November 14, 2011 at 2:01 pm
I am having a disagreement with a guy at work. We run SharePoint systems, and I think all data from SQL (which is on a different machine) has to go through the IIS web front end server, and then it is sent to the end user. He thinks SQL is called by the WFE, but it goes straight from the SQL Server machine directly to the end user's web browser. That doesn't make sense to me!
I thought SQL Data has to come into IIS where it is processed, and added into the .ASPX page using the .NET Framework, etc. But I certainly don't really understand this.
Do you know how it works? Do you know what I could point to on TechNet or MSDN that explains how this really works??
November 14, 2011 at 2:03 pm
If it is truly web based, it is going through IIS or something similar. If it is local, the databases can be accessed directly.
Jared
CE - Microsoft
November 14, 2011 at 2:06 pm
Also, explain to him that a dynamic web page is really a bunch of static pages. So the action on a .NET page sends a request to the server, fetches the data, renders it to something the browser can understand (html) and sends that to the client. The client is not directly accessing SQL through a web page.
Jared
Jared
CE - Microsoft
November 14, 2011 at 2:13 pm
jpSQLDude (11/14/2011)
I am having a disagreement with a guy at work. We run SharePoint systems, and I think all data from SQL (which is on a different machine) has to go through the IIS web front end server, and then it is sent to the end user. He thinks SQL is called by the WFE, but it goes straight from the SQL Server machine directly to the end user's web browser. That doesn't make sense to me!
Under most circumstances, you're correct, especially if your server is properly configured.
Find out if an external website can even SEE the server. They're usually firewalled away from end users so they have to go through an internal mediary.
There ARE classes of objects that can directly contact your SQL Server dynamically from the browser without using the IIS. You have to build for them directly, create public permissions and make them available to the shipped code (think seeing a name/password in view source on a browser, or if you take apart the cookies), expose the SQL Server directly to external traffic, and a few other things.
No, all your stuff is going through IIS, because the end user is NOT using the same security that the IIS server is to talk to the database server.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA
November 14, 2011 at 2:14 pm
Yeah the client (web user) does NOT connect directly to sql. The client makes a request from the webserver. In processing that request the webserver executes the .net code. This .net code needs some data from sql and requests that data from the sql server. The webserver takes that data and assembles it into neat little packages of html (network packets) to send to the client.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 β Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
November 15, 2011 at 1:16 am
Itβs time for Development basics... π
Three-Tiered Distribution
November 15, 2011 at 6:36 am
Thank you all for the responses, but I am still VERY unclear on how this actually works.
I remember reading years ago when the whole .NET thing first was getting started about how a page is dynamically created -- there are literally static parts such as HTML that you hard-code into a page, but also dynamic server-based controls which are processed by IIS which generates HTML that is sent to the client, but there is also C#.NET or VB.NET code-behind which is processed by ummm... the .NET engine or something, right? ---getting fuzzy here--- and if there is a connection to the database, that data is called, and brought into all of this, and perhaps processed by .NET and perhaps interwoven into or bound to the server-side controls, or something.... see... I think there is a lot that is actually going on, and it MUST be documented somewhere, but I can't find it no matter how hard I search!
I wonder: how does a request from a client's web browser come into IIS, then how does IIS make the call to SQL, and how does the data that is returned from SQL make it into IIS or .NET or whatever, and then how is it sent back to the client's web browser??
November 15, 2011 at 7:54 am
You are over thinking this. Don't make it so difficult in your mind. The client machine makes a request for a web page. This is done when you click a link or whatever. The ONLY thin a browser can handle is fully coded html. There is no dynamic element at all in the browser. The dynamic portion is on the server. Think of the server as a black box. It assembles and creates the html. You could think of it like dynamic sql if that helps. The server creates a really long html string and sends it to the client. There are only two elements involved here. There is the client and the web server. When the page is being processed part of that process may be to communicate with sql to get dynamic elements.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 β Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
November 15, 2011 at 8:00 am
jpSQLDude (11/15/2011)
Thank you all for the responses, but I am still VERY unclear on how this actually works.I remember reading years ago when the whole .NET thing first was getting started about how a page is dynamically created -- there are literally static parts such as HTML that you hard-code into a page, but also dynamic server-based controls which are processed by IIS which generates HTML that is sent to the client, but there is also C#.NET or VB.NET code-behind which is processed by ummm... the .NET engine or something, right? ---getting fuzzy here--- and if there is a connection to the database, that data is called, and brought into all of this, and perhaps processed by .NET and perhaps interwoven into or bound to the server-side controls, or something.... see... I think there is a lot that is actually going on, and it MUST be documented somewhere, but I can't find it no matter how hard I search!
I wonder: how does a request from a client's web browser come into IIS, then how does IIS make the call to SQL, and how does the data that is returned from SQL make it into IIS or .NET or whatever, and then how is it sent back to the client's web browser??
Ok, let's start with a web app... IIS manages this application; i.e. all the proper files are in proper folders and IIS is telling a request to go to this folder to retrieve files. So, you type in http://www.mywebapp.com which resolves to the server hosting your webapp. IIS says "give them the default.aspx file" because it is the default. The aspx file gets sent to your browser with html and your browser interprets it. So, then you click on "login." The request gets sent back to the web server (IIS) and reads the code for the login page. It seems that there is a drop down box with 2 options (customer or employee) that are defined in a SQL database. So the webserver calls on SQL server with the query, fetches the data, places it into html, and returns that to your browser. You select one of those and login. When you click on the "login" button, a request goes back to the web server telling it what action you took, reads any data that was entered (employee, login name, password), sends a query to SQL to make sure that your password matches the one returned when querying with your type and login name, and then the web server directs you to the landing page.
Client side controls like JavaScript do not access the SQL Database, because they can only access what is on your machine.
Jared
Jared
CE - Microsoft
November 15, 2011 at 8:52 am
Thank you all for the responses, but I am still VERY unclear on how this actually works.
Did you read the article I suggested to you? Nevermind. Please have a look to attached image. It should clarify how 3-tier architecture actually works. For Details follow the URL...
November 15, 2011 at 9:23 am
Sean Lange (11/15/2011)
You are over thinking this. Don't make it so difficult in your mind. The client machine makes a request for a web page. This is done when you click a link or whatever. The ONLY thin a browser can handle is fully coded html. There is no dynamic element at all in the browser. The dynamic portion is on the server. Think of the server as a black box. It assembles and creates the html. You could think of it like dynamic sql if that helps. The server creates a really long html string and sends it to the client. There are only two elements involved here. There is the client and the web server. When the page is being processed part of that process may be to communicate with sql to get dynamic elements.
That is simply factually incorrect. There are NOT just 2 elements, and client and a web server -- there is also SQL Server, and the whole communication between IIS and SQL -- how does that work? What protocol is used? How do you secure that? There are many questions! In addition to that, there is also the dynamic compilation of an ASPX page incorporating that SQL data. As a SQL Person it is important to know from a performance standpoint -- if a user requests a page and the page does not require any new data from the database, why make that whole trip to SQL, add that load to SQL, wait for data to be returned from SQL, re-compile the dynamic page in IIS or within the .NET Framework or whatever (I don't know, that's why I'm asking!), and then finally send the resulting HTML, JavaScript, CSS, etc to the browser.
Here are some articles that are beginning to give up some secrets:
Just look at the chart on this page. Your web server and database servers are NOT black boxes, there is a LOT going on here! Look at that chart, and the Data Source Mapping (what's that?), and the Entity Framework (huh?), and the Data Providers, ASP.NET Data Source Controls, etc......
ASP.NET Dynamic Data Overview
http://msdn.microsoft.com/en-us/library/ee845452.aspx
Now look at this page, there are a ZILLION things an ASPX page does!!! Somewhere within all this there is a call TO the SQL database, and also somewhere within all this there is data coming BACK from SQL Server...
ASP.NET Page Life Cycle Overview
http://msdn.microsoft.com/en-us/library/ms178472.aspx
And also check this out. It shows how real applications are done, with many different layers and subnets and firewalls, etc. So to my original question, HOW does data go back and forth between IIS and SQL, if you don't know that, how can you get communication between your layers? And how do you make sure it is actually secure??
Application Architecture for .NET: Designing Applications and Services
http://msdn.microsoft.com/en-us/library/ee817641.aspx
Now check this out! This directly ties SQL together with IIS!! Read this part...
"By default, ASP.NET Web pages and code files are compiled dynamically when users first request a resource such as a page from the Web site. After pages and code files have been compiled the first time, the compiled resources are cached, so that subsequent requests to the same page are extremely efficient. ASP.NET can also precompile an entire site before it is made available to users."
Now wait a minute -- how can you precompile a whole site that is "dynamic" and is always pulling data from SQL Server? It sure would be interesting to know how IIS compiles or precompiles ASPX pages that are pulling data from SQL Server, and how that request goes from IIS to SQL Server, and how the data comes back to IIS and is incorporated into a dynamically compiled ASPX page -- oh hey! That's basically my original question!!
ASP.NET Web Site Precompilation Overview
November 15, 2011 at 9:39 am
jpSQLDude (11/15/2011)
Sean Lange (11/15/2011)
You are over thinking this. Don't make it so difficult in your mind. The client machine makes a request for a web page. This is done when you click a link or whatever. The ONLY thin a browser can handle is fully coded html. There is no dynamic element at all in the browser. The dynamic portion is on the server. Think of the server as a black box. It assembles and creates the html. You could think of it like dynamic sql if that helps. The server creates a really long html string and sends it to the client. There are only two elements involved here. There is the client and the web server. When the page is being processed part of that process may be to communicate with sql to get dynamic elements.That is simply factually incorrect. There are NOT just 2 elements, and client and a web server -- there is also SQL Server, and the whole communication between IIS and SQL -- how does that work? What protocol is used? How do you secure that? There are many questions! In addition to that, there is also the dynamic compilation of an ASPX page incorporating that SQL data. As a SQL Person it is important to know from a performance standpoint -- if a user requests a page and the page does not require any new data from the database, why make that whole trip to SQL, add that load to SQL, wait for data to be returned from SQL, re-compile the dynamic page in IIS or within the .NET Framework or whatever (I don't know, that's why I'm asking!), and then finally send the resulting HTML, JavaScript, CSS, etc to the browser.
Here are some articles that are beginning to give up some secrets:
Just look at the chart on this page. Your web server and database servers are NOT black boxes, there is a LOT going on here! Look at that chart, and the Data Source Mapping (what's that?), and the Entity Framework (huh?), and the Data Providers, ASP.NET Data Source Controls, etc......
ASP.NET Dynamic Data Overview
http://msdn.microsoft.com/en-us/library/ee845452.aspx
Now look at this page, there are a ZILLION things an ASPX page does!!! Somewhere within all this there is a call TO the SQL database, and also somewhere within all this there is data coming BACK from SQL Server...
ASP.NET Page Life Cycle Overview
http://msdn.microsoft.com/en-us/library/ms178472.aspx
And also check this out. It shows how real applications are done, with many different layers and subnets and firewalls, etc. So to my original question, HOW does data go back and forth between IIS and SQL, if you don't know that, how can you get communication between your layers? And how do you make sure it is actually secure??
Application Architecture for .NET: Designing Applications and Services
http://msdn.microsoft.com/en-us/library/ee817641.aspx
Now check this out! This directly ties SQL together with IIS!! Read this part...
"By default, ASP.NET Web pages and code files are compiled dynamically when users first request a resource such as a page from the Web site. After pages and code files have been compiled the first time, the compiled resources are cached, so that subsequent requests to the same page are extremely efficient. ASP.NET can also precompile an entire site before it is made available to users."
Now wait a minute -- how can you precompile a whole site that is "dynamic" and is always pulling data from SQL Server? It sure would be interesting to know how IIS compiles or precompiles ASPX pages that are pulling data from SQL Server, and how that request goes from IIS to SQL Server, and how the data comes back to IIS and is incorporated into a dynamically compiled ASPX page -- oh hey! That's basically my original question!!
ASP.NET Web Site Precompilation Overview
I think Sean meant that the 2 elements involved with the client are the client itself and the web server. The client never sees the SQL server. A dynamic page is not really "dynamic" in the sense that it is a bunch of static pages. Like a cartoon. The protocol between IIS and SQL? This is really defined in the code behind the development. It may be ODBC, it may be native, it may be something else... However, it is not IIS that does this, it is the call from the code behind to the SQL server that retrieves data and writes it to html after it is retrieved. Remember .NET is not a protocol, it is a framework. Think of it as a library of methods, functions, and objects. It does not do anything, the CLR does.
[qoute]there is also the dynamic compilation of an ASPX page incorporating that SQL data. As a SQL Person it is important to know from a performance standpoint -- if a user requests a page and the page does not require any new data from the database, why make that whole trip to SQL, add that load to SQL, wait for data to be returned from SQL, re-compile the dynamic page in IIS or within the .NET Framework or whatever (I don't know, that's why I'm asking!), and then finally send the resulting HTML, JavaScript, CSS, etc to the browser. [/quote]
This is none of your concern, it is the developers. If you are also the developer, then you need to concern yourself with this at the web development level because it has to do with data modeling or caching. You have many development questions that are better posted in a .NET or Visual Web Developer forum.
I understand your frustration, but this is not the place for the ins and outs of C#, JS, Css, VB, or any of that. This is a forum of SQL. The web server initiates a connection to SQL server via Windows Authentication or SQL Server Authentication. How you have those accounts set up for the developer is up to you, but it is no different than setting up a user.
Jared
Jared
CE - Microsoft
November 15, 2011 at 9:44 am
I was trying to simplify a little, perhaps a bit too far. In truth however the client is 100% unaware of the extra layers. The client does not know about the existence of a sql server. This is handled by the web server. ALL communication between IIS and SQL is between the web server and the SQL server. The webserver makes calls to sql to get data and the webserver consumes it (turns it into html that the client can interpret).
Here are the steps (greatly simplified):
Client requests a web page from the web server.
Web server processes this request and turns the code into a consumable html string.
Typically the webserver needs data from sql to process the page so the web server asks for data from sql.
How do you secure the communication? This traffic should be internal only. Meaning your webserver is in the DMZ but you sql box is INSIDE the firewall. Then you can open a port through the firewall for your webserver to talk to sql.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 β Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
November 15, 2011 at 9:46 am
jared-709193 (11/15/2011)
I think Sean meant that the 2 elements involved with the client are the client itself and the web server. The client never sees the SQL server.
That is exactly what I was trying to convey.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 β Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply