CYAN MAGENTA YELLOW BLACK PANTONE 123 C Books for professionals by professionals ® Beginning ASP.NET E-Commerce in C#: From Novice to Professional Professional Search Engine Optimization with ASP.NET: A Developer’s Guide to SEO Have fun reading our book! Karli Watson, author of Beginning Microsoft Visual C# 2008 Cristian and Karli Professional C# 2005 with NET 3.0 Companion eBook THE APRESS ROADMAP Beginning ASP.NET 3.5 in C# 2008, Second Edition See last page for details on $10 eBook version Pro ASP.NET 3.5 in C# 2008: Includes Silverlight 2, Third Edition Beginning ASP.NET E-Commerce in C# Pro ASP.NET 3.5 Server Controls and AJAX Components Pro ASP.NET MVC Framework www.apress.com ISBN 978-1-4302-1074-0 54499 US $44.99 Darie, Watson SOURCE CODE ONLINE Beginning ASP.NET E-Commerce Cristian Darie, author of Build Your Own ASP.NET 3.5 Website Using C# & VB With the latest incarnations of ASP.NET and SQL Server, programming datadriven web sites with Microsoft technologies has become more fun, easier, and much more efficient than in the past Fewer mouse clicks and fewer lines of code can now enable more powerful features, and the tools you need—Visual Web Developer 2008 Express Edition and SQL Server 2008 Express Edition—are free In this book, you’ll learn how to use ASP.NET 3.5, C# 2008, and SQL Server 2008 to build a full-featured, modern, search engine–optimized e-commerce web site We guide you through the entire design and build process, so you’ll create a professional application that allows for the ongoing integration of new features in an organized manner With each chapter, you’ll learn how to develop and deploy an online product catalog complete with a shopping cart, checkout mechanism, PayPal and DataCash integration, product search, dynamic product recommendations, administrative features, search engine optimization features, customer accounts, product reviews, an online order management system, and much more With each new feature, you’ll learn fresh theoretical concepts, which are all thoroughly explained Along the way, you’ll gain an intimate understanding of every piece of code you write, which will enable you to build your own powerful and flexible ASP.NET web sites efficiently and rapidly Companion eBook Available in C# Dear Reader, The EXPERT’s VOIce ® in NET Beginning ASP.NET E-Commerce in C# From Novice to Professional Guiding you every step of the way, this book will have you building high-quality, extensible e-commerce web sites in no time Cristian Darie and Karli Watson Shelve in Programming/ Web Development User level: Beginner–Intermediate 781430 210740 www.it-ebooks.info this print for content only—size & color not accurate spine = 1.4" 736 page count www.it-ebooks.info Darie_1074-0FRONT.fm Page i Thursday, March 5, 2009 8:31 PM Beginning ASP.NET E-Commerce in C# From Novice to Professional ■■■ Cristian Darie and Karli Watson www.it-ebooks.info Darie_1074-0FRONT.fm Page ii Thursday, March 5, 2009 8:31 PM Beginning ASP.NET E-Commerce in C#: From Novice to Professional Copyright © 2009 by Cristian Darie and Karli Watson All rights reserved No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher ISBN-13 (pbk): 978-1-4302-1074-0 ISBN-10 (pbk): 1-4302-1074-5 ISBN-13 (electronic): 13: 978-1-4302-1073-3 ISBN-10 (electronic): 1-4302-1073-7 Printed and bound in the United States of America Trademarked names may appear in this book Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark Lead Editor: Matthew Moodie Technical Reviewer: Andrei Rinea Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Tony Campbell, Gary Cornell, Jonathan Gennick, Michelle Lowman, Matthew Moodie, Jeffrey Pepper, Frank Pohlmann, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Project Manager: Tracy Brown Collins Copy Editor: Damon Larson Associate Production Director: Kari Brooks-Copony Production Editor: Ellie Fountain Compositor: Susan Glinert Proofreader: Linda Seifert Indexer: Broccoli Information Management Artist: Kinetic Publishing Services, LLC Cover Designer: Kurt Krames Manufacturing Director: Tom Debolski Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013 Phone 1-800-SPRINGER, fax 201-348-4505, e-mail orders-ny@springer-sbm.com, or visit http://www.springeronline.com For information on translations, please contact Apress directly at 2855 Telegraph Avenue, Suite 600, Berkeley, CA 94705 Phone 510-549-5930, fax 510-549-5939, e-mail info@apress.com, or visit http:// www.apress.com Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use eBook versions and licenses are also available for most titles For more information, reference our Special Bulk Sales–eBook Licensing web page at http://www.apress.com/info/bulksales The information in this book is distributed on an “as is” basis, without warranty Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work The source code for this book is available to readers at http://www.apress.com www.it-ebooks.info Darie_1074-0FRONT.fm Page iii Thursday, March 5, 2009 8:31 PM www.it-ebooks.info Darie_1074-0FRONT.fm Page iv Thursday, March 5, 2009 8:31 PM Contents at a Glance About the Authors xvii About the Technical Reviewer xviii Acknowledgments xix Introduction xxi PART ■■■ ■CHAPTER ■CHAPTER ■CHAPTER ■CHAPTER ■CHAPTER ■CHAPTER ■CHAPTER ■CHAPTER ■CHAPTER ■CHAPTER 10 ■CHAPTER 11 ■CHAPTER 12 Phase of Development: Getting a Web Store Up and Running, Fast Starting an E-Commerce Site Laying Out the Foundations 13 Starting the BalloonShop Project 29 Creating the Product Catalog: Part 55 Creating the Product Catalog: Part 115 Product Attributes 181 Search Engine Optimization 197 Searching the Catalog 225 Improving Performance 257 Receiving Payments Using PayPal 267 Catalog Administration: Departments and Categories 279 Catalog Administration: Products 331 iv www.it-ebooks.info Darie_1074-0FRONT.fm Page v Thursday, March 5, 2009 8:31 PM PART ■■■ ■CHAPTER 13 ■CHAPTER 14 ■CHAPTER 15 ■CHAPTER 16 PART Creating Your Own Shopping Cart 367 Accepting and Processing Customer Orders 403 Product Recommendations 447 Creating Customer Accounts 465 ■■■ ■CHAPTER 17 ■CHAPTER 18 ■CHAPTER 19 ■CHAPTER 20 ■CHAPTER 21 ■CHAPTER 22 Phase of Development: Selling More and Increasing Profits Phase of Development: Advanced E-Commerce Storing Customer Orders 531 Implementing the Order Pipeline, Part 563 Implementing the Order Pipeline, Part 589 Credit Card Transactions 637 Product Reviews 667 Integrating Amazon Web Services 675 ■INDEX 693 v www.it-ebooks.info Darie_1074-0FRONT.fm Page vi Thursday, March 5, 2009 8:31 PM www.it-ebooks.info Darie_1074-0FRONT.fm Page vii Thursday, March 5, 2009 8:31 PM Contents About the Authors xvii About the Technical Reviewer xviii Acknowledgments xix Introduction xxi PART ■■■ ■CHAPTER Phase of Development: Getting a Web Store Up and Running, Fast Starting an E-Commerce Site .3 The Balloon Shop Deciding Whether to Go Online Getting More Customers Making Customers Spend More Reducing the Costs of Fulfilling Orders Making Money Considering the Risks and Threats Designing for Business Knowing the Client Phase of Development: Getting a Web Store Up and Running, Fast 10 Phase of Development: Increasing Customer Satisfaction and Conversion Rate 10 Phase of Development: Advanced E-Commerce 11 Summary 12 vii www.it-ebooks.info Darie_1074-0FRONT.fm Page viii Thursday, March 5, 2009 8:31 PM viii ■C O N T E N T S ■CHAPTER Laying Out the Foundations 13 Designing for Growth 13 Meeting Long-Term Requirements with Minimal Effort 14 Using a Three-Tier Architecture 15 A Simple Scenario 16 What’s in a Number? 17 The Right Logic for the Right Tier 18 A Three-Tier Architecture for BalloonShop 19 Why Not Use More Tiers? 19 Choosing Technologies and Tools 20 Using ASP.NET 20 Using C# and VB NET 24 Using Visual Web Developer 2008 Express Edition 24 Using SQL Server 2008 25 Following Coding Standards 26 Summary 27 ■CHAPTER Starting the BalloonShop Project 29 Preparing the Development Environment 29 Installing Visual Web Developer 2008 Express Edition 30 Installing SQL Server 2008 Express Edition 31 Installing IIS 32 Preparing the BalloonShop Web Site 33 Creating the BalloonShop Web Application 35 Creating the BalloonShop SQL Server Database 39 Implementing the Site Skeleton 45 Building the First Page 47 Downloading the Code 53 Summary 53 ■CHAPTER Creating the Product Catalog: Part 55 Showing Your Visitor What You’ve Got 55 What Does a Product Catalog Look Like? 56 Previewing the Product Catalog 56 Roadmap for This Chapter 59 Storing Catalog Information 61 Understanding Data Tables 61 Creating the Department Table 69 www.it-ebooks.info Darie_1074-0INDEX.fm Page 696 Thursday, March 5, 2009 8:32 PM 696 ■I N D E X Certificate Signing Request (CSR), 526 Char data type, 66 CommerceLibOrdersGetByCustomer stored procedure, 608–609, 617 CommerceLibOrdersGetByDate stored procedure, 609, 618 checkout, PayPal, 270–277 Checkout button, 411–413 CommerceLibOrdersGetByRecent stored procedure, 609–610, 618 checkout page, 520–521, 523–525 Checkout.aspx.cs file, 557–558, 560 CommerceLibOrdersGetByStatus stored procedure, 610–611, 619 CheckProductUrl method, 219 Click event method, 258 CommerceLibOrderUpdate stored procedure, 611 clients, knowing, 9–10 CommerceLibOrderUpdateStatus stored procedure, 583 client-server architecture, 19, 22 client-side validation, 415–417 CommerceLibShippingGetInfo stored procedure, 551–553 code-behind model, 22 coding standards, 26–27 CompareValidator control, 417, 429 Color attribute, 196 Compiled member, 211 columns, 64–68 Completed bit, 436 comm object, 145 ComputeHash method, 471 command object, 82 element, 201 CommandText property, 81 element, 201 Comments field, 408 CommerceLib class, 535, 566, 571, 608, 611 CommerceLibAccess class, 537, 539, 542, 552, 557, 570, 584–585, 611–612, 616–617, 624–625, 632 Configure Data Source control, 508 Connections tab, 34 ConnectionString property, 80 ContentPageFolder object, 48 CommerceLibAccess.cs file, 537 ContentPlaceHolder element, 48, 53 CommerceLibAuditInfo class, 613 ContinueDestinationPageUrl property, 498, 515 CommerceLibException class, 570–571 CommerceLibOrderDetailInfo class, 538–539, 542, 613, 616 ContinueNow field, 580 CommerceLibOrderGetAuditTrail stored procedure, 608, 613 ControlToValidate property, 417 CommerceLibOrderGetInfo stored procedure, 550 ConvertDataTableToOrders method, 617 ControlToCompare property, 417 conversion rate, 10–11 Convert.ToBase64String utility function, 471 CommerceLibOrderInfo class, 540–542, 554–556, 560, 577, 580, 586, 611–614, 616–617, 630 cookies, 376 COUNT aggregate function, 452 CommerceLibOrderSetAuthCode stored procedure, 583–585 count parameter, 618 CommerceLibOrderSetDateShipped stored procedure, 584 CreateAudit stored procedure, 569–570 CreateAudit method, 570–571, 577 CreateCategory stored procedure, 321 www.it-ebooks.info Darie_1074-0INDEX.fm Page 697 Thursday, March 5, 2009 8:32 PM ■I N D E X CreateCommand method, 84, 96, 149, 542 Customer class, 566 CreateCommerceLibOrder method, 535, 553–554 customer details page, 466 CreateConnection method, 84 CreateCustomerOrder stored procedure, 533–534, 551 customer orders See also tax and shipping charges accessing, 536–545 administering CreateDecryptor method, 481 business tier, 611–621 CreateOrder stored procedure, 409–410 database modifications, 608–611 CreateParameter method, 145 overview, 607–608 CreateProduct stored procedure, 335 presentation tier, 621–633 CreateUserButtonText property, 498 testing order administration page, 633–635 CreateUserWizard control, 496–498 CreateXml method, 493 displaying existing orders, 417–418 credit card transactions, 637–639, 659–666 cross joins, 186, 187 implementing order-placing system, 403–413 cross-selling, 447 order details, 430–445 cryptographic stream, 474 overview, 413–415 CSR (Certificate Signing Request), 526 placing, 532–536 CSS (Cascading Style Sheets) files, 98 processing, 7, 11–12 CssClass property, 98, 107, 417 reducing costs of, 6–7 CultureInvariant member, 211 validation, 415–417 CurrentPipelineSection field, 580 customer satisfaction, 10–11 customer accounts Customer table, 407 checkout page, 520–521, 523–525 CustomerAddressAsString field, 545 customer details CustomerID column, 532 customers overview, 502–503 user profiles in ASP.NET, 503 acquiring information about, 12 user profiles in BalloonShop, 504–520 bringing back, customer logins, 495–502 getting, overview, 465–467 making spend more, servicing, SecurityLib class encryption, 472–495 Customers role, 495 hashing, 468–470, 472 CustomerServiceEmail class, 573 overview, 467–468 CustomValidator control, 416 setting up secure connections ■D enforcing SSL connections, 526–529 dashesRegex regular expression, 212, 215 obtaining SSL certificates, 526 Data Encryption Standard (DES), 473 overview, 525–526 storing, 466 www.it-ebooks.info 697 Darie_1074-0INDEX.fm Page 698 Thursday, March 5, 2009 8:32 PM 698 ■I N D E X DateShipped field, 408, 432 data tables columns, 64–68 DateStamp column, 569 data types, 65–67 DateTime data type, 65 default values, 67 DbCommand object, 145, 149 indexes, 69 DbParameter object, 145–146 overview, 61–62 DbProviderFactory class, 84 primary keys, 62–64 debugging, 37 declarative security, 286 data tier custom shopping cart, 372–375 Decrypt method, 479, 481 overview, 15 DecryptData method, 491, 493 paging at, 137 decryptor object, 474 product attributes, 182–188 Default.aspx file, 23, 37, 39, 50, 53 product recommendations, 449–456 Default.aspx.cs file, 39 data types, 65–67 DELETE statement, 75–76 databases, communicating with DeleteCategory stored procedure, 321 overview, 72 DeleteDepartment stored procedure, 301 SQL, 73–76 Department data table, 61–62, 65–66, 69 stored procedures, 76–77 Department URL, 200 Databases node, 41 Department-Category relation, 118 DataCash system DepartmentDetails object, 150–151 exchanging XML data, 643–659 DepartmentID field, 119, 121 fulfillment request and response, 642–643 DepartmentID parameter, 159 integrating with BalloonShop, 659–664 DepartmentIndex query string parameter, 264 overview, 639–640 preauthentication request and response, 640–642 DepartmentsList control, 98, 104 dataCashClient, 652 DepartmentsList.ascx Web User Control, 60, 98, 688 DataCashLibTest.aspx Web Form, 652 DES (Data Encryption Standard), 473 DataCashLibTest.aspx.cs file, 652 Description field name, 121, 127 dataCashPassword class, 652 development environment, 29–34 DataCashRequest class, 649, 657 Digital Signature Algorithm (DSA), 473 DataCashResponse class, 651, 657–658 Display property, 417 DataGrid control, 627 DisplayMode property, 417 DataKeyNames property, 425 DISTINCT clause, 144 DataList control, 98, 104, 159, 167, 189, 194 Download Now! link, 30 DataRow object, 541 DropDownList control, 195, 628 DataRowView item, 194 DSA (Digital Signature Algorithm), 473 DataTable class, 83, 684 Duration parameter, 264 date_created field, 453 dynamic product recommendations, 447–448 dynamic URLs, 199 www.it-ebooks.info Darie_1074-0INDEX.fm Page 699 Thursday, March 5, 2009 8:32 PM ■I N D E X ■E FOREIGN KEY constraint, 120–121, 407 ECMAScript member, 211 foreign keys, 120 EditButton button, 519 definition, 527 template, 511 FormView control, 502, 519 emailing error reports, 88 FROM keyword, 76 EnableValidation property, 417 Front page URL, 200 EnableViewState property, 429 Full Text Search feature, 30–32 Encrypt method, 479 FULLTEXT catalog and indexes, 229–232 EncryptData method, 491–493 Full-Text Search Developer InfoCenter, 227 _encryptedData member, 493 full-text search feature, 227–232 encryption ■G overview, 472–474 generic data access code, 83–85 SecureCard class, 482–495 GenericDataAccess class, 79, 89, 149, 542, 617 StringEncryptor class, 474–482 GET request, 675 encryptor object, 474 GetAmazonDataWithRest method, 686, 690 Enforce password policy check box, 42 errorLabel control, 623–624 GetAmazonDataWithSoap class, 685, 688 GetByDate method, 421 ErrorMessage property, 417 GetByRecent method, 420 exact-match search, 225 GetCategoryDetails method, 151–152 Exception class, 88 exceptions, catching and handling, 86–87 GetCurrentPipelineSection method, 580, 601–602 EXEC command, 188 GETDATE( ) function, 408, 453 Execute method, 82 GetDepartmentDetails method, 149–150 ExecuteNonQuery method, 82 GetDepartments stored procedure, 60, 76 ExecuteReader method, 82 GetDetails method, 434 ExecuteScalar method, 82, 410 GetInfo method, 433, 441 ExecuteSearch method, 258 GetItems method, 383 ExecuteSelectCommand method, 96, 617 GetMailBody( ) method, 592, 598 ExplicitCapture member, 211 GetOrder method, 542 ■F GetOrderAuditTrail method, 613–614, 616 featured products, 447 GetOrderDetails method, 539, 542 fields, 62 GetOrdersByCustomer method, 617–618, 624 finally block, 87 GetOrdersByDate method, 618 FindControl control, 194 GetOrdersByRecent method, 618–619 Flash, 22 GetOrdersByStatus method, 619 flexible architecture, 14 GetProductAttributeValues stored procedure, 182 FooterTemplate element, 688 for loop, 245 GetProductDetails method, 152–154 forbidden element, 223 www.it-ebooks.info 699 Darie_1074-0INDEX.fm Page 700 Thursday, March 5, 2009 8:32 PM 700 ■I N D E X GetProductsInCategory method, 143, 157–158 HttpWebRequest, 657 GetProductsOnDeptPromo method, 156–157 HyperText Transport Protocol (Secure) (HTTPS), 525 GetProductsOnFrontPromo method, 154–155 GetRecommendations method, 457 Hypertext Transfer Protocol See HTTP ■I ID parameter, 577 GetResponseTable method, 684 GetShippingInfo method, 552–553, 557 GetTotalAmount method, 383 GetUnverifiedUncanceled method, 421 GetVerifiedUncompleted method, 422 goButton_Click, 602 IDENTITY column, 184 identity columns, 67–68 If element, 223 IgnoreCase member, 211 IgnorePatternWhitespace member, 211 IIS (Internet Information Services), 29, 32–33 gone element, 223 IIS Frontpage Extensions node, 33 GridView control, 300, 425, 429, 439 IIS Manager tool, 34 Group class, 209 Image field name, 127 GroupCollection class, 209 Image variable data type, 66 Groups collection, 210 Images folder, 49 growth, designing for, 14–15 Images response group, 681 GUID value, 623 indexes, 69 ■H IndexOf method, 658 hashing, 285, 467–472 initialization vector (IV), 473 HasValue property, 621 inProductId parameter, 669 Header Web User Control, 46 input parameters, 145 headers, 104 INSERT INTO command, 139, 186 HeaderText property, 417 INSERT statement, 74–75, 185, 410 element, 657 template, 509 HistoricTxnClass, 646 Int data type, 65 Hosting services, 220 Intelligencia.UrlRewriter assembly, 200 hosts file, 33 Internet Information Services (IIS), 29, 32–33 howManyPages parameter, 154 Internet payment service providers, 267–268 HTML Server Controls, 23–24 IPipelineSection class, 566, 570, 574, 581, 592 HTTP (Hypertext Transfer Protocol) IPipelineSection.cs file, 574 headers, 216 ISAPI filter, 199 overview, 260 ISAPI_Rewrite product, 199 status codes, 216–222 isDecrypted flag, 493 HttpContext.Current property, 517 isEncrypted flag, 493 HTTPS (HyperText Transport Protocol [Secure]), 525 IsMatch method, 210 HttpUtility class, 208, 215 IsPostBack property, 258 IsSecureConnection method, 527 www.it-ebooks.info Darie_1074-0INDEX.fm Page 701 Thursday, March 5, 2009 8:32 PM ■I N D E X ItemAsString utility field, 539 connecting to SQL server, 79–81 ItemDataBound event, 189, 194 exceptions, 86–87 ItemLookup operation, 681 generic data access code, 83–85 ItemSearch object, 681 sending emails, 88 stored procedures, 81–83 ItemSearchRequest object, 681 ItemSearchResponse object, 681 logins, customer, 495–502 ItemTemplate control, 194 Logins node, 42 template, 509 LoginView control, 497 IV (initialization vector), 473 ■M ■J MailAdmin method, 577, 578, 581–582 JavaScript, 22 MailCustomer method, 590, 592 JOIN clause, 135 MailMessage class, 88 joining data tables, 134–136 MailSupplier method, 590 junction tables, 119 Management Tools—Basic option, 32 ■K many-to-many relationships, 117–120 MarkCanceled method, 437 keyword-rich URLs MarkCompleted method, 436 for BalloonShop, 200–204 MarkVerified method, 436 generating, 211–215 Master Pages, 23, 45–53, 527 ISAPI_Rewrite, 199 Match class, 209–210 overview, 198–199 MatchCollection class, 209 UrlRewriter.NET, 199 Matches method, 210 ■L MatchEvaluator class, 209 Label control, 98 MembershipUser class, 518, 535, 541 LEFT function, 133 MemoryStream object, 480 Link class, 211–212, 214, 218–219 Message column, 569 link factory, 102 MessageNumber column, 569 Link.cs file, 218 messageNumber parameter, 571 list_ItemDataBound method, 190, 194 metacharacters, 206–207 List class, 613 Microsoft Passport authentication, 466 List collection, 617, 624 middle tier See business tier List object, 552 Location combo box, 36 MinimumValue property, 417 Money data type, 65 Location parameter, 264 MoveProductToCategory stored procedure, 351 logic, adding to site MSDN Express Library, 30 business tier code, 89 Multiline member, 211 commands, 81–83 www.it-ebooks.info 701 Darie_1074-0INDEX.fm Page 702 Thursday, March 5, 2009 8:32 PM 702 ■I N D E X ■N OrderGetDetails stored procedure, 431 Name field name, 121, 127 OrderGetInfo stored procedure, 430–431, 537 NChar data type, 66 OrderID column, 569 NET regular expressions, 208–211 OrderID field, 406 newDateShipped parameter, 621 OrderID primary key, 408 nexus, 546 OrderInfo object, 432–434, 441, 537, 619, 632 None member, 211 OrderMarkCanceled stored procedure, 432 nonsecure connection, 528 OrderMarkCompleted stored procedure, 432 not-allowed element, 223 OrderMarkVerified stored procedure, 432 not-found element, 223 OrderProcess class, 621 NotFound.aspx file, 220 not-implemented element, 223 OrderProcessor class, 566, 569–572, 575–577, 583–586, 589–591, 604, 633, 660 NText data type, 66 OrderProcessor.cs file, 575 n-Tier Architecture, 19–20 OrderProcessorEmail class, 573 NULL value, 67 OrderProcessorException class, 566, 571–572, 581 nullable columns, 67 OrderProcessorMailer class, 570, 573–574, 577, 589–590 NVarChar data type, 66 nvarchar(max) data type, 128 orders See customer orders ■O Orders database, 565 ObjectDataSource control, 502, 508, 518 Orders table, 406–409, 532, 549–550, 611 od1 instance, 450 OrdersAccess class, 419, 433, 441, 539 od2 instance, 450 OrdersAccess.cs file, 432 OfferSummary response group, 681 OrdersAdmin.ascx properties, 426 OnDepartmentPromotion field name, 127 OrdersGetByDate stored procedure, 419 one-to-many relationships, 117–118 OrdersGetByRecent stored procedure, 418–420 OnInit property, 528 OrdersGetUnverifiedUncanceled stored procedure, 419 OnPreRender event handler, 519 Operator property, 417 OrdersGetVerifiedUncompleted stored procedure, 419 OR operator, 211 Order Administration page, 633–635 OrderUpdate stored procedure, 431 ORDER BY clause, 452 Out parameter, 146 OrderAsString field, 545, 555 output cache, 263–265 OrderDetail class, 566 OrderDetail table, 407–409, 430, 450, 537 OrderDetails class, 566 OrderDetailsAdmin.ascx control, 625, 629–630 output parameters, 146 OutputBox text box, 655 OutputCache page directive, 263, 265 www.it-ebooks.info Darie_1074-0INDEX.fm Page 703 Thursday, March 5, 2009 8:32 PM ■I N D E X ■P presentation tier pageNumber parameter, 154 integrating AWS with BalloonShop, 688–690 Pager Web user control, 167, 170 overview, 15 paging, implementing, 138 paging at, 137 param3 property, 503 pipeline implementation, 578–582, 602–607 Page_Load function, 218, 258, 514, 629 param4 property, 503 product attributes, 189–196 parameters, 140, 145–146 product catalog, 159–179, 246–255 PasswordHasher class, 469 product recommendations, 458–461 PasswordHasher.cs file, 468 PasswordRegularExpression parameter, 502 passwordStrengthRegularExpression parameter, 501 shopping cart, 383–395 Price field name, 127 PRIMARY KEY constraint, 64, 67, 120 primary keys, 62–64 PayPal Process( ) method, 580–581, 592, 604, 621, 633 cost of, 11 overview, 10–11, 267–268 processButton button, 603 setting up, 268–269 shopping cart and checkout, 270–277 performance improvement, 257–265 processing parameter, 204 processing="stop" attribute, 208 product attributes pipeline implementation business tier, 188–189 administering orders data tier, 182–188 business tier, 611–621 database modifications, 608–611 overview, 607–608 overview, 181–182 presentation tier, 189–196 presentation tier, 621–633 Product Attributes Presentation, implementing, 189 testing order administration page, 633–635 product catalog business tier, 570–578, 589–602 administering categories, 320–324 database modifications, 568–570 departments, 299–317 OrderProcessor class, 583–586 products, 333–364 overview, 563–568, 589 presentation tier, 578–582, 602–607 Place code in a separate file check box, 47, 51 PlaceHolder control, 194 placeOrderButton_Click method, 535, 557 PopulateControls( ) function, 412, 441, 524, 557, 630–631 business tier, 147–158 communicating with database, 72–77 custom error page, 110 data storage, 116 data tables, 61–68 displaying list of departments, 97–101, 104 postback mode, 258, 629 link factory, 102 PrepareUrlText method, 214 logic, adding, 79–97 overview, 55–56 www.it-ebooks.info 703 Darie_1074-0INDEX.fm Page 704 Thursday, March 5, 2009 8:32 PM 704 ■I N D E X parameterized stored procedures, 145–146 Properties window, 189 presentation tier, 159–179 previewing, 56–59 PSCheckFunds class, 566, 593–594, 660, 662–664 querying new data, 133–139 PSCheckStock class, 566, 594–595 storing new data, 115–127 PSDummy class, 570, 577–578 writing stored procedures, 139–145 PSDummy.cs file, 577 ProviderUserKey property, 535 product recommendations PSFinalNotification class, 566, 599, 601 business tier, 457– 458 PSInitialNotification class, 566, 591–592 data tier, 449–456 PSInitialNotification.cs file, 591 dynamic, 447–448 PSShipGoods class, 566, 597, 599 presentation tier, 458–461 PSShipOK class, 566, 599 product reviews feature, 667–673 PSStockOK class, 595–596 Product table, 408, 410, 452 PSTakePayment class, 566, 596–597, 663–664 Product URL, 200 purifyUrlRegex member, 212 Product.aspx Web Form, 177, 673 ■Q Product.aspx.cs file, 221 Quantity field, 408 ProductAttributeValue data table, 182, 184–185 ProductDescriptionLength configuration, 147 query string parameters, 198 querying new data, 133–139 ■R ProductDetails struct,152 RangeValidator control, 417, 429 ProductID column, 135 ProductID field, 119, 127 RC2 (Ron’s Code, Rivest’s Cipher) standard, 473 ProductRecommendations.ascx Web User Control, 458 RDBMS (Relational Database Management Systems), 73 ProductReviews.ascx Web User Control, 671, 673 recommendations See product recommendations ProductsAdmin.ascx file, 340–342, 344–345, 348 records, 62 ProductsList Web User Control, 170, 177, 250 Reference column, 532 ProductsList.ascx file, 167, 189, 193, 226, 265 Reference field, 583, 659 ProductsList.ascx.cs file, 195 Reference property, 660 ProductsPerPage configuration, 147 Refresh folder, 49 element, 503 Refresh method, 542, 555 ProfileCommon class, 503, 517, 541 Regex class, 205, 209, 210 ProfileDataSource control, 508 RegexOptions value, 211 ProfileWrapper class, 507,516 Register link, 499 PromoDept field name, 127 registration page,466 PromoFront field name, 127 regular expressions, 204–211 element, 217, 223 www.it-ebooks.info Darie_1074-0INDEX.fm Page 705 Thursday, March 5, 2009 8:32 PM ■I N D E X keyword-rich URLs RegularExpressions namespace, 212 Relational Database Management Systems (RDBMS), 73 for BalloonShop, 200–204 relational databases, 116–120 ISAPI_Rewrite, 199 relationships overview, 198–199 enforcing with FOREIGN KEY constraint, 120–121 many-to-many relationships, 117–120 one-to-many relationships, 117–118 RemoveItem method, 382 RemoveProductFromCategory stored procedure, 280, 325–327, 351 generating, 211–215 UrlRewriter.NET, 199 overview, 197 regular expressions, 205–211 Search Engine Result Pages (SERPs), 216 Search method, 243 SearchBox control, 258 SearchBox.ascx control, 246, 258 Replace method, 210 Representational State Transfer (REST), 675, 678–681 SearchCatalog method, 243 searching catalog requireSSL attribute, 527 business tier, 243–245 response groups, 679 choosing method for, 225–226 Response Groups link, 681 presentation tier, 246–255 REST (Representational State Transfer), 675, 678–681 teaching database to search itself Review table, 669 FULLTEXT catalog and indexes, 229–232 reviews feature, 667–673 full-text feature, 228–229 Rewrite element, 223 improving relevance, 236–238 element, 204, 217 overview, 226–227 RightToLeft member, 211 SearchCatalog stored procedure, 238–243 Rijndael standard, 473 risks, e-commerce site, 8–9 Rivest’s Cipher (RC2) standard, 473 Rivest-Shamir-Adleman (RSA), 473 RoleGroup Template, 499 Roles class, 502 Ron’s Code (RC2) standard, 473 ROW_NUMBER function, 138 RSA (Rivest-Shamir-Adleman), 473 sorting by relevance, 232–235 secret access key, 677 secure connections, setting up, 525–529 Secure Sockets Layer (SSL) connections, 8, 525 SecureCard class, 482, 494–495, 516 SecureCard.cs file, 468 SecureCardException.cs file, 468 SecureLib library, 482 ■S Security page, 41 SalesRank response group, 681 Security tab, 497 scalable architecture, 14 SecurityLib class search engine optimization encryption, 472–495 BalloonShop, 197–198 hashing, 468–472 HTTP status codes, 216–222 overview, 467–468 www.it-ebooks.info 705 Darie_1074-0INDEX.fm Page 706 Thursday, March 5, 2009 8:32 PM 706 ■I N D E X SecurityLibTester.aspx file, 469 ShoppingCart table, 370–371, 410 SEH (Structured Exception Handling), 480 ShoppingCartAccess class, 378, 410, 457, 534 Select master page, 51 ShoppingCart.aspx control, 403 SELECT statement, 73–74, 82, 133, 135, 137, 185–186, 418 ShoppingCartGetItems stored procedure, 374 SelectedIndexChanged event handler, 429 ShoppingCartRemoveItem stored procedure, 373 SendMail method, 413, 574, 590 serialization attributes, XML, 644 SERPs (Search Engine Result Pages), 216 server-side control, 23 ShoppingCartUpdateItem stored procedure, 374 ShowMessageBox property, 417 Simple Mail Transfer Protocol (SMTP) server, 88 server-side validation, 415 set cookie element, 223 SET IDENTITY INSERT ON statement, 184 Simple Object Access Protocol (SOAP), 675, 681 SET IDENTITY_INSERT command, 125 Singleline member, 211 set property element, 223 site skeleton, 45–53, 104 SET ROWCOUNT statement, 418 SiteName configuration, 147 set status element, 223 size property, 145 SetEditMode method, 442, 632 skin extension, 98 SetOrderAuthCodeAndReference method, 585, 660 SkinID property, 98 SetOrderDateShipped method, 585–586 SHA1Managed instance, 471 skins, 98 Small response group, 681 Shared parameter, 264 SMTP (Simple Mail Transfer Protocol) server, 88 shipping charges See tax and shipping charges SmtpClient class, 88 Shipping table, 548–549 SOAP (Simple Object Access Protocol), 675, 681 ShippingCost column, 549 Source Code area, 53 ShippingID column, 549–550 SourceStage integer property, 572 ShippingInfo struct, 552 Split method, 210 ShippingRegion fields, 508 SQL (Structured Query Language), 25, 73–76 shippingRegion property, 519 SQL Server 2008 ShippingRegion table, 504 BalloonShop project, 39–44 ShippingRegionID column, 549 connecting to, 79–81 ShippingType column, 549 data types, 65 shopping cart full-text search feature, 227–228 administering, 396–402 management interface, 29 business tier, 375–383 paging, 138 data tier, 372–375 PayPal, 270–277 using, 25–26 SQL Server 2008 Express Edition, 20, 31–32 presentation tier, 383–395 www.it-ebooks.info Darie_1074-0INDEX.fm Page 707 Thursday, March 5, 2009 8:32 PM ■I N D E X SQL Server and Windows Authentication mode, 41 SupplierEmail class, 573 SQL Server Managed Data Provider, 83 System Configuration Checker option, 32 SQL Server Management Studio, 44, 188 System.Collections.Generic namespace, 552 SQL Server Management Studio Express, 29, 39, 73 System.Data namespace, 190–191, 684 SqlConnection class, 80–82 symmetric encryption, 472 System.Data.Common namespace, 84, 419 System.Data.SqlClient parameter, 84 SqlDataSource control, 508, 622 SystemException class, 572 sqlexpr_adv.exe file, 228 System.Math class, 556 SQLEXPRADV_x64_ENU.exe file, 32 SQLEXPRADV_x86_ENU.exe file, 32 System.Security.Cryptography namespace, 473 SSL (Secure Sockets Layer) connections, 8, 525 System.Text namespace, 593 SSL certificates, 526 System.Text.RegularExpressions namespace, 209 Start Debugging command, 37 System.Web.HttpResponse class, 217 Status column, 532 System.Web.Mail namespace, 88 Status int column, 532 System.Web.Security namespace, 590 Status table, 611 System.Xml namespace, 684 statusDropDown control, 629 ■T stored procedures, 25 table joins, 134–136 executing, 81–83 table relationships See relationships parameterized, 145–146 table variables, 138–139 saving query as, 76–77 tax and shipping charges writing new, 139–144 business layer, 552–556 storing database modifications, 547–551 customer accounts, 466 further development, 560–561 new data, 115–127 overview, 546–547 StreamReader object, 481 presentation layer, 556–558 string members, 657 Tax table, 548, 557 string parameter, 644 TaxID int column, 548, 550 StringBuilder object, 592 TaxInfo struct, 552 StringEncryptor class, 474, 482 TaxPercentage float column, 548 StringEncryptor.cs file, 468 StringEncryptorException exception, 480–481 TaxType column, 548 Templates panel, 36 Structured Exception Handling (SEH), 480 Text data type, 66 Structured Query Language (SQL), 25, 73–76 text pattern, 205 subqueries, 138, 454–455 themes, 98–99 Substring method, 658 three-tier architecture, 15–20, 24 SUM function, 431 throw statement, 87 www.it-ebooks.info 707 Darie_1074-0INDEX.fm Page 708 Thursday, March 5, 2009 8:32 PM 708 ■I N D E X Thumbnail field name, 127 UrlEncode method, 208 TieButton method, 416 UrlPathEncode method, 215 to attribute, 204 UrlRewriter method, 200 ToCategory method, 213–214 UrlRewriter.NET tool, 199, 222–223 ToDepartment method, 103, 212–214 UrlRewriterV2 folder, 200 TOP keyword, 138, 452 ToProduct method, 213–214 UrlRewriterV2\bin\Release\Intelligencia.Url Rewriter.dll assembly, 200 TotalAmount field, 430 URLs element, 657 automatic correction, 218–219 TransactionClass class, 647, 657 canonicalization, 198 Transact-SQL (T-SQL), 25, 72–73 keyword-rich Trim function, 215 for BalloonShop, 200–204 try block, 87 generating, 211–215 try-catch construct, 87 ISAPI_Rewrite, 199 try-catch-finally construct, 86 overview, 198–199 UrlRewriter.NET, 199 T-SQL (Transact-SQL), 25, 72–73 rewriting, 198–199 two-tier architecture, 19 TxnDetailsClass, 647 User Account Control (UAC), 34 Type property, 417 user profiles, 466, 502–520 userDropDown control, 623–624 ■U UserId field, 623 UAC (User Account Control), 34 using statement, 432 UNION method, 187 Utilities class, 89, 413, 574, 590 unique columns, 64–65 utility functions, 565 UNIQUE constraint, 120 UniqueIdentifier data type, 66 ■V Unless element, 223 ValidationSummary control, 416 Update method, 434–435, 619 validator controls, 415 Update Quantities button, 411 Value parameter, 621 UPDATE statement, 75 VarBinary data type, 66 UpdateCategory stored procedure, 301–305, 321 VarChar data type, 66, 145 UpdateDepartment stored procedure, 300 VaryByCustom parameter, 264 UpdateItem method, 381 VaryByHeader parameter, 264 UpdateOrder method, 619, 621, 632 VaryByParam parameter, 264 UpdateOrderStatus method, 584 VB NET, 24 UpdateProduct stored procedure, 335 VBScript, 22 UpdateProfile method, 518 Verified bit, 436 up-selling, 447 Verified field, 408 url attribute, 204 verified orders, 405 VaryByControl parameter, 264 www.it-ebooks.info Darie_1074-0INDEX.fm Page 709 Thursday, March 5, 2009 8:32 PM ■I N D E X VeriSign, 526 Web Install section, 31 VEWSTATE hidden form field, 260 Web Management Tools, 33 View Cart button, 270 Web Server Controls, 23 View Sites link, 34 Web servers, 21–22 ViewState class, 258, 260–262 Web User Controls, 23, 46 Visual C# Express, 467 web.config file, 39, 200–201, 221, 466, 682 Visual Studio 2008, 24–25 Website Payments Standard Integration Guide, 270 Visual Web Developer 2008, 23, 38 Visual Web Developer 2008 Express Edition, 20, 24–25, 30 Welcome.html document, 53 vwdsetup.exe file, 30 Windows Authentication, 33, 41, 466 ■W ■X Web clients, 21–22 Xml property, 658 WHERE clause, 75, 138 Web Forms, 23, 45 www.it-ebooks.info 709 Darie_1074-0INDEX.fm Page 710 Thursday, March 5, 2009 8:32 PM Offer valid through 9/09 www.it-ebooks.info ... Online Creating and maintaining an e-commerce web site is less expensive than creating and maintaining a brick-and-mortar store, but it still implies a significant financial and time investment... be capable of accepting PayPal payments, enabling you to begin generating revenue immediately Phase concentrates on increasing revenue by improving the shopping experience In this phase, you’ll... profit margins by reducing costs through automating and streamlining order processing and administration, and by handling credit card transactions yourself You’ll also learn how to integrate external