Very often I read that you need to structure your web applications into multiple tiers to separate the concerns. The advice is to move the business and data logic out of the web project into two different projects so you end up with the classic 3 tier model – presentation, business and data. This advice is good.

The strange thing is that this advice is given to web developers as a way of structuring web applications. I’ve always found that very odd. Not that web developers don’t write business and data logic, but I don’t see the connection between web development and business/data logic development.

Let me explain

The premise for the advice is that business/data logic is part of building a website. This is wrong. A website is a visual representation that interacts with the business logic, but the business logic doesn’t and shouldn’t care about the website. The business logic is an API consumed by the website and nothing more. The business logic still doesn’t care if its public methods (API) are used on a website, in a Windows Forms application or in a web service. Ergo, business logic is not part of building a website. The premise is wrong.

In a typical 3 tier web solution you have three projects – the website, business- and data logic projects. That makes it a little confusing to believe that the business and data logic has nothing to do with building a website. But if you think of the three projects as the building blocks in creating a solution then it’s easier to understand. In other words; you don’t separate a website into three tiers by separating the business and data logic into their own projects, you separate the solution into three tiers. Since the website is just the UI in such a solution, it is wrong statement that your website is 3-tiered and the premise is then wrong.

The three tiers

The reason why I’ve always found this advice odd is that I always build my websites in three tiers, but it has nothing to do with the business and data logic. The three tiers I use in web development are specific for the website only. The tiers are:

1. User interface
2. User interface logic
3. Presentation logic

The names are just some that I use and may be different elsewhere.

User interface (UI)

The UI is the HTML, JavaScript and CSS that makes up the visual look and feel and the browser behavior. It lives in pages (.aspx), user controls (.ascx), .js and .css files. In some cases also in HTTP handlers (.ashx), but mainly for custom AJAX mechanisms.

User interface logic

This tier is what controls the server side behaviour of the UI. It lives in code-behind files and in the App_Code folder. This logic is responsible for handling button events and differentiates the response based on the user etc. It’s also custom web control collections that could live in its own project and often do.

Presentation logic

This is the where all the stuff goes that isn’t directly is used in the UI. It could be RSS feeds or classes used by the code-behind. Most often it’s where I put the HttpHandlers and HttpModules and the logic that controls them. It could be located in its own project or it could just be in its own folder in the App_Code or wherever it feels right to put it depending on the size of the project.

It doesn’t really matter where the tiers are physically placed as long as they are logically separated. That’s why it often makes sense to move the tiers into their own projects to make the separation clear and the code easier to maintain and reuse.

So a three tier web application has nothing to do with business and data logic. Remember that the business logic is just an API consumed by a website even if they both live in the same Visual Studio solution.

Just the other day I was digging into various Web 2.0 APIs to see what the possibilities where. You know, just kicking back and having fun geek style. I quickly gave up.

For some reason, both Facebook and LinkedIn protect certain information about your friends and contacts in the name of privacy. If you log into your Facebook account, you can see the e-mail address of your friends if they have provided one on their profile. You cannot retrieve that e-mail through the API and the same goes for the phone number. You can get pictures, gender, age etc. but not the e-mail address.

LinkedIn does expose the e-mail address, but not addresses, phone numbers or any other information except the name, title and organization. The reason why I wanted the e-mail address was that it is a great key that could pair up your Facebook friends to the LinkedIn contacts. Then I would be able to get all the information on the people from the two networks and make a more complete profile on them.

I know that people might be reluctant to share their e-mail address on Facebook, but apparently a lot of the same people have no issue sharing it on LinkedIn. It doesn’t make sense. And why does the LinkedIn vCards of your own contacts not contain information like country and zip code even though people have entered it? Why couldn’t they just let it be up to the individual user to allow this information being public? Privacy restriction, that’s why, and probably a law suit waiting to happen.

Now, there is some sense in keeping sensitive information private, but why are they just sensitive to the API’s on not if you’re logged in on the websites? In other words, people can get access but not machines. It might be that people build mash-ups, but machines have to execute them and that’s the problem.

It seems that the bigger the programmable web becomes, the bigger the issue becomes on keeping information private, thus limiting us from doing some really cool stuff easily. I guess we could always go back to screen scraping as long as it’s still possible, which by the way it is on both Facebook and LinkedIn – for now anyway – even thought it is a clear violation on their terms of service.

So, I gave up my little venture, looked longingly at the moon from my window and dreamed of a world where privacy restrictions and law suits don’t conflict with my geeky nature.