Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Three Layered Web Application

Is it OK - best practise wise - to use the second layer to redirect the user?

For example:

public static void ForceLogin()
{
    HttpCookie cookie = HttpContext.Current.Request.Cookies[cookieName];

    if (cookie != null)
    {
        if (Regex.IsMatch(cookie.Value, "^[0-9]+\\.[a-f0-9]+$"))
        {
            using (EibxDataContext db = new EibxDataContext())
            {
                int count = db.Logins.Count(l => l.Password == cookie.Value);

                if (count == 1)
                {
                    return;
                }
            }
        }
    }

    HttpContext.Current.Response.Redirect("~/Login.aspx");
}

At the last line, I use the Business/Service Logic Layer to redirect the user to the login page.

Should this be done in the Presentation layer?

like image 392
はると Avatar asked Dec 13 '22 05:12

はると


2 Answers

Absolutely not. The business logic layer should make the decision, the UI layer should do the redirect. The business layer shouldn't know anything about HttpContext nor should it be directly reading cookies. Pass the relevant information into the business layer so that the business layer can make the decision, and pass the decision out to the UI layer so that it can work on the resultant decision.

Here's the reason... what if the business layer is used from a web service? How can the business layer do a redirect in that instance? Or suppose it's used with a non-web client? Redirection has no meaning in that context. If you change your UI layer, that should not affect your business logic layer, and mixing in redirects and cookie reading into the business layer will necessitate that with the proposed design.

like image 131
Robert C. Barth Avatar answered Dec 31 '22 14:12

Robert C. Barth


It depends on how you define your layers; for example, my "business logic" is usually logic related to the problem I am trying to solve, and knows nothing of the UI. So it can't do a redirect, as it has no access to the request/response.

Personally, I'd do this at the UI layer; dealing with the raw interactions such as being gate-keeper and custodian is part of the UI layer's job for a web app. IMO. For example, via an http-module, which is (by definition) a UI-level component.

like image 25
Marc Gravell Avatar answered Dec 31 '22 15:12

Marc Gravell