Best way to pass object between asp.net applications

Question

We have a few applications that will be passing a token object around and I wanted to get an idea about the best approach at doing this.

For starters, this token object is somewhat simple. It would have about 5 properties or so.

1. Would we create a WCF app and reference it through a datacontract?
2. What about serializing it and sending it through an http post? (each app have a referenced dll of the object)
3. Querystring? (I truly don't think this would be good, but put it up nonetheless)
4. ?

Let me clarify this as well. I'm not concerned with persisting the data, but more of a best practice approach when just using and referencing this class

Anyways, just looking for ideas from you folks who are a lot smarter than me.

Thanks Jonathan

Answer 1

If all of your asp.net applications are on the same network, then the simplest and safest thing might be to store the class data into its own table a database, get a unique id reference to that entry back (GUID or identity), and then pass that reference around.

This is similar to the approach that IIS uses for caching session state in an SQL database.

There are a couple of reasons for this approach:

1) Security: if there is any remotely important information in this class, you certainly don't want this being passed to the client browsers and back, even if it was encrypted.

2) Speed: if the information isn't required in the user's broswer, there's no reason to burden your input and output pipes (to and from the end users) with transferring that data back and forth to the browser just to keep track of it. Likewise, unless it is needed for every single call that a user makes into the application, storing the data in session state is overkill and, unless the session state is stored in SQL Server, is subject to loss if asp.net is reset.

3) Maintainability: storing the data in a table with discrete columns instead of using a serialized copy means that you don't necessarily have to update every application that uses that object every time you make an update to it. If columns are added to the table, applications that don't care about those columns don't have to be updated. Likewise, if columns are removed, safe data retrieval practices would allow all applications to skip over the internal properties that the classes are stored in.

Answer 2

It really does depend on what you want to do, but assuming you want to keep passing the object around, the only way to track it really is with a cookie or a session object.

ASP.Net uses encrypted tokens to track security in just that way - it takes certain values and pushes them to the client in an encrypted cookie value. It can then unencrypt and deserialize them on every request to keep track of them.

Alternatively, if you are using ASP.Net, you could always store an object in a session and use that. (You need to do it properly, but that's the subject of another question.)

Of course, you could always push a long-lasting cookie to the browser and use it as a key to reference a serialized object in a database.

If you want to store such objects in a string to pass around between sites, you would probably want to do that with JSON. You would write the object out in the HTML of your page and use javascript to sent it to another server.