Windows or Web?

Where I work, we have a few applications that were written as ASP.Net pages. Now personally, I do not have a problem with web development, as I feel it is good to have a good understanding of both.

Here is my situation. There is a "secure" area where our users access applications that deal with sensitive data (cc #'s and such). This secure area is an ASP.net page. I've been trying to figure out why would anyone develop an ASP.Net app, when it's going to be "served" by a webpage already. Isn't that just adding more unnecessary trouble.

As much as I love web development, there are a lot of quirks that go into dealing with web applications that just aren't present with standard Windows applications. So for the last couple of weeks, I've been championing this initiative to convert a couple (there is really one in particular we've been having a lot of issues with) of our secure web applications into regular Windows apps.

From what I've been able to gather, there was really no good reason for these apps to be ASP.Net pages. I think it came down to the preference of the contractor that actually wrote the applications.

So my question is, should I keep pushing this issue or drop it? I'm relatively new here (just over 6 months working) and I don't want to make unecessary waves, but I'd like to keep pushing if this is the right thing for us to do.

I know everyone has their preferences, but this isn't about "Teh Desktop Devs vs. the Web Devs" kinda topic. I just want to know if I'm making the correct call here.

Quote:

---

Originally Posted by Blakk_Majik

From what I've been able to gather, there was really no good reason for these apps to be ASP.Net pages. I think it came down to the preference of the contractor that actually wrote the applications.

---

You are probably correct on this.

Do you have any support for your desire to convert them?

Just don't start a war on it. Take it gently and you will eventually get them to come round. You are not making waves, you are showing initiative. Think of it as the same as trying to get them to fork out money to buy some decent new equipment. Now that's a battle.

Quote:

---

Originally Posted by Hack

Do you have any support for your desire to convert them?

---

Not really. I mean, most of my team agrees that they probably shouldn't have been web applications to begin with. But I guess with the amount of projects we have going on right now, it's not really on the "to do" list. Also add to the fact that I'm new, so my opinions aren't the most respected.

I think once I clear my whiteboard of a couple of more projects, hopefully by the end of next month, I'll just do it anyway.

Oh, and I'm not trying to start a war with it. I mean if we do it, great. If not, oh well. I just get sick of always hearing (insert app name here) went down or isn't working, etc. because of web stuff that's out of our control (we don't run the virtual that the application is hosted on, another team handles it).

I'll tell you this much. I've been here a little over six months now and we've been fixing, tweaking, and just about everything else to this application the whole time. We hardly have any problems out of our Windows apps, but there's ALWAYS an issue with one or more of the web applications. I don't know why no one saw this as a red flag before now.

It's just hard being the "new guy" with a good idea that would probably save us a lot of frustration now and down the road, and no one will take it seriously.

do you have a SSL set up? that will make it more secure, if you dont want to have to go through the trouble of converting.

It's not about security, far from it. Our secure area is locked down pretty tightly and it takes almost an act of Congress to get access to it.

If its internal use only then its ok as asp.net and the original contractor probably felt it would be better scaleable and deployable as a webapp vs desktop. Since the others agree with you on this then I would ask if you could take it on as one of your next projects. They may just not be wanting to go through the headaches of rewritting it andif you doi it they may give you bonus points for it.

I hear what you are saying Rob.

This is what happened. They brought a contractor in for 3 months and had him write like 4 applications. It wasn't until he was basically done that someone actually looked at what he'd been doing the first 80 days he was here. So at that point, it's obviously too late to turn back.

I will give it to him that web apps are definitely easier to deploy in general. Deploying a desktop application is completely different beast. I don't think it was communicated to him that the app would be going in our secure environment though.

Our team leader is on vacation for the next couple of weeks, but I'll be sure to ask her about when she gets back.

I was just trying to get some feedback from the more experienced folks here. Kind of a "what would you do" type thing.

I am not enough experienced but still i would like to say if application is going to be used by many people lets say 15-20+ users than i think considering the ease of matainence and deployment i would go for web based solution.

Sounds like you are on a good track by asking their opinions and if they all are thinking as you are that is just more wieght to add to your cause. Maybe if you can show the benefits of rewritting it as a desktop app and time needed they can work out a ROI and give you the green light. Even if they say no they will think of you as an employee that cares and trying to look out for hte company insterests etc.

Quote:

---

Originally Posted by riteshjain1982

I am not enough experienced but still i would like to say if application is going to be used by many people lets say 15-20+ users than i think considering the ease of matainence and deployment i would go for web based solution.

---

Can you tell me your reasoning behind this? I would like to know.

I don't understand how if there are more users, I need to use a web application. And for the record, I would be very surprised if 20 users ever touched this application, although anything is possible I suppose.

I think that in a Intranet environment they are both equally the same. If you upgrade your web server you may break the web app. If you upgrade the application server you may break a desktop app. Eiher way the same cautions are needed.

Quote:

---

Originally Posted by Blakk_Majik

Here is my situation. There is a "secure" area where our users access applications that deal with sensitive data (cc #'s and such). This secure area is an ASP.net page. I've been trying to figure out why would anyone develop an ASP.Net app, when it's going to be "served" by a webpage already. Isn't that just adding more unnecessary trouble.

---

How is it a problem? Millions (literally) of websites do this already.

Quote:

---

Originally Posted by riteshjain1982

I am not enough experienced but still i would like to say if application is going to be used by many people lets say 15-20+ users than i think considering the ease of matainence and deployment i would go for web based solution.

---

not necessarily, i have 800 +- users on a desktop app via our "dashboard" app. so scalability is not an issue in a desktop environment. Who gets assigned what is a matter of taste of the proponents.

But the update procedure for desktop apps across a network will be cumbersome at best. It's either scripts, a custom solution, some login script, so on and so forth. While scalability may not be an issue, depending on what the mechanism is, it is not 100% reliable.

mendhak, the users will all be updating the same database.

I'm not understanding what you are saying. Everyone accesses the application the same way. How does having it as a web app make it more reliable?

I wasn't talking about application reliability or updating the database. I'm talking about deployment reliability - updating the application with bug fixes, modifications, etc. When deploying windows applications across a network, there are several mechanisms to do this. Some people will push files across, some will get the application to update itself, some will use a login script on the network. None of these methods give you a 100% guarantee that the update will occur. Web applications require deployment to one machine, making it more reliable.

Quote:

---

This secure area is an ASP.net page. I've been trying to figure out why would anyone develop an ASP.Net app, when it's going to be "served" by a webpage already. Isn't that just adding more unnecessary trouble.

---

To address what you said again: You mentioned a form showing sensitive data (credit card numbers, etc.). Let's say this information is stored in a database. Now obviously, you'll have your database configuration somewhere. It could be hardcoded in the application or in a config file or in a registry key. Because the logic of the app sits on the user's machine, it is more vulnerable to reflection - the user could read the code or look at the config file or look at the registry setting, get DB details out and go and have a look at the credit card details.

So to avoid this, you take it a step further, you decide to get the connection string from a web service which requires a special token that only your application can provide. While that works, you have created an overhead of work that you also need to maintain just to get a connection string to a secure data source. That is more unnecessary trouble than using a web application because the user's only interface with a web application is the HTML. It is therefore easier to maintain this security.

mendhak, once you access the secure area, all you can do is open the application and work with the data. You don't have access to any other files. The app does not hit the user's machine at any point.

When we update the program it's more or less like uploading files to a webserver, so again, I'm not seeing how the deployment is any more difficult with web. No one has access to the files the programs are using to run except the team that administers the secure web pages. Therefore, it would be next to impossible for the average user to look at anything other than what's on the screen.

I mean, even with the applications that allow users to save things such as spreadsheets and word documents, the documents must be saved on the secure server (and the user ONLY has access to the folder with their userid) and then they must use a separate application to transport the files to their PC.

Quote:

---

Originally Posted by Blakk_Majik

mendhak, once you access the secure area, all you can do is open the application and work with the data. You don't have access to any other files. The app does not hit the user's machine at any point.

When we update the program it's more or less like uploading files to a webserver, so again, I'm not seeing how the deployment is any more difficult with web. No one has access to the files the programs are using to run except the team that administers the secure web pages. Therefore, it would be next to impossible for the average user to look at anything other than what's on the screen.

I mean, even with the applications that allow users to save things such as spreadsheets and word documents, the documents must be saved on the secure server (and the user ONLY has access to the folder with their userid) and then they must use a separate application to transport the files to their PC.

---

I was talking about the disadvantages of deploying windows form applications. Are you confused, am I confused or are we having a communication problem? Your initial post has you wondering why a certain thing was done using a web application.

I understand what you are saying in that as far as web apps being easier to deploy than windows form apps.

Like I said before, nobody really talked to the guy that wrote the apps. They just kinda told him what the app was supposed to do and he ran with it.

Please understand, that deployment is not an issue either way (as far as the apps I'm talking about). For the case of this particular topic, the process for deploying Windows & Web apps are about the same.

So in essence, we have a situation where we have the "quirks" of having a web app, but the "ease of deployment" advantage is negated by the fact that the windows form version would be deployed in a similar fashion and be a bit more stable. Because let's face it, for all the great things that can be done on the web, it's still the web. Heirgo, unpredictable.

I dont really get what you are saying about the 'Quirks' of web development.

It is possible that this web application has been written badly and needs to be fixed, or your Intranet (internal web) environment is configured in such a way to cause you problems, but if it had been written correctly in the first place there is no reason why it should work any better or worse than an equivilant Desktop system.

I have never had any problems with unpredictability of my Web Apps, but then again they are written well and also we use Apache as our Web server instead of the unpredictable IIS.

If you feel more comfortable on the Desktop then fine re-write it for the desktop but dont mistake a badly written or hosted applciation with Web Development being unprediectable.

In my experience i have no more or less problems with applications i have written for the Web then for the Desktop. It normally depends upon what the system is trying to achieve as to which method we use to write it.

:)

Yes, we do use IIS unfortunately.

Web apps are, more or less, "new" around these parts, especially when you're talking about ASP.Net. And on my team, NO ONE, well except for the contractor that wrote the apps, really knows a whole lot about web development.

I appreciate your comments, but the web has still not reached the stability level of desktop. It has certainly come a long way, and tools like Ajax really help (I HATE postback), but I will bet money that Microsoft Word is more reliable than an on-line text editor.

And nowhere did I say the apps were badly written. Given the fact we barely scratched the surface of asp.net when I was in school just 8 months ago, I am quite impressed with the web apps I've seen. So really, I don't have any room to say if the apps are written poorly or not.

All I know is that whenever there is a problem with an application in our environment, the problem is always with a web application. The Windows apps, which share the exact same space, hardly ever have problems. So yea, it could be the hosting, could be the app.

Trust me, our apps are responsible for millions of dollars running in and out of this company. That is the main reason I wanted to switch to windows forms, because the impact of one of our apps not working is highly-critical. The apps that deal with this kind of money are not the kind we need to be "trying new things" with. We need to go with what has worked. Now if other non-business critical projects allow us to mess with web development, then fine by me. Those are the kinds of projects that we can use to get our feet under us and become comfortable enough with web development, and the hosting, to put these critical apps on as web.

Quote:

---

Originally Posted by mendhak

I wasn't talking about application reliability or updating the database. I'm talking about deployment reliability - updating the application with bug fixes, modifications, etc. When deploying windows applications across a network, there are several mechanisms to do this. Some people will push files across, some will get the application to update itself, some will use a login script on the network. None of these methods give you a 100% guarantee that the update will occur. Web applications require deployment to one machine, making it more reliable.

---

we have a patching system built into the "dashboard app" (lack of a better term) so when a updated windows package is deployed to the app server any changed items are automatically copied to the users machine in the appropriate directory when they run the app. admittadly it fails to work 1 or two times a year, but with 1000 + employees using it every day that's a extremely small failure rate.

Fair enough,

It sounds to me for your particular issue (and considering you seem to have constant issues with this website) then it is probably worth turning it in to a Windows based app.

I suppose what i was trying to get at is where i work we use Web Programs aswell as Windows based and we have no more prolems with one over the other, and we sell these programs externally aswell. We do have some very experienced Web Programmers though.

I just think from my experience that you can now do some really cool stuff on the Web, and the reliablility is there if the system is configured and written well.

The only reason i was assuming about the website being poorly written is that you seem to have so many problems with it. Unless your issues are environmental or IIS based which are understandable.

Hmm, lots of comments.

First, an application is only as good as its developers. If you lack web development experience, you will write bad web applications. That doesn't make the 'web' unstable or unpredictable. :)

Second, AJAX is not a great tool. It's a tool that new developers can get carried away with not realizing that they may be botching the entire concept of system maintenance and stability/security.

Third, yes, MS Word is definitely more reliable than an online text editor, but I prefer writing straight to the hard disk platter.

No, let me rephrase that. It makes the web unstable and unpredictable in some ways, but desktop apps can be equally unstable and unpredictable in its own ways. Yes, I think that is a more accurate assessment. I could have gone to the post above and edited it, but I can't be bothered to click on the 'edit' button now.

I think there are more "variables" with web projects/sites that really cause all the issues if the development team isnt doing due diligence to create a seamless experience for the user.

Desktop apps have far fewer "variables" and no browser issues but rather OS version issues. But generally desktop apps are more stable IMO. I hate websites that dont code properly or their server goes down etc and I cant get the information I need etc. Give me a desktop app anyday! :D