Contents
Overview 1
Introduction to the Facade Layer 2
Technologies 6
Demonstration: Declarative Security 13
Logical Design of the Facade Layer 23
Physical Design of the Facade Layer 26
Market Purchasing 34
Best Practices 37
Lab 5: The Facade Layer 38
Review 42

Module 5: The Facade
Layer

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual

Operations Coordinator: John Williams
Manufacturing Support: Laura King; Kathy Hershey
Lead Product Manager, Release Management: Bo Galford
Group Manager, Courseware Infrastructure: David Bramble
General Manager: Robert Stewart

Module 5: The Facade Layer iii Instructor Notes
This module provides students with an introduction to the facade layer. The
facade layer provides a unified interface to a set of interfaces in the business
logic layer and the data access layer (DAL). This module presents the two types
of facade layers: the Web services facade layer and the business facade layer.
After completing this module, students will be able to:
!
Describe the differences between the two types of facade layers: the Web
services facade layer and the business facade layer.
!
Describe the role of the facade layers and how to apply design patterns.
!
Describe the techniques for securing a facade layer.
!
Describe the design of robust COM+ components.
!
Create the logical and physical designs for facade layers.
!
Describe the logical and physical designs for the Market Purchasing facade
layer.



Module Strategy
Use the following strategy to present this module:
!
Introduction to the Facade Layer
The purpose of this section is to introduce students to the facade layer. The
facade layer provides a unified interface to a set of interfaces in the business
logic layer and the DAL. This module presents the two types of facade
layers: the Web services facade layer and the business facade layer.
In the topic “The Business Problem,” emphasize that the key functions of a
facade layer are to act as a logical buffer between user services and the
underlying application architecture (business logic and DAL), to act as a
security buffer for the underlying application components, and to maintain
the robustness of the application.
Students might have questions about how the Web services facade relates to
Web services. It is important not to confuse the Web services facade with
Web services. The Web services facade simplifies an interface for accessing
business logic in the system. It does not, by itself, expose functionality and
features over the Internet (which is what Web services does). For more
information about Web services and .NET, go to

!
Technologies
The purpose of this section is to introduce students to two issues that are
important for the facade: security and robustness.
This is primarily a review of security. For further information about COM+
security, refer to Module 8, “Making Applications Secure,” in Course
1907A: Building Distributed Applications for Microsoft Windows 2000 with
Visual Basic.
Robustness is discussed in detail. The topics in this section describe

considerations that apply to a Web services facade layer and to a business
facade layer.
Securing a distributed application is a primary function of the facade layer.
It involves protecting the software and application content from
unauthorized use yet making it available to authorized users.
The most problematic part of writing components is incorporating
robustness to handle possible errors. Trying to determine what can go wrong
and how to address these errors can be challenging under the best
conditions. The facade layer is where error handling becomes an issue. An
error that originates in the database bubbles up through the DAL and
business logic layer to the facade layer. The facade layer is responsible for
converting errors into a readable format that the user services can handle.
!
Market Purchasing
The purpose of this section is to discuss the logical and physical designs of
Market Purchasing and to explain the justification for the choices made. The
logical design of facade classes is based on the user services. The physical
design implements security and robustness.
You can present the implementation of the Market Purchasing facade layer
by running Component Services and presenting the Market Purchasing Web
Facade COM+ application and the Market Purchasing Business Facade
COM+ application.
To show how the facade separates user services from business logic, you
can present the source code for the CreateRequisition method in
mpfcdweb.Requisition. When user services creates a requisition, it does not
actually have all of the information from the user yet. It first creates a
default requisition and displays default values. Then the user can change
those values and save or submit the requisition. The CreateRequisition
method coordinates this by retrieving the default values by using the
nontransactional DAL and returning the values through out parameters.

!
Introduction to the Facade Layer
!
Technologies
!
Logical Design of the Facade Layer
!
Physical Design of the Facade Layer
!
Market Purchasing
!
Best PracticesThis module will introduce the facade layer. The facade layer provides a unified
interface to a set of interfaces in the business logic layer and the data access
layer (DAL). This module presents the two types of facade layers: the Web
services facade layer and the business facade layer.
After completing this module, you will be able to:
!
Describe the differences between the two types of facade layers: the Web
services facade layer and the business facade layer.
!
Describe the role of the facade layers and how to apply design patterns
when designing facade layers.
!
Describe the techniques for securing a facade layer.
!
Describe the design of robust COM+ components.
!

A facade layer provides a unified interface to a set of interfaces in the business
logic layer. In this section, the two types of facade layers are presented: the
Web services facade layer and the business facade layer. The distinction is
made primarily because of the two different kinds of functionality that can be
exposed.
In this section, the facade layer will be placed in the proper context of the
business problem. After this discussion, you will learn about the business
services interface, and specifically about the differences between a Web
services facade and a business facade. Finally, you will learn about the logical
and physical designs of a facade layer. The focus of this final topic will be on
both design patterns and technology.
Topic Objective
To provide an overview of
the section topics and
objectives.
Lead-in
In this section, you will learn
about the business problem
facing designers who need
to implement user services
and about the business
requirements for a facade.
Module 5: The Facade Layer 3 The Business Problem
DAL
Disconnected Business
Logic Layer
Connected Business

to implement facade layers.
4 Module 5: The Facade Layer Business Requirements
Facade Layer
Web Services Facade
Business Facade
Public
Web
Pages
Internal
FunctionalityA facade layer represents a unified interface for the business logic components.
User services communicate with the business logic and DAL services by
sending requests to the facade layer. Although the business logic or DAL
service objects perform the actual work, the facade layer might need to perform
work of its own to translate its interface to the business services and DAL
services interface. The most important point is that clients (the user services)
that use the facade do not have to access its subsystem objects (business
services and DAL services) directly.
The facade layer (Web services and business) runs on the middle-tier nodes that
can be physically separate from the user services. Consequently, the facade
layer also acts as a security barrier for the business services and the DAL
services. The facade layer requires additional resources for managing and
executing the facade layer components that create additional costs. These
additional costs are typically justified by the benefits of simplifying the
interface for user services.

use case identified in the conceptual design that is used directly by an actor.
The facade layer consists of two layers: the business facade layer and the Web
services facade layer. The distinction between these two reflects the type of
functionality exposed. The Web services facade layer exposes functionality to
external users and applications over the Internet. The business facade layer
exposes functionality to internal users through an intranet to browsers or
Win32
®
Distributed Component Object Model (DCOM) clients.
The primary use of the Web services facade is to expose features and
functionality to external users and applications. For example, a banking Web
site might expose functionality to enable Web users to view their account
information. This functionality would be exposed by the Web services facade
called from Active Server Pages (ASP) Web pages.
The Web services facade is not the same as .NET Web Services. But the Web
services facade can be used in conjunction with Extensible Markup Language
(XML), Simple Object Access Protocol (SOAP), and the .NET framework to
create Web services.
The business facade is primarily used to expose features and functionality to
internal users. For example, a banking Web site might expose functionality for
tellers to update account information when customers make deposits or
withdrawals. This type of functionality would have different security
requirements from the Web services facade. It might also have different types
of clients. Clients of the business facade might be Win32 clients or browsers
over an intranet.
6 Module 5: The Facade Layer #
##

enables single sign-on, in which credentials for the user are established and
used for subsequent object access.
!
User management
In certain situations, you might not want to create a domain account for
every user of a Web-based application. In those cases it is still necessary to
have a user management system. User management allows you to register
users and manage user data, protect and share user data, verify users’
identities, and control access to content on your site. User management can
also provide the basis for your application’s delivery of personalized content
to your users.
!
Declarative and programmatic security
Securing content can either be performed declaratively, by using
Windows 2000 or COM+, or programmatically by using COM+. If role-
based security is being used in a COM+ application that contains your
component, you have access to programmatic security functionality from
within your component.

In the second part of this section, COM+ error-handling topics will be covered.
The most problematic part of writing components is handling potential errors.
Trying to determine what can go wrong and how to address these errors can be
challenging even in the best conditions.
Topic Objective
To provide an overview of
the section topics and
objectives.
Lead-in
In this section, you will learn
about two important issues

error utility.
!
Interpreting error codes
This topic identifies the predominant error-handling mechanisms for C++
and Microsoft Visual Basic
®
.

8 Module 5: The Facade Layer Authentication
!
Kerberos v5
!
SSL/TLS
!
NTLMTo provide security for your Windows 2000 application, you must provide
access for authenticated users and deny access to unauthenticated users. In
general, there are two ways to access an application:
!
The Web facade is accessed through public Web pages and might require
some level of user authentication.
!
The business facade is accessed through protected Web pages or through
DCOM. Users are authenticated before being allowed to access protected
Web pages or the business facade itself.

Used with either a password or a smart card for the interactive logon
process. This is also the default method of network authentication for
services.
!
Secure Sockets Layer/Transport Layer Security (SSL/TLS) authentication
Used when a user attempts to access a secure Web server.
!
Windows NT LAN Manager
(
NTLM) authentication
Used when either the client or server uses a previous version of Windows.

10 Module 5: The Facade Layer User Management
!
Active Directory
!
Application
!
Site Server MembershipUser management is important if your application exposes user-specific features
and functionality. For example, a computer sales Web site might include a
support section that users can go to if they have questions after they purchase a
computer. The Web site could prompt users to specify the type of computer
they have the first time they access the support section. If the Web site stores
the information about which types of computers users own, users do not need to

If you are reluctant to build your own application’s user management,
Microsoft Site Server provides a membership service that can be used for Web
sites. Its membership features allow you to register users and manage user data,
protect and share user data, verify users’ identities, and control access to
content on your site.
The Membership Directory is the central repository of user data for Site Server.
The Membership Directory stores both persistent data, which is retained
indefinitely, and dynamic data, which is never written to disk, but is maintained
in RAM while it is current.
12 Module 5: The Facade Layer Declarative and Programmatic Security
If pContext.IsCallerInRole("teller") Then
' Do something …
COM+ Application
Object
Interface
MethodSecuring access to resources can be performed either declaratively or
programmatically. Setting the permission rights on a particular object is known
as declarative security. Programmatic security extends declarative security to
provide a refinement of the security settings.
Declarative Security
Objects can be secured declaratively through Windows 2000 or COM+. In
Windows 2000, you can set the permissions to access files in the application.
You can use COM+ to set the security roles and the users within each role that
can execute different COM+ applications. In addition, you can set the identity

obtains the account name and impersonation level used for all callers in the
chain, from original to direct. It consists of a Role class that has a Caller
method that displays a message box containing the information it obtains. The
code for the method is as follows:
Public Sub Caller()
Dim objSecCallCtx As COMSVCSLib.SecurityCallContext
Dim objSecCallers As COMSVCSLib.SecurityCallers
Dim lngCallers As Long

' Obtain a reference to the security call context object
Set objSecCallCtx = GetSecurityCallContext
' Get the SecurityCallers collection object
Set objSecCallers = objSecCallCtx.Item("Callers")

For lngCallers = 0 To objSecCallers.Count - 1
MsgBox "Name: " & _
objSecCallers(lngCallers).Item("AccountName") & _
" ImpLvl: " & _

objSecCallers(lngCallers).Item("ImpersonationLevel")
Next
End Sub

Topic Objective
To demonstrate declarative
security.
Lead-in
In this demonstration, you
will learn how to set up the
security for a COM+