Blog Entry: 3/25/2006 1:46:28 PM
I am not sure. I can tell you that I run windows 2003 server and I have never had any issues setting permissions for ASP.NET files and folders. This very server is 2003 and the ASPProtect.NET demo runs on this server as well.
Course, I can't say that I have specifically tried to remove ASP.NET READ permissions on the database folder as it's just not something I would not have a reason to do. Why are you trying to do that? The ASP.NET account needs that permission. If you are trying to stop file browsing and downloading in that folder that is not how you do that. The best way to do that is by keeping the database somewhere else on the server that is not part of the http web. , I did the initial steps of downloading the sql scripts and running it in Query Analyser, tables created fine.
I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user and admin.
I noticed that the values in the fields "Login_limit" and "Active" in the ASPP_Users table in the SQL changed to NULL and 0 when login and remained in those values after close the browser.
So iam just struck not able to log in. Pls advice.
,
Chris: You are right about a little extra coding to make it work. I am still learning .ASP coding, so I did a little web searching and used IF THEN statments to confirm a member logged in with a valid Access Code. If valid, the protected page executes, with the Member's Name and Access Level on a single line at the top of that page. Looks sharp! If not logged in, or a non member (who found the page via Google), I used a Redirect to send s/he to a login page with optional links as you suggested (http://www.vspa.com/aspprotect/vspa-password-failed.asp) . I couldn't get it to work when using Group Access, but I am sure that is just because I am a novice at .ASP (I will post that example when I figure it out). Meanwhile, here's the code I used that works:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="dataconn_inc.asp"-->
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!--#INCLUDE FILE="config_inc.asp"-->
<% =Session("First_Name") %> <% =Session("Last_Name") %>:
<%
If Session("Access_Level") = "6" Then
Response.Write "VSPA Active Member Access Level 6"
End If
If Session("Access_Level") = "7" Then
Response.Write "VSPA Life Member Access Level 7"
End If
If Session("Access_Level") = "8" Then
Response.Write "VSPA Officer/Staff Access Level 8"
End If
If Session("Access_Level") < "6" Then
Response.Write "Access Level 1-6 NOT AUTHORIZED RESTRICTED AREA ACCESS"
Response.Redirect("vspa-password-failed.asp")
End If
%><!-- http://www.vspa.com/aspprotect/vspa-password-enter.asp -->
<!-- *** End ASPProtect Code *** -->
<html>
<head>
, If you PM your site info and I can go in and troubleshoot. I have no more ideas. Usually people have zero issues installating this application as I got it pretty tweaked so I need to see what is going on in order to help., If you are developing using Windows XP Pro and running the NTFS file system setting proper permissions on a folder in your website requires that you 1st disable simple file sharing.
To do so open up "my computer". At the top open up "tools/folder options"
Then the "view" tab.
Then at the bottom uncheck "use simple file sharing"
After that that is done... using "my computer" browse to the folder in your web that you need to set permissions on.
Right click on that folder and then choose the "security" tab.
(If simple file sharing is on that tab wont be there)
Give the "Internet Guest Account" Modify Permissions
This will check all the boxes under modify as well.
You can also give permissions to the everyone account and accomplish the same thing.
BTW:
If you are using ASP.NET you need to give permissions to an account called ASPNET. It wont show up in the user list. You'll need to click "add" and then type in "ASPNET"
cwilliams38203.582337963, Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.
Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.
, Our webhost changed converted all sites from c: to d:, and without us doing anything else, our customers now get the following error message when trying to access our Classifieds site:
***********
Microsoft][ODBC Microsoft Access Driver] Not a valid password.
This means there is most likely a problem with the "ConnectionString" info that you specified.
If you are using a DSN-Less Connection with MSACCESS.
Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.
ConnectionString = "DBQ=D:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"
If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.
If you are using a System DSN
It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.
************************************************************ *********************
We did everything the web host asked us to do, that is, changed all references to the C drive to new references to the D drive, but the error is still there. We also never changed any passwords (as far as we can remember). Can someone please tell us where to look (also which file might tell us what the correct password is in case it has in fact been changed.
Scaramouche38306.4845833333, It's MS Access, Version 7 (the Full one).
Anyway, I had inadvertently changed the user_id field type to "number". When I changed it back to "autonumber", everything went back to normal.
Thanks you very much for your quick reply and sorry to have bothered you.
, Did you do what that thread said so you see a more detailed error ?
Can I see the site and look around.. ?
I just am not sure what is going on from what you are explaining ?
If so private message me with the admin account details and tell me what to do to reproduce the error. , Or at least I think so. I have been trying to get this software to work so I can see if it meets our needs for an upgrade purchare. Here is my error.
Microsoft JET Database Engine error '80040e10'
No value given for one or more required parameters.
/aspprotect/scripts/populate_config_variables_inc.asp, line 15
My provider says that the problem is NOT on there end, that it is a problem with the code. I think that it is a database connection problem. Can you please help. Below is my connection string based on what the setup page directed me to do:
ConnectionString = "data source=\\NAWINFS03\home\users\web\b1347\rh.957theride\asppro tect\data\database\ASPProtect_access2002.mdb; Provider=Microsoft.Jet.OLEDB.4.0;Jet OLEDB:Database Password=temp"
When I first set up the program I got this error:
Provider error '8000ffff'
Catastrophic failure
/aspprotect/scripts/populate_config_variables_inc.asp, line 11
Once again, the looked into it and said the permissions were fine and that the code was most likely bad. But then the errror changed to the one that I first listed. Which is the one I am currently getting.
BTW here is the page address
http://www.957theride.com/aspprotect/password_admin/get_me_i n.asp
Thank you!
, Your customer should set up a special page that you send banner clicks to. That page is the page that should record the ip and whatever other info needed.
I suppose you could make a page on your end that records that info and finally redirects them to the intended url as well.
All using simple asp. It's really not that dificult to do, but it is a loit easier if you do it this way and keep it seperate from the banner system.
Here is some interesting information not totally related to answering your question.
The banner system does not track IPs on individual clicks because if it did.. 100 clicks on a paricular banner in one day would result in 100 rows in the stats database instead of just 1 row. That may not seem like a lot, but imagine 30 banners all doing the same thing mulipled by 30 days. Your talking 90000 rows in the database instead of 900. It all comes down to what ASPBanner was designed for which is performance and low resource use.
Some banner systems out there even keep track of individual IP's per banner display. Try to imagine how much that effects performance and how much extra space is used in the database for stats. It's crazy and also the reason that the more little features a banner system offers the slower and slower it begins to run.
I am sure I lose sales all the time because I offer less features, but the truth is I know those features will eventually defeat the purpose of why I created this banner system in the 1st place and that i just not something I want to do.
The banner systems with every little feature are just not well suited to very busy sites no matter how well they are designed.cwilliams38324.8386689815, SQL Server Database Information Mod
This mod is only for customers running SQL server. It is a new stored procedure and a new version of the "server_info.asp" file that will display information about your SQL database on the Server Info page.
Purchase Page
This is for Advanced SQL Users only that understand how to add a Stored Procedure to a SQL Database as well as assign permissions and what not.
To install this mod you should have access to SQL Enterprise Manager and Query Analyzer as well as be able to grant your SQL database user EXEC permissions on the new stored procedure. , I cleaned up the code as you suggested, and I still can't get the images to display without the whitespace around it.
How do I download the ASP version? I'll give it a try.
Thanks for your help,
JDooley
, thats not good.. its a web server configuration issue of some sorts ?
post is a common method for forms.. if it is not supported it is something you should ask the server admins about.
Is this a windows based web server running true microsoft ASP because that error is usally associated with non windows IIS based web servers from what I can see by doing a google search ?
ASPProtect only runs on windows servers running IIS and True Microsoft ASP.
http://support.cjwsoft.com/code/moreinfo165-1.htm
My guess is your web server is running Apache Unix or something like that.
, IT worked just as cwilliams said. I did see the IP address being stored in the table but it didn't dawn on me that it was tied in to the view count, I tried it from a different IP address and it worked great .
Good coding Christopher
Thanks
John
, O.K. , I register myself as a user. No problem, Iget an e-mail saying account active. No problem. I click the link in the e-mail. No problem. I click sign in and get this message. Big problem!!
Microsoft VBScript compilation error '800a0411'
Name redefined
/aspprotect/config_inc.asp, line 15
Dim Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
----^
cwilliams38456.0969444444, ALL FIXED.. tested with real paypal accounts and a live system
works perfectly
THIS FIX IS ONLY FOR PAYPAL SUBSCRIPTIONS
Download this file "ipn.asp" and put it in the "paypal_sub_signup" folder
2005-03-10_164645_aspprotect_subscription_fix.zip
Basically somehow an older version of the this file was in the original download archive.
I am VERY SORRY
Anyone who purchased ASPProtect 7 before March 11, 2005 should download this fix.
cwilliams38421.7018055556, I'm using Groups and would like to assign all new users to a particular group. How is this done? cwilliams38298.5087384259, ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Data.Odbc.OdbcException: ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
Stack Trace:
[OdbcException: ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.]
Microsoft.Data.Odbc.OdbcConnection.HandleError(IntPtr hHandle, SQL_HANDLE hType, RETCODE retcode) +27
Microsoft.Data.Odbc.OdbcCommand.ExecuteReaderObject(CommandB ehavior behavior, String method) +838
Microsoft.Data.Odbc.OdbcCommand.ExecuteNonQuery() +80
aspprotectnet.aspprotectlogin.Login_Click(Object sender, EventArgs e) +2284
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEven tHandler.RaisePostBackEvent(String eventArgument) +57
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain() +1292
|
Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300
I am getting this error message when trying to log in as admin or registering a new user. I am using Windows Server 2003 and it is a DOMAIN CONTROLLER.
I have read that there is NO ASPNET account for a domain controller. In its place is the IIS_WPG account. I have given this account and the IUSR account FULL CONTROL.
STILL GETTING AN ERROR. ANY SUGGESTIONS???
, from the import page in the admin area.
The import/export file must be tab delimited with no text qualifiers. The 1st row containing field names and the following each being a new user. To create your own import file it must be in this exact format. To find out what field names and their order are simply create an export file using ASPProtect and take a look at it. You can also import that text file into MSACCESS. , At the bottom of my "users" list page, it asks the question "number of users displayed per page"? After hitting a larger number than the default of 1-25, it increases the number of users per page to that number. But as soon as I leave that page, it goes back to the default. Any thoughts?, I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database.
How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'?
cwilliams38417.7773032407, Hi Chris,
When I run the physical map test this is what I get:
The Physical path to this virtual website is: \\NAWINFS04\home\users\web\b2623\rh.vickery2004
Will that work correctly without a drive letter specified?
Thanks 
Rhona
, in Control_pic.asp is there way to wrap the description field so that it doesn't go outside the table.
Thanks
, nice idea. id be interested to see your modifications for ideas, How do I change the character length for the description field?
, I am running Windows 2000 server. I do believe asp.net IS installed as I have the .NET 1.1 framework installed.
Funny about the bounce backs. I am at about 10% of my limit, which I control as I am the network admin. I'll check into that.
, First pass through, I don't see anything changed in the groups section of the check_user asp file. the logoff asp wasn't touched.
I noticed the demo online (on this site) only has pages protected with access levels; you say it works fine with groups also?
, One is for paypal subscriptions (recurring billing) and the other is for single payments
http://support.cjwsoft.com/forum/forum_posts.asp?TID=185& ; ; ;PN=1
http://support.cjwsoft.com/forum/forum_posts.asp?TID=186& ; ; ;PN=1
You can delete any of the 3rd party payment directories you are not using including the the 2checkout one... (all those folders really are is a copy of the users folder specially modified to handle a certain payment processor)
Just Don't delete the "users" folder though as there are things you do there that you can not do anywhere else.. quite a few things.. editing existing account info, looking up passwords... etc etc
cwilliams38446.6055555556, I have been told it does as I got about 5 people or so who upgraded but I have not used SQL 2005 yet. I'll order a copy., ASPProtect v7 comes with working example code of protecting a file download.
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the file download by only allowing a logged in user to download it. The special ".asp" page we use the stream the file is password protected. It also hides the true location of the file so you can keep your files out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the html source they can not tell where the file really came from and they can only download if they are logged in and you offered them the link to the file.
For the file download protection examples to work you may need to edit some values
in the stream_download.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "download file name" from the download_link.asp file which is an example of how make a download link to the streamed download.
Lastly, we provide a working example. Now, you obviously may need to customize it to fit your needs. Please realize you are going to have to make special download links in your .asp pages and not only should you only show those links to people with appropriate access to download the files, but you should also protect the streaming download page accordingly as well as far as level, groups, and particular users. What I am saying is which files a particular user is allowed to download is not automatically handled by ASPProtect in any way. We give you all the tools to provide protected downloads to logged in users, but if you have complex needs you’re probably going to need to come up with a system that works for you. It's not really difficult because we did all the complicated stuff, but its something you have to sort out.
Perhaps someday in the future ASPProtect will have an interface to upload files and associate them with certain users. But at the moment it does not.
, someone has to do something other than me.. i've given up
if i give u the username/pw can you set this up on the network solutions host and ask them to set whatever permissions are needed?
cant do it anymore....
, Is the user ID case sensetive? In my case I use the user email as the login ID., ya, thats basically what I was gonna do..
BTW.. if that other app is going crazy with an access database it could be the cause of all the slowdown with ASPProtect... what happens there is it is using so much database driver time that it robs other things that also access a database... so basically ASPProtect isn't asking its database for much but your other application and database are cripping that part of the system and causing it to run like crapola
If your other app is using a system dsn try changing it to use a dsn-less connection... it might actually help
, one more problem I see...
I think your login box on the main page is missing the hidden form variable
http://support.cjwsoft.com/code/moreinfo169-1.htm, Tell tell me some info about your install?
How am I supposed to know what is going on when you are not showing me what you have in your web config file and also the directory structure of the install or what you are putting in a page you are trying to protect ? It almost sounds like you are not editing the paths correctly in the various places. I mean yes you told me something about the "map" folder but what I saying is tell me more detail.
BTW: this is a very important setting in the web.config file and must be edited accordingly so the path is right.
<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />
Basically your showing me random errors and posts left and right and I honestly have no idea what your doing ?
Ulitmately though I am trying to help you in this situation like the web site says.
We offer tech support for installation of the base application purchased in it's native form. In some cases in order to receive proper tech support your application will be need to be installed on a live server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine.
Meaning I am not going to keep this up if you keep asking question after question after question regardign your local XP Pro installation. There is only so much I can assume or guess when you are running this on a local development server. I know you got all sorts of problems getting a decent live server to run this on but that just isn't my problem. Get this up and running on a professionaly and correctly setup live server and when these random configuration errors pop up atl least I can go run the pages and look at them. Right now I am just confused by nearly everything you have posted today. Half of looks like basic ASP.NET path issues that you need to sort of on your own based on where you installed the application on the machine and what you have in the web.config file.. etc etc etc
It is sounding more and more like ASP.NET is way over your head. If you want a copy of the classic ASP version of ASPProtect you are welcome to it. I think you will be a lotter better off sticking to classic ASP unless you really start reading up on ASP.NET and learning more about how forms based authentication and the web.config file work.
, Looks great. I can't wait until this will be released. Will there also be an easy way to migrate my current version ?
Hans
, Thanks and glad that fixed it.
You can review this software at http://www.aspin.com/func/review?id=4952510
That being said, ASPIN has a lot of problems with anonymous reviews so if you can please sign up with them and post an Authentic review as they carry a lot more weight. Authentic reviews involve responding to their validation email so when doing so use a real email address that you regularly check.
And sorry I made you use the forums, but as you can see this is exactly the sort of thread that will help someone else later on.. and that is why I require people to use the forums now instead of just email support. That way the conversations are out in the open where they can help everyone instead of buried in my outlook where no one will ever see them. And of course if information is sensitive you can always do a Private Message as you did earlier.
It is all about creating a knowlegebase of valuable information.
, thanks for posting this... Since "private" is the default setting from what I read and setting it to "public" cured the issue chances are leaving it at "public" is the way to go.
http://msdn.microsoft.com/library/default.asp?url=/library/e n-us/iissdk/html/33f2780a-eee8-4601-84b7-b489e4c756df.asp
http://www.w3schools.com/asp/prop_cachecontrol.asp
ALSO: since you are one the few people that has ever contributed anything helpful to the forums I am going to reward you with a free copy of the password expiration mod. I am sending you a PM with the download info.
, If you need to know how to enable them on your test server.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&P N=1
,
Timecard Entry: 3/25/2006 1:46:28 PM
Fiasco w/ Doldo Insurance. Talked w/ Paul also., test zlink roaming, Michelex- Pat- need password for virtual email- spoek with ben, called back working fine now, Seaway slips- pricing, going to work on outline, will contact this week for registering domain name, Save the river- problem with password, spelling incorrect, Value manufactuered homes- left message for Kevin,captain Spicers- contact Lis next week, Taylor Concrete- pick up info for web site, St. Lawrence Radiology- left message for Karate, sent email to steve, Nashs-busy,
Loir- Lyons- falls paper- spoke with her baout problem with fscpapare, clear cash in machine, reinstall front page,
Wade Mann- church interested in hosting and internet access- pricing,
The wokplace left message for Jennifer Knapp,
Tom Majo- send out hosting pricing and agreement with DnS numbers.
Wagoners- left message for tim, contact on Thursday, Defereit paper- meeting for thursday at 11:00 am, , Tried to locate the Channel Partner Programs Sales and Marketing agreement for Tara to print more, Team meeting, general billing issues, sign ups, cancels, lots of invoice mailing., Sat in the NOC room., email, voicemail, worked on design of of town of claytn site with tom, talked to proed consultants, their will be a bit of a delay in beginning work on their website, but we are ready for them now, worked on tieing up misc adminand call backs, Emails, Phone, BlueMoo - graphics for CD (BMPs and ICON files), Walking amy through additions to watertown school district. getting status of auction guys and value manufactures projects., Setup two ISDN routers on two extra ISDN circuits in Watertown. Needed to learn how to configure routers, and different methods, etc. Had a lot of problems and such., Busy signals on xxx-5000/5500 and 686-4911., worked on making access number database for USA1Net, Emails, Vmail, Harry - Nortel List Install Def., phones, sign ups, invoices, TICC team meeting, Troubleshooting Netservers on 265-4812, calling Bell Atlantic, getting trouble ticket issued. Trouble ticket # 001-7392., Conference call w/ CHR, fixing ncortho.com mail problems coming from kenny.imcnet.net......., TICC A/P, Entering bills, travel time to westcotts, lunch, USAF - SSgt. Smith, Updated the expired accounts list from Dani, Travel to TaskForce - 7 Miles, E-mail, cowboys down, email calls, Travel to Clayton,
