• home
• about us
  • Company Overview
  • Calsoft Corporate
• solutions
  • Enterprise Applications
  • Customer Relationship Management
  • Enterprise Information Management
• services
  • Business Consulting
  • License Management
  • Implementation
  • Custom Application Development
  • Managed Services
  • Training
  • Infrastructure
• partners
• resources
  • Case Studies
  • Clients
  • Testimonials
  • White Papers
• news & events
  • Press Releases
  • Events
• careers
• contact us
  • Global Offices
  • Call Me Now
  • Request For Information

Designing and Implementing an Electronic Commerce website

Introduction

Electronic Commerce is fast shaping up to be the way business will be conducted in the future. Calsoft take a look at how a commerce site is built using Microsoft Site Server 3.0, Commerce Edition.

This paper is not about electronic commerce in general. It is an exercise in building a business to consumer electronic commerce site using MS - Site Server 3.0, Commerce Edition. Calsoft do not talk about e-commerce concepts or other tools available to implement e-commerce but focus exclusively on Site Server.

The names Site Server and Commerce Server are used in place of MS - Site Server Commerce Edition 3.0 throughout this paper.

Calsoft will assume a set of requirements that the final site should adhere to and follow the development of the site.

This information has a short shelf life, and if you have any questions please contact California Software.

Please check all information or take professional advice before embarking on an electronic commerce project.

Site Server, Commerce Edition

Site Server 3.0 Commerce Edition is a comprehensive Internet commerce server an organization can use to build and monitor business sites on the Web. By providing a comprehensive set of server components, management tools, and sample sites, Site Server 3.0 Commerce Edition significantly reduces development time and costs for business-to-consumer applications.

Using the provided set of Component Object Model (COM) objects, tools, wizards, and sample sites, one can add Internet commerce capabilities to an existing Web site or can quickly and easily create a new electronic commerce site. Commerce Server supports business-to-consumer sites as well as business-to-business and corporate purchasing sites.

• Business-to-consumer sites. Our area of interest in this paper, these sites sell products to the consumer through the web. Commerce Server includes support for advertising, promotions, cross-sells, secure payment, order processing, and consumer wallets.
• Business-to-business sites. This is the other hot application for e-commerce, as a replacement for EDI. Commerce server provides features for building business-to-business sites such as support for purchase orders, order approval routing, and the secure exchange of business information between trading partners.

By integrating with IIS and Windows NT Server, Site Server, Commerce Edition provides a secure, reliable, and comprehensive Internet commerce platform with ample scope or customizing the basic framework that it provides.

Components And Requirements

Site Server 3.0 Commerce Edition includes the following components:

• Commerce Server 3.0
• Site Server 3.0
• Windows NT Option Pack
  (Includes IIS, SQL Server 6.5 Evaluation Copy, MS Index Server,
  MTS, IE 4.01, MMC and NT SP3)
• MS FrontPage 98
• MS Visual InterDev
• Payment Software (Includes payment solutions from multiple payment application
  providers that can be used to perform online, real-time credit card
  authorization)
• Administrative Interfaces
  Microsoft Management Console (MMC), Web-based Administration
  (WebAdmin), and Command-Line Administration

To run Site Server Commerce Edition 3.0 Microsoft recommends the following configuration:

Intel and compatible systems

• A Pentium 100 or faster processor (Pentium 166 or Pentium PRO recommended)
• An Alpha processor

Additional requirements for all systems

• 64 MB of RAM (128 MB of RAM recommended)
• 1 GB required to install services plus additional disk space for content and user files
• Microsoft Windows NT Server 4.0 operating system and Microsoft Windows NT Server
• 4.0 Service Pack 3 or higher
• Microsoft Windows NT Server 4.0 Option Pack
• Microsoft Internet Explorer 4.01
• Microsoft SQL Server, or ODBC-compliant database
• CD-ROM drive
• Network adapter card
• VGA, Super VGA, or video graphics adapter, compatible with Windows NT Server 4.0
• Microsoft Mouse or compatible pointing device

Features

Site Server provides certain key features that help commerce-site building. These are highlighted here.

Site Builder Wizard And Site Foundation Wizard

The Site Foundation Wizard and Site Builder Wizard are designed to enable a simple, step-by-step approach to designing a commerce site. The wizards reduce the complexity of building a commerce site by building a complete database schema, scripting and HTML coding of the store front, enabling cross-selling and price promotions, creating stores with multi-level departments, and including products with varied attributes.

Order Processing Pipeline

Commerce Server uses pipelines to encapsulate site functionality. A pipeline is a collection of (COM) components, each of which performs some action in processing an order. The components of a pipeline run in sequence. The OPP is a series of distinct stages for managing orders according to specific business rules. Each stage of the Order Processing Pipeline handles targeted functions such as product tax, shipping, and handling charges, payment authorizations, and inventory checks. The OPP can be extended with software from multiple independent software vendors or fully customized with the Commerce Server Software Developer's Kit (SDK).

Microsoft Wallet

The Microsoft Wallet enables a user to store his personal information including credit card information in his 'wallet' and select it whenever a wallet-compatible site asks for information. The Site Builder Wizard generates sites that support MS Wallet.

Remote Commerce Site Management

Allows the Site Manager to manage the site remotely. This may include product updates, pricing adjustments, and promotions.

Security

Includes support for the secure transaction protocol, Secure Sockets Layer (SSL). The Site Builder Wizard generates sites that support SSL

Commerce Server SDK

Commerce Server SDKA set of open APIs that enable customization of the order process through add-on pipeline component building, various third party components, and easy integration with existing business systems.

Sample Commerce Sites

Commerce Server includes 5 sample commerce sites that are available for customers to deploy and customize. Each of the sample sites focus on different applications of Commerce Server.

Microsoft Transaction Server (MTS)

Integrates pipeline components by processing them as transactions to increase reliability.

Pipeline Editor

The Pipeline Editor is used to customize a site's pipeline for complete integration with legacy or other business systems. Both a Win32-based Pipeline Editor and a web-based Pipeline Editor are included to support both local and remote editing

The Promotion Manager

A tool for running price promotions and cross-selling and managing and updating promotions dynamically.

Installations

This section deals with the installation of Site Server 3.0, Commerce Edition. Please refer to the hardware requirements specified by Microsoft given in the Components and Requirements section

The following components should be installed prior to installing Site Server 3.0, Commerce Edition :

Windows NT Server 4.0 with NT Service Pack 3 or higher
Windows NT Option Pack (requires IE 4.01)

An ODBC-compliant, ANSI-standard SQL-based database management system is also required. Microsoft recommends Microsoft SQL Server 6.5 and the SQL Server Service Pack 4. An evaluation copy of SQL Server 6.5 is included on the Windows NT 4.0 Option Pack CDROM.

Note: It is important that Internet Explorer 4.01 be installed before installing NT Option Pack.

Installing Site Server

You must install the Standard Edition of Microsoft Site Server before you can install the Commerce Edition. When you run Setup, make sure you select the 'Complete' installation option.

After installing Site Server, the Site Server features can be run. Before being able to run the commerce features, Commerce Server will have to be installed.

Installing Commerce Server

Before installing Commerce Server, the DBMS will have to be installed. In the case of SQL Server 6.5, SQL Server Service Pack 4 and the updated executable file SQLSERVR.EXE must be installed. Both are provided on the Site Server 3.0 CD

Note: This section assumes you have a working knowledge of SQL Server 6.5. Please refer to SQL Server 6.5 Books Online for any information about SQL Server.

Configuring SQL Server 6.5

Before installing Commerce Server, SQL Server should be configured. Each configuration step is described in the following sections:

Registering Microsoft SQL Server

The SQL Server must be registered, using SQL Enterprise Manager.

Creating The Database Devices

Three database devices are needed: one large device to hold two Site Server databases, one to hold the logs, and another large device for increasing the size of the Tempdb database. The size of each device is given below

Create The Databases

Before running the Site Server Setup program to install Commerce Server and Ad Server, two databases need to be created:

• A 15MB database for Commerce Server sample site data. Create a database called Commerce.
• A 10MB database for Ad Server sample ad data. Create a database called Ads.

For both databases, make sure the Truncate Log on Checkpoint option is checked.

Increasing The Size Of The Tempdb Database

Expand the size of the Tempdb database by 23 MB using the SiteServer_TEMPDB device.

Creating DSNs For The Databases

To connect to the database, you should create at least one system data source name (DSN). Microsoft recommends that two system DSNs be created - one for the Commerce database and one for the Ad database.

Create two system DSNs AdServer and Commerce for the databases Ads and Commerce respectively.

Install Site Server, Commerce Edition

Commerce setup can now be run. Setup will check for file system type (FAT or NTFS) and configures Commerce Server accordingly. Before running setup make sure that you are logged in as an Administrator and that the SQLServer Service is running.

Select the 'Typical' installation option when running setup. Restart when done.

Site Server, Commerce Edition is now setup.

Developing A Commerce Site

Developing a Commerce Site is similar to developing an application and a structured approach is recommended. In this section Calsoft discuss a development methodology for the commerce site. Calsoft recommend an approach with the following stages

Each of the stages in explained below.

Scope

This stage involves the following activities :

Researching the business requirements
Projecting the Infrastructure needs of the solution
Establishing the overall technical architecture of the solution
Performing an initial analysis of the security, performance,
maintainability and integration issues
Specifying a schedule for development and implementation of the solution.

Prototype

Here a basic layout of the site is built so as to get a taste of what the site will look like. The prototype will essentially be the foundation for the final site and can be modified according to the customer's feedback.

Design

The design stage involves developing the Logical Design, designing the User Interface and deriving the Physical Design.

Implementation

The Implementation stage involves translating the design into the actual site. This can be in the form of changes and updates to the prototype. The key tasks here are - creating the user interface, developing custom components for the Order Processing Pipelines if needed and implementing database according to the design

Testing

The site should be tested before deployment. Among other things the site should be tested for security, user-interface, performance and ease of use.

Deployment

In this stage, the site developed should be deployed.

Requirements For Our Site

Before Calsoft start building our commerce site let us take a look at a set of requirements that the final site should satisfy.

• The web site should enable customers to shop with a shopping cart
• The catalog of products can contain
• Products from various vendors
• Sale announcements and other promotions
• Should feature customer registration
• Should support online payment using credit card. Additionally,
• Should support MS-Wallet
• Credit Card information should be securely transferred.
• Customer should receive e-mail confirmation of his/her order.
• The e-mail should also have a link to the Order Status page.
• Any order that is yet to be shipped can be cancelled by the customer
• Appropriate Error handling
• Suggestion of other recommended products to the customer
• Support for both Internet Explorer and Navigator

Following the usual Commerce Site development methodology suggested earlier, this set of requirements would have been arrived at in the Scope stage.

Building The Prototype

Calsoft is now ready to build a prototype sample site using the Site Foundation and Site Builder wizards. Building a site using Commerce Server essentially involves customizing a site generated using the wizards. Thus the wizard-generated site after implementing the initial UI can be used as the prototype. Commerce Server gives us a choice between making a copy of one of the Commerce Server sample sites or a custom site. Once Calsoft has generated a site, Calsoft can get down to database and user-interface design.

Building the prototype site involves the following steps

• Creating the site database
• Creating database logins
• Creating the DSN
• Creating the Site Foundation (Site Foundation Wizard)
• Generating the Site (Site Builder Wizard)

Commerce Server distinguishes between the Site's Administrator and the Site Operator. The Administrator performs steps 1-4 and manages the server while the Manager builds the site, maintains and manages it. Calsoft now take a look at each of the above steps.

Preparing the Database (Steps 1, 2 & 3) :

When the Site Foundation Wizard is run, you need to supply a data source name (DSN), a database login name and password, and other information that are needed for a connection string. The Site Foundation Wizard will create two configuration files: one for the site (\sitename\Config\site.csc) and one for its Manager pages (\sitename\Manager\Config\site.csc). Both site.csc files hold the connection string used for accessing the site's database. The Site Builder Wizard obtains the database connection information from the site.csc file and uses it to connect to the database and create the schema.

For our site, Calsoft create a database, Samplesite. Calsoft also create two logins samplesite_manager and samplesite_visitor, the former for the site manager and the latter for the site visitor. Samplesite_manager should be aliased to DBO. The samplesite_visitor account will be used by the site's Active Server Pages to run queries on the database.

The next step is to create a DSN (call it Samplemanager) for the sample site. This is done using the ODBC Data Source Administrator utility in Windows Control Panel.

Calsoft is now ready to run the Site Foundation Wizard (SFW).

Creating the Site Foundation

By Site Foundation Calsoft mean the following elements of the site

• The IIS virtual directory and directory structure
• The Site configuration files (\sitename\Config\site.csc for the site and \sitename\Manager\Config\site.csc for the Manager's pages). These files store the connection string for the site's database and the name of Windows NT account that has access permission to the site's Manager pages.
• A local Windows NT group (Commerce_sitename_WebSiteinstance) for the site's operators

The SFW is used to create the Site's Foundation. Go through the steps following the instruction on screen. Some specific points that are of interest at the time of creating the foundation are listed below.

If you create the commerce site on a FrontPage-enabled Web site (in IIS), you will be able to edit your new commerce site with FrontPage or Microsoft Visual InterDev. The Windows NT account you choose will be the site manager's login.

After the foundation has been created the site's directory structure should look similar to what is shown below. The _vti_ directories are for FrontPage support. The Assets directory is where the logo, product images are stored. The Config directory is where the site.csc file is stored and the Sql subdirectory holds the SQL scripts for creating the database schema and inserting sample data. The Manager directory holds the site manager's section.

When new site foundation is created, the site's status is set to Open by default, even though the site is not yet functional. Site creation must be completed using the Site Builder Wizard before accessing the site's pages.

Building The Site :

The Site Manager can connect to the manager's pages and build the site by running the Site Builder Wizard (SBW). This will generate all the files and database tables, including product pages, basic layout, shipping and handling, tax and payment. This will build the actual store that will exist on top of the site foundation created in the previous section.

Run the SBW and follow the instructions on screen. Some points of interest when building the site are given below.

The Locale step defines the default locale to be used in your store. This will drive the configuration of the default tax calculation component as well as the format used to display currency and other localized variables.

Price promotions allow you to offer promotions such as discounts based on dollars spent or percentage discounts or a two-for-one promotion. Cross-sell promotions will allow the site to offer a related product when a shopper selects a particular product.

In the Features step, you can choose if and when you want shoppers to register at your site and whether you wish to maintain this shopper information in the site's database.The Product Attribute Type step is based on the type of products that the site intends to offer. With Static Attributes, all products have the same attributes. Dynamic Attributes allows the site to sell products that might differ in the attributes, for example, the one item may be offered in multiple colors, but not list the manufacturers name, and another item, such as a shirt, might have varied sizes, neck size, sleeve and color.

The Order History step offers the option for the site to store a shopper's order history and receipt information. This information is useful to customers who may wish to look-up existing orders. In addition, it can provide a source for integrating into an existing customer service application.

After running the SBW, our sample site is now ready and Open for shopping.

Let us take a look at how the wizard-generated site meets many of the stated requirements right 'out of the box'. With reference to the list of requirements given earlier, the site meets the following requirements at this stage - 1, 2.2, 3, 4.1, 8, 9 and 10.

The site Calsoft has just built can be used as a prototype after implementing the initial UI. The Design phase is next.

Design

The design phase involves coming up with the overall structure of the site. This task would be mammoth if it were not made easier by the SBW since it automatically generates the basic structure of a commerce site with features like a shopping cart, shopper ID, order ID etc. To build the design for our site Calsoft has to design it around the existing commerce site design. There are essentially three aspects to site design in Commerce Server - designing the database, the OrderForm and the Order Processing Pipeline (OPP). A Commerce Server site populates its pages with data obtained dynamically from its database. The database holds all the data related to the site - data related to the products, shoppers. The site performance and reliability is influenced by the database design.

The OrderForm object provides storage for customer and purchase information. A Commerce Server site uses the OrderForm object to store the items that a customer has placed in the basket, to store bill_to, ship_to and receipt information.

The OPP is a collection of components that encapsulates the processing that is performed on the OrderForm. Each component in the OPP has its own distinct function that it performs on the OrderForm.

This document being of limited scope, this design section focuses on a single example of each of the 3 different design aspects.

At the end of the design stage Calsoft should be clear about what is to be done in the Implementation stage.

Database Design :

Central to the design of the site is the design of the site database. Much of the database schema required for a commerce site is automatically generated by the SBW. However if you already have a product database in place, and you want the Commerce Server site to use it, you can select a sample site whose product schema most closely matches the existing database. You can use the SBW to copy that sample site, and then modify the queries as appropriate for your database.

In the sample sites, database queries that are used to display information (such as product descriptions and properties) on the page are defined in the ASP (Active Server Pages) file for that page.

To accommodate a different product schema, one need only modify the query as needed and create a combination of HTML and scripting to display the product information on the page.

In the case of our sample site, the need to modify the wizard-generated database schema arises because of the following requirement.

The product catalog can have products from various vendors

This requirement introduces a new entity into the schema - the vendor or manufacturer. This leads to a new relationship between the products table and the vendor table.

When translated into physical design the entity maps to a new table. A new table to hold vendor attributes is created. The relationship between products and a vendor is a many-to-one relationship. This maps to a new column in the products table that holds the Vendor ID.

In general, a fair bit of denormalization is recommended because it can result in significant performance gains. Database queries should be kept to a minimum to increase speed.

OrderForm Values :

The OrderForm object is a Commerce Server Dictionary object (For more information about Commerce Server Objects see Commerce Server Object Reference in the Commerce Server Documentation). The OrderForm object serves as working storage for order form data being collected or processed (the shopping basket).

An OrderForm object is defined internally as a structured group of SimpleList and Dictionary objects, and includes the methods required to add items, clear items, and clear the entire OrderForm itself. Commerce Server sites use the OrderForm object to store items that a shopper might have chosen to purchase, and to store receipt information that will hold a shopper's order history.

Some of the common values that the OrderForm might hold are – Shopper_id, name, address, order cost information, purchase subtotal, tax, shipping and total.

The OrderForm does not directly support storage of its data on disk – instead the DBStorage object is used to accomplish this. For more information, see The OrderForm Table and the DBStorage Object in Commerce Server Documentation.

Getting back to our Sample Site, Calsoft would need to add a few values to the OrderForm. This is necessitated by the following requirement

Customer should receive e-mail confirmation of his/her order.

This functionality will be implemented by the SendSMTP component in the Purchase Pipeline. The SendSMTP component will require the following information.

• Order_ email_subject
• The subject for the order confirmation to be sent by e-mail to the customer.
• Order_email_body
• The message body for the order confirmation to be sent by e-mail to the customer

Order Processing Pipeline (OPP) :

The Commerce Server pipeline is a software infrastructure that links one or more components and runs them in sequence on the OrderForm object. Each stage in a pipeline consists of zero or more components, and each of these components is run in sequence. A component is a Component Object Model (COM) object that is designed to perform some operation on an OrderForm. Usually, each component has its own small task to perform. For example, the FixedShipping component checks for the right shipping method and sets the shipping cost to the appropriate value.

A business to consumer commerce site in Commerce Server uses three kinds of OPPs – the Product, Plan and Purchase pipelines. The product pipeline is of little interest to us. The plan pipeline consists of 14 stages, which consist of components that verify the integrity of the OrderForm. The Purchase pipeline has three stages and has components that accept the final purchase of an order form, write an order to database storage and finalize a receipt and write the contents of the OrderForm to the receipt database.

The Purchase pipeline is usually run once an OrderForm has been run successfully through the Plan pipeline, and the shopper has confirmed his/her desire to finalize a purchase. (For more information about the OPP please see the com_opp.doc file in Commerce Server documentation.)

Commerce server includes the requisite basic pipeline components needed for a basic commerce site. When you run the SBW, it automatically creates the 3 OPPs required for the site – this site does not however feature real-time credit card validation and only includes very basic tax and shipping components. Various third party components are available for these functions. For the latest list of available components visit Our sample site shall use the default tax and shipping components. However Calsoft need to add a new component to handle the below requirement.

Customer should receive e-mail confirmation of his/her order

Introducing this functionality into the site means that Calsoft has to add the SendSMTP component to the Purchase pipeline.

In the next section, Calsoft shall look at how Calsoft can implement the above design decisions using Site Server 3.0, Commerce Edition.

Custom Pipeline Components :

Very often, you may feel the need to develop a custom COM component to include in your pipeline. The recommended method of developing pipeline components is to develop them using the Active Template Library (ATL) in Visual C++ 5.0. Custom Component development is outside the scope of this paper and Calsoft does not deal with it. For further information about developing custom pipeline components, read the Com_WritingComponents.doc file in Commerce Server documentation. For information about COM and ATL, newbies can refer to Inside COM and Beginning ATL COM Programming. More advanced programmers may prefer Professional ATL COM Programming.

Implementation

The implementation stage is where the design is translated into actual changes to the prototype. This stage includes UI changes depending upon feedback from the customer, custom development of components (if any), changes to the database schema and changes to the ASP files. Calsoft does not deal with UI implementation or custom components however. At the end of Implementation, Calsoft should have a working commerce site that satisfies all listed requirements.

The implementation stage involves modifying the SBW-generated ASP files. Although this can be done using Visual Interdev, most developers are comfortable using a text editor such as Notepad to manually edit the files. The ASP files are like HTML files with added functionality, they are responsible for the look of the site and the UI in general.

Editing the Pipeline involves running the Pipeline Editor – this can be done by running the program or through the Site Manager pages.

Database Implementation :

Database Implementation deals with making changes to the SBW-generated database to make it conform to the database schema. These changes will usually cascade into changes to the appropriate ASP files as well. In the case of our Sample Site it would require adding a new table called Vendors that holds the attributes of the Vendor such as ID, name, address, phone, fax, e-mail address, home page address etc.

To relate products with their vendors Calsoft define a many-to-one relationship that translates into an additional column in the product table that will hold the ID of the vendor.

Both these changes require updates to the ASP files. The addition of a new entity will necessitate a new section of pages in the Site Manager section where you can add and delete new Vendors and edit attributes of existing vendors.

The addition of a new column to the product table will require changes to the ASPs that add and edit products in the manager section. In the shopper pages, the product.asp file will require modification to also show the vendor name and link to another page where information about the vendor can be displayed.

In general, any change made to the database schema will result in a number of changes to the ASP files associated.

Editing the Pipeline :

Requirements 5 and 6 can be met by introducing the SendSMTP component in the Purchase pipeline. Since the e-mail is sent in order to confirm the order, Calsoft should include it in the Accept Stage.

Adding the SendSMTP component requires that Calsoft also add a Scriptor component just before the SendSMTP component.

The code for the Scriptor component should set the orderform.[_email_subject] and orderform.[_email_body] values that will be read by the SendSMTP component. Note that this is essentially the same as adding these two values to the OrderForm.

For more information see …Send a Purchase Confirmation by E-Mail in the Commerce Documentation.

The VBScript code for the Scriptor component that precedes SendSMTP would look like this

Function mscsexecute(config, orderform, context, flags) Dim mscsMessageManager, mscsDataFunctions, mscsPage Set mscsMessagemanager = context.MessageManager Set mscsDataFunctions = context.DataFunctions Set mscsPage = context.Page orderform.[_email_subject] = mscsMessagemanager.GetMessage("email_subject") orderform.[_email_body] = mscsMessagemanager.GetMessage("email_body") _ & chr(10) & chr(13) & _ mscsMessagemanager.GetMessage ("email_tracking") & orderform.[order_id] _ & chr(10) & chr(13) & _ mscsMessagemanager.GetMessage("email_total") & _ mscsDataFunctions.Money( CLng(orderform.[_total_total])) _ & chr(10) & chr(13) & _ MSCSMessageManager.GetMessage("email_receipt") & _ mscsPage.URL("receipt.asp", "order_id", orderform.[order_id]) mscsexecute = 1 End Function

Securing the Site

Going back to our list of requirements, Calsoft still have the following requirement to be met

Credit Card information should be securely transferred

This means the ASP file that receives the credit card information entered by the shopper through form post should be secured by SSL (Secure Sockets Layer).

If configured in IIS, Commerce Server–based sites use SSL to encrypt transactions passed over a secure port. For information about configuring SSL, see Setting Up SSL on Your Server in the IIS online documentation.

By default however, HTTPS (Secure HTTP used over SSL) is disabled in sites created with the Site Foundation Wizard. Commerce Server does this to enable developers to create and test these sites without causing an error even on a server where a server certificate is not installed.

Note: To enable SSL, you must install a valid server certificate. For further details about obtaining a certificate for your server.

To enable HTTPS using Commerce Host Administration (MMC), select the Web site, select Properties and the Security tab, and then select the Enable HTTPS check box. You will also need to enter the secure and non-secure hostnames.

Database Access through ADO :

Calsoft still have one more requirement to be met.

Any order that is yet to be shipped can be cancelled by the customer

To implement this, Calsoft has to go back to the ASPs again. In the SBW-generated site, the status of the order is maintained in a separate field in the receipt table. The site does not, however, maintain status automatically. To do this the ASPs, which display order data in the manager's pages will have to modified to allow the manager to set the status of the order.

Once Calsoft has taken care of maintaining Order status, Calsoft will now have to display this information to the customer. This should be done in the receipt.asp file which displays the order information to the customer. Here, when Calsoft display the order status Calsoft can perform a check to see if it has been shipped. If it has not been shipped yet the customer can be presented with an option to cancel the order. If the customer chooses this option, the status of the order should be set to indicate the cancelled status. The code snippet for this would look like this

cmdTemp.CommandText = Replace("SELECT * FROM table_receipt WHERE order_id = ?", "?", "'" & Replace(Request("order_id"),"'","''") & "'") Set rsExe = Server.CreateObject("ADODB.Recordset") rsExe.Open cmdTemp, , adOpenStatic, adLockOptimistic status = "Cancelled" rsExe.Update "status", status

Note: The site manager and shopper pages use different logins to access the database. If the shopper should be able to cancel the order then the samplesite_visitor account should have appropriate permission.

Tip: It usually helps to have an additional stage before 'shipped' which will indicate the status when the order has almost been shipped. This will help avoid losses that may arise when a customer cancels an order that is about to be shipped.

With that, our little sample site is now ready and is fully functional except for payment verification. The site should be subjected to testing before deployment.

Above:A Commerce Site serversite after customization

Security

Site security is very crucial in a commerce site – crucial enough to deserve a section of its own. Exaggerated reports of credit card fraud on the internet has led to people being highly apprehensive of shopping on the internet. However this initial mental barrier is now being overcome as more people take to shopping on the net.

Site security is definitely one of the most important factors, if not the most, that the site designer will have to spend time on at all stages. The most basic security requirement is that customers of a Commerce Server site need assurance that confidential information such as passwords and credit-card numbers are protected from unwanted access. To achieve this, Commerce Server supports the industry-standard SSL.

SSL and HTTPS :

Security of Credit Card information is the primary concern for the customer. By default, Commerce Server sites do not store credit card information used in an online transaction. Security of credit card information over the internet is implemented using SSL.

In a nutshell, SSL is a method of data encryption that is used to secure transactions between the client and the server. The client and server share an encrypted session key that is generated by the client software. This key is transferred to the server using the server's public key. Using the server's public key to encrypt the session key ensures that only the private key of this pair will be able to decrypt the session key.

To receive a page that is secured by SSL, the browser sends a request using the HTTPS (S for Secure) protocol. In HTTPS, the URL for the restricted Web site starts with https:// instead of the normal http://.

Security of Site files

Commerce Server sites run on Internet Information Server (IIS). IIS employs a security model that is tightly integrated with Windows NT security (NT security is C-2 level). Using NTFS (NT File System), you can configure a file or directory to enable access by a particular user and/or group. Permissions are assigned by an access control list (ACL). This list contains the users and groups that are permitted to use that particular resource.

IIS adds another level of security over NT's NTFS file security. You may also set permissions in IIS. For example, a directory may be configured in Windows NT to grant access to everyone, but that same directory can be configured in IIS not to be read or written. In such a case, the file can be accessed locally or through a network (if the directory is shared), but not through a client browser accessing the site through the Web server.

Site Managers :

For every Commerce Server site, a group is created that permits access to the site's manager pages. This group is named Commerce__ (Commerce_sampsite_1 for the our sample site). The users in this group are the operators of that particular Commerce Server site. This group permits access to the site's manager pages, along with Read/Write access to all of the site's files. An operator of one Commerce Server site does not have this type of access to any other Commerce Server site.

Database Security

Database security is implemented using SQL Server standard security. This only allows access to the database login names and passwords that are authorized to access the database. If IIS and SQL Server are set up on separate machines, the protocol used to connect them determines the type of authentication used. In cases, this may also involve a NT user account and password. It is the responsibility of the Administrator to ensure tight control of database access permissions.

Configuring the network against external intrusions

Guarding the site from external intrusions is also critical. However, this can be accomplished rather cost-effectively through a standard firewall-safe network configuration.

In such a configuration, the network would be guarded by a firewall (or proxy server) that would allow certain 'De-Militarized Zones' (DMZs). These DMZs are the areas of the internal network that may be accessed by external (or Internet) users. The firewall would be configured to allow HTTP access to the Commerce Server on the LAN. The database server however will not be publicly accessible. All database access from the Commerce Server machine would have to go through the firewall, as the Commerce Server will not be connected to the Data. For critical purposes, having the same machine as a Commerce Server as well as the database server is not recommended.

Conclusion

Calsoft has built a basic Commerce Site from scratch using Site Server 3.0, Commerce Edition. Following the suggested methodology, Calsoft has gone through the stages in the development of a Commerce site. A reader who has read this paper making appropriate references to the Commerce Server documentation should now have a fairly good idea of the development of a Commerce Site. To learn more about Commerce Server, the best resource at the time of writing is the Commerce Server documentation itself.