Architecting SL app for both network and internet access

Architecting SL app for both network and internet access

Old forum URL:

TSF posted on Tuesday, January 24, 2012

In the next few months, my company is going to begin a re-write of a large VB6 app and we're likely going to use SL / CSLA 4.x.   One requirement is that our remote sales reps will need to be able to access the application over the internet (not via VPN).  But the majority of our folks our on the network.

Can someone point me in the right direction for learning how to write the CSLA objects/app so that it knows when to look at an internal IIS server (on the network) for its data and when to look at a publically exposed IIS server (out in the field)?  Do the e-books touch this subject?   Does this approach change if we use out-of-borwser vs in-browser?

Just to reiterate, a sales rep might be at home on the VPN and the app needs to know to go to http://internal/myapp for CSLA object interaction.  But then the sales rep goes out on the road, launches his application using a public internet connection, and the app must know to not look for that internal address but rather http://external/myapp.   Thanks.

RockfordLhotka replied on Tuesday, January 24, 2012

The ebooks don't talk about this specifically. They show how to set the URL for the server in code on the client.

Actually figuring out which URL to use - that's way to scenario-specific to be in the book.

I don't know a specific answer, having not tried to solve this problem. But one thing that comes to mind is that you could write a bit of code that tries to do a simple webrequest to the internal URL. That'll presumably fail if you are outside the network, so then you know to use the external URL.

TSF replied on Thursday, January 26, 2012

One other question just came to mind about my scenario.  I'm already successfully using SL/CSLA 4 in our network environment with AD security (following examples in your e-book sample code using a UserInfo ROB class).  However, when we get to the point of having that same app hitting an external web server via the internet, does our ability to integrate the same way with AD change?  How will the app server (inside the firewall) obtain the principal of the user?  If this is covered in the portal configuration e-book, I will re-read that.  Thanks.

RockfordLhotka replied on Thursday, January 26, 2012

I do discuss this in the Using CSLA 4: Data Portal Configuration book.

But there are several variations, and it can be a complex topic.

If your SL app is relying on the underlying browser to have done the AD authentication before the SL app is running, then your users can be inside or outside your network, as long as the internal and external web servers consistently require that AD authentication.

If your public web servers aren't part of your domain, then things get more complex, because you'll have to write some code that runs on the web server to bridge to a server that does have domain membership.

The book doesn't specifically cover that second scenario, because there are just too many variables at play around network topology and security configuration. There is no "one answer" at that point.

Copyright (c) Marimer LLC