Recommended (Microsoft-based) framework for SaS? - asp.net-mvc

I'm investigating technologies to build a commercial SaS site for a shop that predominantly uses Microsoft technologies.
The idea is that the site will have pluggable modules, with features that are either free or paid. Customers will be able to chop & change between features, & have their billing adjusted automagically as they do so.
If I were rolling this myself, I'd use:
.NET 4 / VS2010 / C# / ReSharper / NUnit / Moq
NDependencyInjection
SQL Server
LINQ to SQL
ASP.NET MVC 3
Authorize.net (or possibly billing hand-off to SAP)
Selenium
... and hand-roll an IOC-based plugin architecture (e.g., there is some good discussion on ASP.NET MVC plugins here and here).
But at this point I'm wondering - has this been done before? I'm imagining some sort of vaguely CMS-like architecture with built-in plug-in, commerce & subscription stuff. All of that, rolled up into an 'off the shelf' solution, either FOSS or commercial.
Can anyone recommend such a solution, or is it simply a 'roll your own' job? I think DotNetNuke might be worth looking at, but would appreciate feedback from people who've used it in production for this sort of task.
Edited to add: DotNetNuke appears set on continuing with WebForms, which is a big turn-off for me at least. As one of the commenters on that post said, it's an evolutionary dead-end.
Edited again: Silverlight is definitely out for this project. We need to support a wide range of devices, including non-Microsoft mobile devices like Android and iOS tablets & phones. We do need a reasonably rich UI but we'll be doing that in Javascript.

For a project which needed plugable modules, I've used MEF (which comes built in to .net 4.0).
By using this great code for compiling views into a dll it was easy to use MEF to load additional views and controllers making extensability easy.
The only other thing i'd do differently to your suggestments is to use Linq to Entites rather than Linq to Sql. The latest code-first version makes it very quick to get things up and running
Martin

I've done a similar solution for a VOIP PBX solution. I've made everything myself using nhibernate, autofac and a couple of own libraries. It's not really different from doing a normal application.
The most important aspect you need to understand is that ALL modules are loaded at ALL time. Theres no way around that if you need a solution that works well (you could jungle with one app domain per customer but that's not very inefficient).
You should instead control authorization using the standard .NET CAS (Code Access Security) solution. You do this by creating your own IPrincipal and IIdentity. The principal should correspond the tenant (organization) while IPrincipal corresponds to the user.
I use a ITenantEntity interface (contains the tenant db id) on all of my classes/entities which should belong to a tenant. It's used to validate that the currently logged on user really have access to the entity requested.
The hardest thing is if your application is multithreading (for instance if you got a background thread or timer doing some maintenance). The reasons is that it's quite easy to forget to switch to the correct IPrincipal which makes all your CAS checks fuck up. The easiest way to go around that is to create a custom Timer and Thread classes which forces you to specify a IPrincipal (or at least makes it easy to switch).
Another common approach is to use the tenantId argument on all service / repository methods. But that isn't a very robust solution imho.

Why would anyone roll these in an 'off the shelf' solution?
These parts of the architecture are quite independent and you can substitute for whatever suits your needs.

Related

Should I move my solution to Orchard CMS or add everything manually?

At the moment I am building a big project using:
ASP.Net MVC 4
jQuery (With some extra libraries)
Castle ActiveRecord (based on NHibernate)
Implemented users and roles using .Net Membership Provider
I built almost all the website, but some very relevant parts are missing still and I noticed that this CMS supports
ASP.Net MVC and NHibernate, and have almost all the features that I need already implemented.
The features that I still need to implement are:
Internal Search Engine
Comments
Version of content
Chat betwwen users
Users Profiles Page (Something like a very basic social network)
Forum
SEO
I don't know if is harder to use the CMS or if is better to add the features one by one manually.
I am worried about the time I spend learning and adapting to Orchard is the same time I would spent adding this
features manually.
Basically, the question is:
Should I move my solution to Orchard CMS or add everything manually ?
You can't just move your solution to Orchard, you could but i won't recommend it. Orchard is still MVC 3 at the base and that way most should work if you just move your solution including the database etc. But if you ask me, spending time to add the features manually is the way u should go.
In the Orchard Galery you can find existing many modules
Internal Search Engine
Lucene (Fully functional - Writen by the Orchard Team)
Comments
Already exists in the Orchard Core Module
Version of content
Already exists in the Orchard Framework functionalty
Users Profiles Page
Profile (Fully functional? Or at least good enough as example)
SEO
Several modules
Only 2 features u will have to write yourself
Chat between users
I can't find any example code for this, but I know Piotr Szmyd has tested SignalR inside a Orchard Module which, I think, will be usefull for a Chat module. Demo is here.
Forum
Nicholas Mayne made a start of a forum module which can be used as example or starting point, maybe you can help him extent it? Currently it's sort of a pre-alpha version :(
+1 to rfcdejon's answer. I ported my current project to Orchard after at 50-60% complete. I wish I had done it sooner due to the learning curve and time to integrate all the stuff I had already written, but overall it was the right choice.
If you have significant data already set up you should account for the extra time it will take to port that into Orchard. But if you are making an app from scratch with very little existing data that would make the switch to Orchard easier. Orchard is a great choice for anyone looking for a .NET CMS that supports MVC.
Some things to keep in mind:
Features you've already built will have to be converted into Orchard content types/parts in order to take advantage of things that come out of the box with Orchard, like search, comments, versioning, etc.
Orchard has its own users/roles system, so you might have to do some work to find a module for what you're already using, or override Orchard's user/membership system yourself.
Your entire app will have to become an Orchard app, and your existing MVC stuff will have to convert into an Orchard module. Existing data access code will have to be wrapped inside a using (new TransactionScope(TransactionScopeOption.Suppress)) {...}
Forums project has started but isn't done, so you will either be banking that it will finish in time for you to use it, or that you will be able to help get it working.

Most appropriate web framework for multi-tenant / multi-template SAAS application

I'm building a new SAAS application and was looking for some advice on the most appropriate framework to use. I realize that no single framework will likely be able to do all this, but I thought I'd ask the community and try to find one that solves the hardest problems.
Requirements
Single code source. (each customer will have either a subdomain, or a distinct domain, but everyone should be running off the same code base and same servers)
Should be able to update the programming source once and have all the tenants pick it up
Session information should either be kept in a cached store, or just in cookies (no shared state)
Multi-tenant database functionality built in. (Based on the domain used to reach the application, the framework should automatically use the database connection information assigned to that domain)
Each customer/domain may have their own template for the web pages. Templates need to be assignable on a per-customer basis and kept outside the application code
Security and rapid prototyping is more important than speed
There will be a lot of CRUD type screens, so simple built in functionality for this is desired
I have pretty lengthy Java and PHP experience, but would only consider PHP as a last resort for this. My Scala, Python and Ruby experience is a bit rustier, but I would not mind coming up to speed if they offer a significant advantage. I've looked at the Play! Framework and like it (fulfills #1, #2,#6 very well), but the multi-tenant aspects are not very strong. I've done several projects using Grails and it handles everything except #3 and #5, and can be hacked to do the rest.
I would say that the third point is rather independent of grails/play/whatever in general. If you need a shared cache there is a multitude of providers for this and there are plugins for most of them in Grails.
The multi-tenancy in grails is pretty mature and much less intrusive than the solution from the blogpost in Sebastiens answer. Whether or not you use single tenancy (multiple databases) or multi tenancy is more or less transparent to your code and most of the headaches are abstracted away. Do be aware that you need to do some smart indexing (like including the tenant id in a multi column index etc) to not get very sad speeds when your data starts to grow.
As for externalized views, you can either slap them in the database or symlink them into your webapp and just keep them in separate numbered folders. Then from the tenant plugin, you can use TenantUtils.getCurrentTenant() and simply render from the appropiate folder "/" + (tenantID ?: "default") + "/whatever/view/path". This way, layouts etc can be shared across tenants if you so please and you simply put tenant specific stuff in the tenant specific folders.
You can probably do this in play too, or , but I don't see anything hindering you from doing this just fine in Grails.
My $0.02 on this question.
Actually Play! fits well to what you'r looking for.
Read this post:
http://www.lunatech-research.com/archives/2011/03/04/play-framework-writing-multitenancy-application-hibernate-filters
It works great. You can even make this filter work so that you can expose the crud module to customers and they'll only get their own data...
For very large applications, sharding seems not supported yet (no hibernate shards handled yet i think).
There's a multidb plugin to work with multiple db, but it seems not working very well yet...
I've heard that Grails' Multi-Tenant plugin offers some good tooling for several different methods of multi-tenancy.
"Each customer/domain may have their own template for the web pages.
Templates need to be assignable on a per-customer basis and kept
outside the application code"
I assume you mean they each have their own layout/skin. There are several techniques to execute this:
You could manually assign layouts based on tenant. <meta name="layout" content="${tenantName}/main" />
Write your own tenancy aware LayoutDecoratorMapper and override the default GrailsLayoutDecoratorMapper in sitemesh.xml
Figure out how to override and enhance Some internal tools dynamically resolve views(per tenant) or resources (GrailsViewResolver, GrailsConventionGroovyPageLocator, GrailsResourceLoader, etc.)
In PHP you can use Innomatic Platform for building multi-tenant (isolated databases) applications:
http://www.innomatic.org

Am I wrong in wanting to roll my own Authenticate / Authorize system given the following requirements?

In my pet project I want to have a user system with the following requirements:
It needs to work with Db4o as a persistance model
I want to use DI (by means of Turbine) to deliver the needed dependencies to my user model
It needs to be easy to plug in to asp.net-mvc
It needs to be testable without much hassle
It needs to support anonymous users much like SO does
I want Authentication and Authorization separated (the first can live without the second)
It needs to be safe
I'm aware I'm putting a few technologies before functionalities here, but as it is a pet project and I want to learn some new stuff I think it is reasonable to include them as requirements.
Halfway in rolling my own I realized I am probably suffering some NIH syndrome.
As I don't really like how needlessly complex the existing user framework in asp.net is, it is actually mostly only all the more complicated stuff regarding security that's now giving me some doubts.
Would it be defendable to go on and roll my own? If not how would you go about fulfilling all the above requirements with the existing IPrinciple based framework?
It sounds to me like what you want to do is roll your own Custom .NET Membership Provider.
It will allow you to use the built-in ASP.NET Authentication/Authorization attributes on your Controller Actions while giving you complete control over the implementation inside the provider (which will allow you to code it to meet the requirements stated above).
Direct from MSDN...
Implementing a Membership Provider
I think you recognize where the thin parts in your consideration are: namely in that you've included how to do what you're doing as motive in why you're doing it and the NIH (funny: I'd never seen that before) issue.
Putting those aside, your provider is something that you could potentially reuse and it may simplify some of your future efforts. It should also serve to familiarize you further with the issue. As long as you understand the ASP.NET framework so you can work with it too if you need to (and aren't specialized such that you don't know what you're doing if you're not using your tool) then I believe you've already crafted your defense.
As DOK mentioned, be cautious that you're not rolling your own here to avoid a larger task at hand in whatever your other functionality is. Don't let this be a distraction: it should be something your application really needs. If it's not, then I'd lean towards focusing on your software's core mission instead.
If you go ahead and create your own custom solution, you will have a better idea of how difficult it is and what features you want. This will help you to evaluate off-the-shelf solutions for future projects.
OTOH, spending time developing functionality that is already readily available means you won't be spending that time working on the major functionality of your project. Unless authentication and authorization are a major component of your project, you might consider investing your time, and expanding your knowledge, in another area.
I too am working on a pet Project using ASP.net MVC and db4o and did the same thing, so you're at least not alone in going down that route :). One of the biggest reasons for me to start playing around with db4o as persistence layer is that especially authorization on field level (i.e I'm allowed to see Person A's first name but not Person B's first name) is though to achieve if you're forced into complex SQL statements and an anemic domain model.
Since I had complex authorization needs that needed to be persisted (and synchronized) in both db4o and Solr indexes I started working on rolling out my own, but only because I knew up front it was one of the key features of my pet project that I wanted 100% control over.
Now I might still use the .Net Membership provider for authentication but not (solely) for authorization of objects but only after i POC'd my authorization needs using my own.

How to design a plugin architecture for ASP.NET with MVC Web application

Introduction:
Now I know this question could be very broad and it would be too hard to answer without me asking something specific. So All I ask is just some direction, or a brief high level explanation of a design, or maybe there is already some framework out there that could help me get started...I'm not sure.. I have never designed a plugin architecture before, so maybe there is some resource/example you could point me to on the web that would help me learn so that I may come up with my own solution.
Details of my question:
My intention is I would like to create a plug-in architecture for a new pet-project that I am building in ASP.NET MVC.
I would like to design it so that it has some sort of plug-in ability for all, or at least most, of the application's components.
The reason I would like to do this, is so that I may be able to do deployments with nearly zero down time. The idea is that when I want to deploy the latest version I would drop in the new DLLs into a specific folder, and the application would load up the new plug ins and that is it.
For exapmle, lets say I add a new "contacts" feature to my web application where users can search, add and delete contacts. I would like to be able to deploy that by way of plugins.
Is something like this even possible for Web Applications? Or am I just dreaming?
It's definitely possible.
You will need to define a pretty comprehensive interface that represents everything your plugins will have to do. You should approach it by differentiating what is "core" to your application, and where the extensibility points are. For example, where will the plugins be accessed? Will they be tabs on a page, or links in a sidebar? What properties does each plugin need to have in order to fit into the plugin container?
Generally, plugins are enumerated via reflection by looking for assemblies that implement the plugin interface.
Just for encouragement, we've done this with an enterprise product that provides a generic framework for "management" interfaces for web sites. Developers just need to drop in a plugin dll that builds specific property pages, and they show up in the management interface menu, all the navigation is taken care of, and their dll's just have to worry about their own domain logic.
There is always the dll-way where you define some interfaces that plugins follow.
But for web application, especially ASP.NET MVC, you need a controller, views and so. Probably these can be included in a dll file using prepared controller factory to handle that, but it would be hard to develop these plugins.
Some inspiration for code (or db) embedded content: Haacked about that
ASP.NET MVC version 2 will support areas, where you can put some parts of the application into different folders within the app. This way you can just upload some files and the app will recognize these new files. Read more there Haacked blog
PS: I found another person here on S.O. asking the same question as me:
Plug-in architecture for ASP.NET MVC It might be useful for someone researching the same topic.

Is ASP.NET webforms swept under the rug to make room for mvc?

I've read all the marketing speak about how mvc and webforms are complementary etc...
However it seems that all the blogs talk about is mvc and the only news coming out is about mvc.
Is Microsoft going to continue to IMPROVE webforms as a first class citizen or will it just be a supported technology as they move all their real efforts, developers and resources to mvc over time?
Is there any real evidence of any new exciting improvements coming to webforms in the near future?
You could do worse than take a look at Phil Haak's post from November:
The Future of WebForms and ASP.NET MVC
He points out 5 key things anounced under ASP.NET at PDC last year:
Core Infrastructure including scale and performance
Web Forms including issues with Client IDs, ViewState, CSS use, etc
AJAX
Data and Dynamic Data
MVC
Coupled with that, there are things that have been built as part of ASP.NET MVC that have already been released for webforms like the Routing module which is going to be great help in some of my projects, even without using MVC.
On top of those, there are also a number of changes coming in VS2010 that should help web developers using either WebForms or MVC, which would be good.
Bloggers tend to talk about what is shiny and "new", that's the way things go - you're bound to see a lot of words written about it because of that, although MVC is hardly a new design pattern - it goes back at least 30 years.
The same could be said of WPF/Silverlight - are they WinForms/WebForms killers? No. They are alternative offerings, with some benefits over the earlier way of doing things, but also with some differences/drawbacks.
I was at a conference (Remix 08) and Scott Gu said they will definatly be continuing to support both methods and that MVC was not appropriate for every application. Scott said there were a number of coming improvements for web forms model (although didnt say what they were).
The web forms model will not disapear because:
Web forms model is better for some types of applications, e.g. small apps, those requiring long processes that make use of view state useful
Many applications are using it
Many third party components developed for it
ASP.net implementation is not mature yet (although does seem pretty good so far)
Microsoft will probably announce a number of new features in PDC in a few weeks time.
Microsoft is finally coming to terms to one basic fact of development. You can't provide the ultimate solution to any problem. This is why MVC is being developed, and Scott Guthrie is clearly stating that MVC is meant for larger, more enterprise-y sites. Web forms will continue to exist and be developed as a simple, RAD-based approach to web development.
If you take a step back and review all recent improvements and additions to the Microsoft stack, you can quite easily categorize them between these two classes. For example:
Data access: LINQ-to-SQL vs EntityFramework
Remoting: WCF vs WebServices
LiveID: LiveID (web) authentication vs RPS authentication
...
I only hope that Microsoft will make this distinction clearer with time, because there seems to be a lot of confusion among developers as to what tool should be chosen for which task.
In conclusion, I think that Microsoft will keep on developing both because they cater to different developer profiles. Microsoft has obviously a lot of interest in growing its developer base as much as possible and to make the .NET stack as useful as possible.
I am going to go out on a limb here and disagree with the general idea that MVC is the "enterprise" framework here or is somehow the better of the two.
MVC is great! But just look at the name. It stands for "Model, View, Controller"... see the "view" in there?
Now look at the competition, "Web Forms"... see the "forms" in that one?
MVC does a great job in "view" type situations. For sites that publish content ("views" of information) MVC probably has an edge, especially for larger systems that need a lot of testing and very a formal design to support intelligent view switching.
For applications that interact heavily with the user via forms (data collection and data entry heavy apps) web forms has an edge due to the inherent use of form posts as a primary mechanism.
While you can do views with web forms and you can do forms with MVC, each has trade-offs. In the current state of MVC, I find that writing heavy data entry "views" is much more difficult and painful than with web forms... and I don't mean a little bit.
In the future I do expect to see MVC get better with dealing with data entry scenarios, but these scenarios will likely come at a pretty high price compared to doing those with web forms.
Neither is more "enterprise" level than the other as far as I can tell... what I'm most interested in going forward are hybrid applications that use MVC for the display and publishing end of the business while web forms are used more naturally for heavy data entry end... all in the same web project... I sure hope we see something like that.
Before word of the MVC framework started spreading, we spent a good deal of time at my company developing our own .NET MVC framework.
This was because we didn't want to be constrained by the limitations of the WebForms abstraction - we wanted to avoid the 'clunky' feel and user interface compromises that WebForms seems to impose on all by the most heavily customised applications. Also, we wanted friendly URIs and we wanted a better separation of front-end and back-end development than that offered by WebForms (we settled on an XML / XSLT architecture).
In my opinion, WebForms in fact offer a much poorer method of interacting with the user specifically due to the use of ViewState, PostBacks, etc etc that abstract the actual mechanics of HTTP from the developer - this gives them less latitude in how they allow users to interact with the system. The classic example is that because WebForms pages are almost always the result of a POST, if the user attempts to refresh the page, the user gets a nasty warning message from the browser. The pattern in the traditional web development world for dealing with this has always been to include a 302 Redirect directive in the HTTP Response, thus sticking to the original HTTP paradigm of GETs being for retrieving data, and POSTs being for sending data. Other, similar problems exist such as the inability to have two forms on a page (for example a login form to a website on a different server).
That said, for RAD, WebForms are brilliant. I'm currently developing the admin application for a webapp we've developed using our custom MVC framework, and I'm flying through since all I need is to display the contents of a load of database tables, and in some cases allow the user to edit them, in various different ways.
I think that if we need to convince ourselves that MS are going to continue to support WebForms - just think of all the ex-Windows developers. These are the people that WebForms was originally developed for, and they're not going away. Corporate developers will be your saviour if you're a WebForms fan.

Resources