Website
.Net Ecommerce Web Site - iCarpetiles.com Project
Introduction
This is the third ecommerce system replacement for the iCarpetiles.com flooring company. It is a heavily modified version of the base NopCommerce system (open source), with
custom modifications to the site and database. These modifications cover areas such as Shipping, Product Units, E-newsletters, Sales Videos, Testimonials, Security, Logging, Contact,
Fraud Detection, Affiliate Management, Plugins, Banners, Rug Designer, Pick List, Flooring Calculator, Accounting, and a Contextual Search System.
Technology
The website engine runs on the Microsoft .NET Stack, DotNet Core 3.x, via IIS and SQL Server. It uses ASP.NET MVC, JavaScript, JQuery, Bootstrap, HTML, CSS, and C#. It works in
conjunction with the Website Product Manager and QuickBooks Integrator (see these projects in the portfolio for details).
Key Features
Responsive Design: Entire site is designed in a responsive fashion utilizing Bootstrap and is scalable from mobile size to large screens.
Shipping: Automatic shipping calculation based on dimensions and weight, with a freight override where traditional shipping is more expensive for large commercial orders.
Product Units: NopCommerce had no support for units, so this capability was added to the codebase. Units include "each" (for non-tile products), and "tile", "carton", "lot", and "sqft"
for flooring products.
Product Pages: Customized page allows users to order a product sample. The cart is designed to handle samples and limit the number of samples purchased at a time. The page
also includes "Smart Navigation" to the prior or next product in the search query, category, or manufacturer section. Product specifications are clearly displayed to avoid ambiguities,
and related products are shown in a banner form underneath.
E-newsletters: All newsletters are archived in the database and can be publicly viewed from the website.
Sales Videos: Custom control designed to display in-page promotional videos with an optional link to YouTube.
Sound Bites: Custom promotional sound bite player for various sections, with a "play" icon. The audio plays uninterrupted during navigation of relevant sections and can be stopped
manually or automatically when leaving the section.
Search Engine Feeds: A console app creates/recreates all product feeds for search engines, including automatic compression and formatting (JSON, XML, CSV & TSV), and regenerates the SiteMap.
RSS Feeds: RSS links are provided throughout the site, with a standard RSS feed icon displayed on selected pages.
Testimonials: Customer testimonials page and front page display where customers can upload their own testimonials along with photos.
Photo Gallery: Page for displaying customer installation photography with SEO keywords, tags, titles, and sitemap integration.
Security: Modifications include fraud detection with IP and signature-based logging and blocking, anti-spam pic-free captchas, and more. Customer locations can be looked up on
Google Maps for suspicious orders.
Contact: Contact page with relevant subjects and targets to appropriate departments, featuring database storage of contact data, a No-Pic Captcha system, and an asynchronous
queued delivery system.
Affiliate Management: Complete affiliate management system with a separate affiliate site that tracks and computes all sales commissions and payouts, along with tracking
information.
Plugins: NopCommerce plugins designed for front page banners and SEO features (e.g., BodyTagInject, FrontPageBanner, and ZaxPay).
Rug Designer: Pop-out window that allows the design of custom rugs from low-stock carpet squares.
Pick List: Also known as a WishList, it allows customers to save their selections for review later and/or share via email or a special link, useful for interior designers.
Flooring Calculator: Popup calculator designed to take in room dimensions and compute the number of carpet tiles or cartons needed to fill the specified area. The calculator can
also add the required stock to the cart in the appropriate units.
Topics Pages: Allows for topics throughout the website to be displayed and indexed, complete with SEO-friendly meta tags and page names.
Contextual Search System: Custom search engine that encompasses the entire website and works with all searchable categories and brands pages. It provides direct links to
words, advanced filtering capabilities, and advanced paging, drilldown, and bookmarkable links. It also handles search engine query string input and displays the appropriate page or
pages.
Accounting & Payments: Includes payment transaction tokens with full integration into QuickBooks Enterprise, and affiliate commission data integration.
Legacy Support: Graceful downgrade to support older browsers and maintain all links from old ecommerce systems, redirecting to corresponding pages or closest match,
preserving search engine indexes and avoiding 404 errors.
Operations
The website is integrated with several different systems, including the Website Product Manager (desktop), QuickBooks Integrator (desktop), Affiliate Manager (browser), Feed
Generator (console), Shipping Rates (console), and Maintenance (console). The console apps execute at appropriate times via Scheduler.
Security
The site utilizes ASP.NET Core for authentication and authorization throughout the website. Data transfer is encrypted and sent via VPN, with API calls also within the VPN tunnel. The
site supports TLS 1.2 and TLS 1.3. XSS and SQL injection attack surfaces are mitigated, including cookie and HEX attacks. User account info is encrypted on the database (salted),
and payment info is not stored anywhere. IIS utilizes a restricted access account for data connections and only accepts TLS 1.2 connections at minimum. All supporting utilities utilize
restricted access accounts. Form validation is done on both the client and server sides. An API proxying system is used to prevent compromised third-party APIs from initiating attacks
(primarily calls from client JS).