kinds of sophisticated B2B applications available, you will be well-equipped to make your organization's B2B plans a reality.
I. CODING FOR B2B APPLICATIONS.1. Web-Based Applications.
Web Sites That Are Files.
Web Sites That Are Programs.
Web Sites That Are Applications.
Don't Make Your Clients Fat.
Don't Use Your Backend for Logic.
The Sweet Spot Is in the Middle.
Building Applications Using the .NET Framework.
The .NET Framework Class Library.
.NET Framework SDK Samples.2. Implementing Security in B2B Applications.
Security, a Primary Role of B2B Web Sites.
A Real-World Example of a Fundamental B2B Design Pattern.
Mechanisms for Controlling Access to Data and Applications.
Options for Implementing Authentication and Authorization.
Implementing SQL-Based Authentication and Authorization.ASP.NET Web Forms and Authentication.
Authentication in ASP.NET Web Applications.
What You Can Do with a Secure Web Site.
Building the Manufacturer a Web Site.4. ASP.NET Web Forms and Database Access.
Using a Relational Database Server for ASP.NET Security.
Placing Database Connection Information in the Web.config File.
Logging In Using Valid User IDs in the Database.
Showing the Right Information to the Right People.5. ASP.NET and Database-Driven Content Access Control.
Security for Publishing Documents.
Building an ASP.NET Page that Contains Hyperlinks to Documents.
Authorization for Documents.
Preventing Security Bypass.
Showing Confidential Hyperlinks.
Building a Search Page.6. XML Web services and BizTalk.
Real World B2B Commerce.
XML Web services.
Building and Using XML Web services in Visual Studio.NET.
XML Web services Security.
Completing the Web service Code.
Creating a Web service Client.
Calling Web Methods Asynchronously.
Building a Web service That Returns Files.
Transactions in XML Web services.
Scope of Transactions in XML Web services.
Length of Transactions.
Getting the Right Transactions.
BizTalk Server.7. Advanced B2B Applications with Webridge.
Introduction to Webridge Extranet.
B2B Infrastructure for Rapid Development Projects.
A Portal for Integrating and Extending Internal Information Systems.
How and Where to Use Webridge Extranet.
B2B Infrastructure and Functionality.
Infrastructure Code That Is Needed for B2B Applications.
The Challenge of Building B2B Infrastructure Code.
The Webridge Extranet Framework.
Best of Suite.
II. PEOPLE, POLITICS, AND B2B PROJECT.38. Security in an Insecure World.
Security, a Primary Role of B2B Web Sites.
Protecting the B2B Site.
Deliberate Attacks from the Inside.
Attacks from the Outside.
Building a Hardened B2B Server.
Secure Communications in Internet Commerce.
Public Key Algorithms.
Secure Sockets Layer (SSL).
Securing Information Inside an Organization.9. B2B Development Traps.
Complexity of B2B Development.
Understanding the Technology.
Lack of B2B Development Experience.
Bad B2B Implementations.
B2B Site Owners.
Mutually Exclusive Features.
More Than a Web Site.
Features That Don't Add Value.
Not Enough Attention to the Project.
Project Management Problems.10. The B2B Development Team.
Forming the Team.
Knowledge Is Power.
Lead from the Front.
The Polluted Environment.
The Right Mix.
One Project at a Time.
What We Have Here Is a Failure to Communicate.
The Geographically Dispersed Team.
The Cohesive Team.
The Few, the Proud, the Team.
Producing the Software.
B2B Disciplines and Skill Sets.B2B Projects.
Preach to the Choir.
Understanding the Problems.
Agreeing on the Problem Definition.
Identifying the Stakeholders.
Defining the Solution Boundary.
Identifying the Constraints.
Completing the Vision Document.
“Up and Running”.
Software Requirement Specification, or SRS.
SRS Package Ownership.
SRS Package Organization.
SRS Package Content.
Analysis and Design.
Project Plan and Schedule.
Assignment of Tasks.
Testing and Deployment.
Acceptance and Sign-Off.
III. VISION DOCUMENTS FOR TYPICAL B2B APPLICATIONS.12. Extranets and B2B Web Sites.
Introduction to Extranets and B2B Web Sites.
The Purpose of B2B Applications.
Overview of B2B Web Sites.
A Broad Description of B2B Web Sites.
A Precise Description of B2B Web Sites.
B2B Web Site as a Platform for B2B Applications.
Users of B2B Web Sites.
Features of B2B Web Sites.13. Selling-Chain Management.
Introduction to Selling-Chain Management.
The Purpose of Selling-Chain Management Applications.
Overview of Selling-Chain Management.
Purpose of Selling-Chain Management.
Business Forces Driving the Need for Selling-Chain Management.
Technology Forces Driving the Need for Selling-Chain Management.
Users of Selling-Chain Applications.
Features of Selling-Chain Applications.14. Supply-Chain Management.
Introduction to Supply-Chain Management.
Overview of Supply-Chain Management.
The Need for Supply-Chain Management.
The Purpose of Supply-Chain Management Applications.
Current Supply-Chain Management Practices.
New Practices in Supply-Chain Management.
Users of Supply-Chain Applications.
CPFR Process Synchronizes Planning.
Features of Supply-Chain Applications.Bibliography.
There are several business-to-business (B2B) Internet commerce books on the market. Many of these books are intended for business executives, and they explain why Internet commerce is valuable. In contrast, this book is intended for developers and technical managers, and it explains B2B Internet commerce in terms of what to build and how to build it.
This book covers issues that are important in extranet/B2B development, including issues of development, management, and what to build. Therefore this book is organized into three parts: Part 1 covers development issues, Part 2 management issues, and Part 3 what-to-build issues.
Part 1 is for developers, Part 2 is for managers, and Part 3 is applicable to both groups. Developers should concentrate on Parts 1 and 3 but may want to look over Part 2.
Managers can skim over Part 1 but should concentrate on Parts 2 and 3. They should read Part 3 first to gain a context on what needs to be built and then readPart 2 for information on the people and project issues involved in building software systems such as these.
This is a "do-it-yourself" book for people who need to build B2B applications. Developers cannot compile and run the source code examples in this book without an understanding of and a willingness to use basic debugging techniques. While the code in the book is correct, the reader must know how to deal with differences in machine configurations and software versions and how to track down solutions to their own mistakes to make the code work for them.
This book does not provide a complete, finished B2B application. The source code examples illustrate elementary coding techniques for implementing typical B2B design patterns. This book tells you what the hard parts are and offers guidance for writing the code, which readers must complete on their own.
B2B development requires the melding of technology from several different branches of computer science. Therefore, to understand the code samples in Part 1, the reader must have a working knowledge of the following B2B-enabling technologies:
The source code examples in this book will be useful to programmers who read the book after they have obtained a solid understanding of these B2B-enabling technologies on the Microsoft platform. If you are a developer and would like to assess your own knowledge, refer to the last several pages of Chapter 10 for a list of B2B technical skills. If many of the terms in the list are unfamiliar to you, you may have difficulty with the source code examples in Part 1.
Note: If you are a developer who is unfamiliar with object-oriented (OO) languages such as C++, Java, or C#, you may have trouble understanding the source code examples in this book. This book assumes that developers who work through the code samples are already proficient with such OO concepts as static methods,virtual methods, abstract base classes, and so forth. You will want to familiarize yourself with true OO concepts before tackling the source code examples.
The chapters in Part 1 deal with the technical portion of how to write B2B applications. Part 1 contains B2B coding examples that are implemented using the Microsoft .NET Framework. This part is particularly relevant for developers.
As of this writing, .NET is very new, so I assume that many readers may not yet be proficient in it. Therefore I progressively disclose .NET development topics so readers have the opportunity to become proficient in the .NET Framework as they proceed through Part 1. Readers should also plan to use additional sources to develop a thorough proficiency in the .NET Framework.
In a progressive sequence I explain the particular segments of the .NET Framework that are relevant to B2B programming. Readers who are new to the .NET Framework may find it helpful to use this book as a syllabus or sequence of topicsto learn about it.
If you are a developer and would like to work through the code examples inthis book yourself, you will need the following Microsoft software:
With Visual Studio .NET, you must install the following items:
To be successful in B2B development, you must handle appropriately the strategic issues that go beyond tools and technologies. Part 2 explains the people portion of the how to write B2B applications. This part is particularly relevant for managers.
To build B2B applications successfully, you must form a team of the rightpeople with the right skills. Chapter 10 discusses the development team and thenecessary skills.
Once you have the tools and the team, you will need a methodology for your projects, an organized process for designing your B2B applications, and a repeatable and reliable project methodology for building them. There are several possible procedures, but many are not appropriate for a B2B project. Chapter 11 presents one methodology with which the author has seen repeated B2B successes. In addition to the tools, the people, and the methodology, you need to know what to build.
When it comes to B2B Internet commerce, you can find lots of advice on why you should do it, but (outside of this book) you will find very little advice on what you should build. Part 3 is relevant to both developers and managers. Managers should perhaps read the chapters in Part 3 first and then go back and read Part 2. Finally, they can skim Part 1 to get a context on what B2B developers are up against.
The general concepts of B2B applications are apparent. However, the devil is truly in the details of B2B implementations. Fundamental questions such as "What should the application do?" can be difficult to answer because of the general lack of information and advice.
This book helps you with the question of what B2B applications should do by providing the Vision documents for typical B2B applications. These chapters should provide a good point of departure for you as you begin to spec out your own applications.
This book is not a tutorial on OO, RDMBS, or Web technology. Knowledge of diverse technologies is a prerequisite for building B2B Web sites and applications. These technologies include object-oriented programming, database servers, Web technologies, and network security. These topics are so broad, however, that tutorials for each require a book of their own and thus are not included in this book.
This book does not provide B2C commerce information. Internet transactions between businesses are generally not conducted with credit cards. This book does not explain how to build a Web site that performs credit card processing because it is not highly relevant to B2B commerce. This book does not deal with other business-to-consumer (B2C) commerce development issues either.
This book does not tell you how to build B2B marketplaces. B2B marketplaces are intended chiefly to automate transactions. As the Introduction explains, B2B commerce involves far more than the automation of transactions. Instead of talking about marketplaces, this book focuses on extranet-based B2B commerce. In extranet-based B2B commerce, every company has its own extranet and uses that extranet to host B2B applications, which enables each company to move its business to the Web.
This book does not provide a complete sample B2B application. The soup-to-nuts source code for a complete B2B application would be lengthy, and it would also contain a lot of repeated concepts. Therefore, to convey valuable information in a concise way, the book includes only the fundamental parts of the source code for B2B implementations.
Finally, this is not a paint-by-numbers book. It does not provide everything you need to implement B2B commerce. This book covers only the little-known aspects of B2B commerce development, topics not covered in detail elsewhere.
The source code for this book is available for download on the author's Web site at www.howtob2b.com.
Abort command (BizTalk), 109
ACatalog application (Web service client), 101-103
Web methods, calling asynchronously, 103-105
anonymous users, 49
need for, 23
selling-chain management sites, 40
Access Control Lists (ACLs), authorization, 28
accounts (user), authentication and authorization in NOS, 26-27
ACID (Atomicity, Consistency, Isolation, Durability), transactions and, 107
ACLs (Access Control Lists), authorization, 28
acquisitions, selling-chain management and, 248
Action command (BizTalk), 109
Active Directory, security limitations, 27-28
Active Server Pages. See ASP
Add Web Reference dialog (Solution Explorer), 102
URIs (Uniform Resource Identifiers), 13
URLs (uniform resource locators), 4
administrators, B2B Web sites, 231, 235
supply-chain applications, 278
AFR (Aggregate Forecasting and Replenishment), 266-267
algorithms, encryption, 145-147
alpha version, timeline for, 215-216
analysis and design phase, 210-211
Anchor property (DataGrid control), 102
access, denying, 49
B2B Web sites, 231-232
selling-chain management and, 253
applications. See also programs
automated clients, 106
B2B, purpose of, 223-224
BizTalk Orchestration Designer, 110
client/server code implementation, 8-10
console, creating, 12-16
cross-company, security, 29
e-Business principles and, 164-165
selling-chain, 242, 254-258
supply-chain management, 263-264
Web sites as, 7-10
applications (B2B). See also Web sites (B2B)
ACataolg (Web services), 101-103
authentication and authorization, 28-29
B2B Web sites and, 229-230
basic characteristics, 3
basic security issues, 19
code implementation considerations, 8-10
complexity of, 153-154
design considerations, 20-25
development teams, member characteristics, 168-177
difficulty of creating, danger of underestimating, 156-157
tasks of, 7-8
technology requirements, 154-155
valueless features, 162-163
Web server requirements, 9
artists, on development teams, 183
asmx files, 95
ASP (Active Server Pages)
compared to ASP.NET, 45
dynamic Web pages and, 7
.asp file extension, 7
code-behind pages, 43-45
compared to ASP, 45
configuration file, 47
design time considerations, 45
document hyperlinks, 79-81
Home pages, creating, 41-45
pages, creating, 49
security, relational databases and, 55
trace facility, 80-81
user list, storing, 55
using directives, 44
aspx pages, document authorization, 81-84
asymmetric key algorithm, encryption, 145-146
attacks on Web sites, 143
asmx files, 96
authentication (security), 26
authenticated users, B2B Web sites, 231-233
selling-chain management and, 253
supply-chain applications, 277-278
AuthenticateRequest event, Manufacturer A Web site, 62-65
adding to Manufacturer A Web site, 45-50
Internet commerce and, 144
numeric keys, 100
Web services and, 99-100
authentication tag, changing mode attribute, 48
authority, characteristics of, 168-169
ACLs (Access Control Lists), 28
C#, programming for resource requests, 66-76
databases, requests for resources,66
document IDs, returning, 34
documents, adding functionality for, 81-85
AuthorizeRequest event, 64
automated applications, 106
back- and front-office applications
e-Business principles and, 164-165
backend, application logic implementation considerations, 8
backend applications, integrating, Webridge and, 117-118
backup, uploaded file storage considerations, 91
B2B applications. See applications (B2B)
B2B servers, hardening, 143-144
B2B Web sites. See Web sites (B2B)
Begin command (BizTalk), 109
BeginGetProductList method (Form1 class), 105
beta test, timeline for, 216
Dehydration and Rehydration, 112
Messaging Service, 113
Orchestration Designer, 110
Scheduler Engine, 112
Webridge and, 118
XLANG schedules, running, 112
blank pages (Visual Studio .NET), renaming, 41
Bodacious Boogey Boards, 226
breakpoints, setting in C#, 50
static Web sites and, 4
Web page rendering, design issues, 162
browsing, preventing direct document access, 86
bullwhip effect, 261
business object specialists (development teams), 181
business objects, 9, 226-227
.NET Framework Class Libraries, 11
business plans, CPFR and join, 272-273
C# programming language
authorizing resource requests, 66-76
breakpoints, setting, 50
comments in, 58
compiler error messages, 15
console applications, creating, 12-16
document authorization aspx pages, 81-84
introduction to, 12-13
memory, releasing, 14
caching document authorizations, 84-85
case-sensitivity, C#, 13
categorizing information, internal security, 149-150
certification authorities, security, 147-148
champion role (development teams), 177-178
channels, proliferation, 248
Class attribute (asmx files), 96
class libraries. See .NET Framework Class Library
Page, 45, 62
client/server applications, code implementation and B2B applications, 8-10
ACatalog (Web services), 101-103
automated applications, 106
code implementation considerations, 8