Technical Architecture

Overview

ContractExpress.com is a multi-tenancy, cloud-based document assembly service. It allows organisations to access their document assembly templates from anywhere, anytime.

Technology

ContractExpress.com is a Microsoft .Net 3.5 solution consisting of an ASP.Net web layer which users interact with; a series of Windows Communication Foundation (WCF) services which provide the interfaces to the service; and a multi-tenancy distributed data layer for storage of customer data. Binding these components and services together is a leading-edge claims-based authentication mechanism based upon Microsoft’s Windows Identity Foundation (WIF).

Scalability

ContractExpress.com is designed to scale. The ASP.Net web layer and the WCF based services are stateless and scale as demand for the document assembly service increases. 

Authentication and federation

Identity logic in ContractExpress.com is developed using Microsoft’s Windows Identity Foundation (WIF) technology. WIF is a set of APIs for ASP.Net and WCF developers to build claims-aware and federation capable applications that are more secure, provide a simplified identity model, and provide interoperability through the use of standards-based protocols.

Through simple configuration of an organizations Active Directory Federation Services (ADFS) 2.0 instance, users inside the organization can authenticate with ContractExpress.com without providing a username and password. When that user is outside of the organizations network attempting to log in to ContractExpress.com, they will be redirected to an ADFS proxy on the perimeter of the organizations network which will ask them for their network credentials, and pass a secure claims-based token to the ContractExpress.com authentication system to let the user in.

Web services for template upload

Template authors design templates inside Microsoft Word using the ContractExpress Author managed COM add-in for Word which can be download and installed from the ContractExpress.com site.  The template author can upload the template to the ContractExpress.com from inside the add-in. The process connects to the ContractExpress.com Windows Communication Foundation services, authenticates the user, and uploads the template for use by other users on ContractExpress.com

Access control lists

ContractExpress.com defines access controls for templates enabling administrators to define the permissions individuals have on templates.

Customization

Administrators can brand their ContractExpress.com site with custom logos and color schemes. In addition to this, ContractExpress.com provides an optional custom URL service of the form yourcompany.contractexpress.com.

Application Security

All traffic between the browser and the server is encrypted using SSL 128 bit and subsequent messages between the WCF services are encrypted using message-based encryption. ContractExpress.com is regularly tested by 3rd party penetration testers and verified to be safe from cross-site scripting and SQL injection attacks.