Contents
Overview 1
Mechanics of Web-Based Purchasing 2
Using COM+ in E-Commerce 11
Using Commerce Server 2000 17
Lab 6: Creating Pipeline Objects for
the OPP 30
Review 37

Module 6: Transaction
Processing on the
Business Logic Layer

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2001 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, BizTalk Server, FoxPro, FrontPage, Hotmail, Jscript,
Outlook, PowerPoint, Visio, Visual Basic, Visual C#, Visual C++, Visual Studio, Windows, and
Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries.

Other product and company names mentioned herein may be the trademarks of their respective
owners.


Module 6: Transaction Processing on the Business Logic Layer iii

Instructor Notes
This module provides students with an overview of the transactional and
security issues that are encountered on the business logic layer of an e-business
Web site. The module then discusses the Microsoft
®
.NET technologies that
minimize these issues.
After completing this module, students will be able to:

Identify the requirements of Web-based purchasing.

Explain the mechanisms that can be used for credit card purchases.

Identify the security issues related to conducting business-to-consumer
(B2C) e-commerce.


Explain the features of COM+.

Describe how asynchronous processing can benefit B2C e-commerce.

Describe the solutions available from Microsoft Commerce Server 2000 that
address the security and transactional issues on the business logic layer.

Materials and Preparation
This section provides the materials and preparation tasks that you need to teach
this module.
Required Materials
To teach this module, you need the following materials:

Microsoft PowerPoint
®
file 2260A_6.ppt

Module 6, “Transaction Processing on the Business Logic Layer”

Lab 6, “Creating Pipeline Objects for the OPP”

Preparation Tasks
To prepare for this module, you should:

Read all of the materials for this module.

Complete the lab.

Practice adding and removing objects from the plan pipeline for the
demonstration.


Presentation:
55 Minutes

Lab:
30 Minutes
iv Module 6: Transaction Processing on the Business Logic Layer

Module Strategy
Use the following strategy to present this module:

Mechanics of Web-Based Purchasing
Enumerate the key pieces of information that must be gathered to enable a
successful transaction. Do not talk about issues on state management in this
section because they have already been discussed in Module 5, “Managing
the Business Logic Layer,” in Course 2260A, Designing E-Business
Applications with Microsoft .NET Enterprise Servers. Also, discuss the legal
and tax issues involved in Web-based purchasing.

Using COM+ in E-Commerce
After determining what information to gather and the rules by which it will
be manipulated, the developer plans how to implement business logic on the
site. In this context, introduce the concept of COM+. Describe the
advantages of encapsulation and transaction processing, and describe the
asynchronous communication mechanisms that COM+ offers. Do not cover
the role of COM+ in business-to-business (B2B) transactions because that
topic is covered in Module 7, “Integrating with External Systems,” in
Course 2260A, Designing E-Business Applications with Microsoft .NET
Enterprise Servers.


Using Commerce Server 2000
Commerce Server 2000 includes many features that enable it to implement
business logic in an e-commerce Web site. In this section, examine those
features, such as the Order Processing Pipeline (OPP). Be aware that the
B2B element that was found in Microsoft Commerce Server 3.0 is now part
of Microsoft BizTalk Server
™
2000 and is discussed in Module 8,
“Exchanging Business Data,” in Course 2260A, Designing E-Business
Applications with Microsoft .NET Enterprise Servers. This section includes
a demonstration of modifying an OPP by using the Pipeline Editor.

Lab 6: Creating Pipeline Objects for the OPP
In this lab, students will create a pipeline object to insert into the OPP. The
pipeline object will determine the handling cost associated with a
transaction at the Commerce Server 2000 Retail Solution Site.

Module 6: Transaction Processing on the Business Logic Layer 1

Overview

Mechanics of Web-Based Purchasing

Using COM+ in E-Commerce

Using Commerce Server 2000

*****************************I
LLEGAL FOR
N

ON
-T
RAINER
U
SE
*****************************
After the customers that use an e-business site have chosen the goods or
services that they wish to buy, the next step is to complete the purchase. This
process has several security and transactional issues associated with it. This
module describes such issues and discusses how they can be addressed.
After completing this module, you will be able to:

Identify the requirements of Web-based purchasing.

Explain the mechanisms that can be used for credit card purchases.

Identify the security issues related to conducting business-to-consumer
(B2C) e-commerce.

Explain the features of COM+.

Describe how asynchronous processing can benefit B2C e-commerce.

Describe the solutions from Microsoft
®
Commerce Server 2000 that address
the security and transactional issues on the business logic layer.

Topic Objective
To provide an overview of

the module topics and
objectives.
Lead-in
In this module, you will learn
how to plan an e-commerce
transaction processing
architecture that will
overcome some problems of
Web-based purchasing at
the business logic layer.
2 Module 6: Transaction Processing on the Business Logic Layer



 Mechanics of Web-Based Purchasing

Gathering User and Order Information

Handling Legal and Tax Issues

Selecting Payment Options

Securing the Payment for Orders

*****************************I
LLEGAL FOR
N
ON
-T
RAINER

U
SE
*****************************
Implementing Web-based purchasing solutions involves more than simply
presenting goods to the customer and accepting payment. It includes issues such
as presenting payment options and gathering user information along with tax
and legal issues.
This section examines some of the processes that facilitate the purchase of
goods at an e-commerce Web site.
Topic Objective
To introduce the
requirements for enabling
Web-based purchasing.
Lead-in
In this section, you will
examine some of the
processes that enable the
purchase of goods at an
e-commerce site.
Module 6: Transaction Processing on the Business Logic Layer 3

Gathering User and Order Information

Before a purchase, gather information about the list of
products, billing address, shipping address, and
payment details

To gather information:

Present a series of forms to the user


Store information about the current purchase in a
session-based location

Store customer information, such as billing address, on a
long-term basis

Before calculating the total price, take into
consideration product- and customer-specific
discounts, promotions, and shipping and tax charges

*****************************I
LLEGAL FOR
N
ON
-T
RAINER
U
SE
*****************************
The purchasing process on an e-commerce site has several stages. For example,
the site needs to track the products that shoppers have put into their carts before
they proceed to the checkout routine.
It is critical that you make the checkout process as clear and intuitive as
possible. If the checkout process is not user-friendly, the business can lose
many customers.
Gathering Information
Before the customer can make a purchase, the e-commerce application must
gather certain information, including:


A list of the products that the customer wishes to purchase.

A billing address.

A shipping address.

Payment details.

If some of this information is already stored for a particular user, as might be
the case in a membership-based site, the site must retrieve it for the user, rather
than requiring the user to re-type the information.
To gather the information, you must:

Present a series of forms to the user.
To ease the input and validation of information, you can implement
Microsoft ASP.NET Web forms. These are easy to implement and provide
fast feedback to the client about incorrect entries without requiring a round-
trip to the server.
Topic Objective
To list the information that is
gathered before a
customer’s purchase.
Lead-in
Before a successful
purchase, the e-commerce
application must gather
relevant information. Let’s
look at that information and
the methods that the
developer can use to

collect it.
4 Module 6: Transaction Processing on the Business Logic Layer


Store information about the current purchase in a session-based location.
This session-based location would typically be an ASP.NET Session object;
however, when using Commerce Server 2000, the session-based location is
the OrderForm object. The OrderForm object is discussed later in this
module.

Store customer information, such as billing address, on a long-term basis.
Although this is not strictly necessary, it will improve the perceived ease of
use of your e-commerce site. You might typically store this information in a
back-end database or Lightweight Directory Access Protocol (LDAP)
directory.

Preparing for the Purchase
Before the application can calculate the total price for the selected goods,
certain factors must be considered, such as:

Discounts or promotions on individual products.

Customer-specific discounts.

Total number of items of each product purchased.

Discounts based on multiple products purchased together.

Shipping costs.


Tax due on the products.

The application must also check whether the goods a customer wants to order
are currently in stock. This will affect whether the purchase takes place and
whether the purchase takes place immediately or at a later time when the
supplier can supply the goods.
Each of these purchasing calculations forms part of the business logic of the
application. The preferred method for incorporating business logic into a
Microsoft .NET application is encapsulating it in COM+ components. The
advantages of this approach are discussed later in this module.
Module 6: Transaction Processing on the Business Logic Layer 5

Handling Legal and Tax Issues

Legal Issues

Terms and conditions

Liability

Privacy and data protection

Taxation

Tax rates and requirements can vary
- Between nations and states
- Depending on the type of product purchased

*****************************I
LLEGAL FOR

N
ON
-T
RAINER
U
SE
*****************************
Generally, the same rules that apply to any other form of commerce also govern
e-commerce; however, you must give particular consideration to international
or cross-state trade.
Legal Issues
Before an e-commerce site begins trading, various legal issues must be
considered, including:

What are the terms and conditions of sale? Will they be valid in all of the
locations to which you plan to export? How does a customer return a
product?

Is there any liability involved with the sale? If so, what sort of disclaimers
do you need to display?

Can you export the product to the user's location? For example, you must be
aware of export restrictions on encryption products outside the United States
of America if you create an application for a vendor of such products.

If the site is collecting personal details, does it comply with relevant data
protection acts? Does it ensure that the privacy of children under 13 is
preserved in accordance with the Federal Trade Commission Children's
Online Privacy Protection Act (COPPA)?


These are just a few of the legal issues that e-commerce site developers must
deal with. Vendors are strongly recommended to seek professional legal advice
before setting up their sites. National and international law relating to
e-commerce changes rapidly, so it must be a regular part of site reviews to
make sure the site remains in compliance.
Topic Objective
To introduce the legal and
tax frameworks with which
e-commerce sites must
comply.
Lead-in
Non-technical issues have a
significant impact on the
design of an e-commerce
site. As a developer, you
need to be aware of these
issues so that you can
design a solution that is
flexible enough to cope with
changing rules and
regulations.
6 Module 6: Transaction Processing on the Business Logic Layer

Taxation
Just as different states and nations have their own laws, their taxation systems
and requirements can also vary greatly. These issues pertain to the
responsibilities of both vendors and consumers, including the responsibility to
ensure that the correct taxes are paid.
Taxation rates and requirements can also vary depending on the type of product
being purchased. A list of the current status of Web-related taxation information

for U.S. states is maintained by Vertex Inc. at .
The part of the ordering process that calculates taxes must be able to handle
these variations. The use of substitutable Component Object Model (COM)
components can help to adapt the sales process appropriately.
Module 6: Transaction Processing on the Business Logic Layer 7

Selecting Payment Options

Payment Options

Credit card

Electronic cash

Micro-payments

Purchase order

Check or money order

*****************************I
LLEGAL FOR
N
ON
-T
RAINER
U
SE
*****************************
There are many ways to transfer money between customer and vendor. When

you design an e-commerce Web site, you must select a system that customers
can use confidently and that is appropriate for the value of goods that are sold.
Payment Options
Let us look at the payment options that you can choose from to implement in
your e-commerce site:

Credit card
By far the most popular method of online payment, credit card payments are
familiar to the customer and offer a readily available infrastructure for
checking credit that is used by major retailers.

Electronic cash
There are various mechanisms that allow the user to store hard cash in an
electronic format (e-cash) and then transfer it to a vendor. For example,
users can transfer money to an electronic cash account directly from a bank
account or by using a credit card. The electronic cash that they receive has a
unique identifier that is extremely hard to forge. The user can pay for items
at Web sites that support e-cash. For more information about e-cash, see the
eCash Global Software Solutions Web site at

Micro-payments
This variation on e-cash can be used for goods or services that are of small
value, such as individual newspaper articles, technical white papers, and
pay-per-play music tracks. The cost of the transaction must be small enough
to make micro-payments worthwhile. The solution for debiting the user’s
account must also be as simple as possible. The user does not want to
continually fill in forms for every page of premium content that they visit.
Topic Objective
To introduce some of the
payment options available to

shoppers.
Lead-in
Most people think of credit
cards when they consider
how payments might be
made over the Web.
However, there are other
options.
8 Module 6: Transaction Processing on the Business Logic Layer


Purchase order
By setting up an account facility between a customer and a vendor, a
purchase-order number can be used instead of direct payment. Usually, this
is practical only in business-to-business (B2B) scenarios, in which there is
an ongoing relationship between trading partners. B2C e-commerce tends to
be more sporadic in nature and deals with lower volume, so the use of
purchase orders is not usually appropriate for B2C e-commerce.

Check or money order
Although personal checks and money orders are valid payment methods at
many shops, they have their drawbacks in e-commerce transactions. Among
the problems are the time lag between order and payment and the fact that
checks and money orders are difficult to use in an international context.

Module 6: Transaction Processing on the Business Logic Layer 9

Securing the Payment for Orders

Payment over a secure channel must be secure,

complete, and efficient

To implement a secure channel:

Obtain a server certificate

Create payment pages using HTML or ASP.NET forms

Configure the Web server to provide secure access to
the payment pages

Ensure that all the links to payment pages use “https://”

To process credit card information, you can use a batch
system or real-time processing method

*****************************I
LLEGAL FOR
N
ON
-T
RAINER
U
SE
*****************************
When payment information passes between customer and vendor, it must be
protected from unauthorized access. A secure channel can provide this
protection.
Payment Over a Secure Channel
The simplest way to obtain payment information from a user is to provide one

or more Hypertext Markup Language (HTML) forms. The submission of
payment information must be:

Secure
The pages containing the forms must be accessed through only a secure
channel, usually Secure Sockets Layer (SSL).

Complete
All personal information requested from a user must be obtained in a
consistent way. This applies as much to the billing address as to the credit
card number and expiration date.

Efficient
If a user has registered as a member of an e-commerce site or has purchased
products at the site before, it may be possible to offer default values for
billing information, shipping address, and so on.

The simplicity of the secure channel method has made it widespread across the
Web.
Topic Objective
To describe how to secure
the payment processing on
your e-commerce site.
Lead-in
When payment information
passes between customer
and vendor, it must be
protected from unauthorized
access.
Delivery Tip

While explaining server
certificates, point out to
students the options to be
used in Microsoft
Management Console
(MMC) of Internet
Information Services (IIS)
for initiating the request for a
certificate.
10 Module 6: Transaction Processing on the Business Logic Layer

Implementing a Secure Channel
To implement payment over a secure channel in a .NET application, you must
do the following:

Obtain a server certificate to allow your server to set up secure connections
with clients.
Server certificates can be obtained from companies such as Verisign. The
process for requesting a certificate can be initiated in Microsoft
Management Console (MMC) of Internet Information Services (IIS). You
can start the wizard-based configuration routine by clicking the Server
Certificate button on the Directory Security tab.

Create the payment pages by using HTML forms or ASP.NET Web forms
to accept credit card details and other user information.
The forms used to submit payment information must include some client-
side validation, such as verifying the correct number of digits in a card
number.

Configure the Web server to provide secure access to the payment pages.

You can configure the Web server on the Internet Server Manager
Directory Security tab.

Ensure that all the links to the payment pages require the use of a secure
channel by using the prefix https://.
You can do this by updating all the current links with the prefix http:// to
https://.

Add processing on the server side to take the credit card information and use
it to perform the fund transfer.

The last step, processing the credit card, is the most complex one. The process
required to validate a card, including checking for stolen cards, is beyond the
standard programming skills of most developers. Therefore, there are several
options for processing the credit card:

Store the credit card information and obtain authorization later by telephone.
The customer will be informed of the success or failure of the transaction
through e-mail. This is very labor intensive and slow.

Use a batch system to submit a set of credit card details to a payment
processor.
Although this requires less effort than using the telephone, it is still not a
real-time process.

Submit the card information in real time.
The customer will receive immediate feedback on the success or failure of
the financial transaction.

The type of processing you choose will depend on the performance

requirements of your system. Although real-time processing seems like the best
option, it can slow down the overall transaction rate of the system, and a batch
mechanism may be better. In either case, you will need to use third-party
software as part of your business logic. This software will submit the card
information to the payment processor for authorization. As the developer, you
will decide which software to use and how to integrate it with the site. You will
see how Commerce Server 2000 makes the process easier later in this module.
Module 6: Transaction Processing on the Business Logic Layer 11





Using COM+ in E-Commerce

Encapsulating Business Logic in Components

Transacting the Purchase Using COM+

Making the Purchase Asynchronous

*****************************I
LLEGAL FOR
N
ON
-T
RAINER
U
SE
*****************************

After you have determined which information to gather and the rules by which
it will be manipulated, you will then decide how to implement business logic. It
is recommended that developers implement business logic in COM+
components to develop applications that are easily scalable and manageable as
part of the .NET strategy.
Topic Objective
To introduce the concepts of
COM+.
Lead-in
It is recommended that
developers implement
businesses logic in COM+
components.
12 Module 6: Transaction Processing on the Business Logic Layer

Encapsulating Business Logic in Components

Advantages of encapsulating business logic in COM+
components

Atomicity

Flexibility

Substitutability

Integration with Commerce Server 2000

*****************************I
LLEGAL FOR

N
ON
-T
RAINER
U
SE
*****************************
A major advantage of using COM+ components is that they can encapsulate
business logic. You can write COM+ components in languages such as
Microsoft Visual Basic
®
, Microsoft Visual C++
®
, and Microsoft Visual C#
™
.
COM+ components can be invoked from Active Server Pages (ASP) or
ASP.NET pages on IIS. The components run on the Web server; because Web
users do not access the COM+ components directly, there are no browser
compatibility issues. The advantages of implementing business logic in COM+
components are:

Atomicity
Suitably written COM+ components can take part in a transaction. This
means that business operations, such as reducing stock levels, can be
automatically undone if any other part of the purchase fails.

Flexibility
Separating business logic from user-interface workflow provides a high
degree of flexibility, thereby allowing the developer to quickly reconfigure

the system as application requirements change.

Substitutability
If the business rules for any part of an e-commerce application change, it is
simple to create a new COM+ component that can retain the COM+
interfaces of the original component while implementing the new business
rules.

Integration with Commerce Server
By implementing the appropriate COM interface, the developer can easily
incorporate the component as part of a Commerce Server pipeline. The
interface that needs to be implemented to use components in the Commerce
Server pipeline is called IpipelineComponent.

Topic Objective
To introduce the advantages
of COM+.
Lead-in
COM+ components can be
written in languages such as
Visual Basic, Visual C++,
and C#.
Delivery Tip
While explaining the
advantages of COM+
components, tell the
students that they can write
business logic in COM+
components and include
them in a Commerce Server

pipeline.