Blog Entry: 3/25/2006 1:37:07 PM
I am a little confused here. I am in the process of understand how this all works, mainly the email portions as I am running this through a home server (Windows XP). I have tried test emails, but they are not going threw. I ran the server_info.asp and it is telling me that I do have CDONTS installed, version 2.8. Then I tried running, the test_mailer_component.asp. This page is telling me it is not installed. This process lead me to start looking at my components for my IIS. Everything appears to be there.
Any ideas, where I should go next. It appears the CDONTS code is in every page that it needs to be in, and it appears that I have it installed, but there is a disconnect between the two..
, the sql databse is the same.. the sql script is the same for any version
as the site says they are essentially the same app with very minor changes... if you are trying to share the same sql database with both it's not gonna happen because the table names are the same
truthfully:
that app runs nealry as well with msaccess as it does with sql so I wouldnt get too excited about running it withe sql. You will not see any benefits unless you have a ton of simultaneus (sp) users.
cwilliams38312.1125115741,
I would look on the pictures folder on the server and see what is there for pictures. Also, when you see a broken X on the site right click and see where it is trying to get the picture from and what the pictures name should be.
I would also be sure to clear out your temporary internet files in IE. clost and restart all browsers..
maybe show me the site ? so I can see this happening ?
cwilliams38348.9748726852, It a generic error that means something is wrong with your data connection.
http://support.cjwsoft.com/code/moreinfo27-1.htm
http://support.cjwsoft.com/code/moreinfo136-1.htm
, I am not sure. I can tell you that I run windows 2003 server and I have never had any issues setting permissions for ASP.NET files and folders. This very server is 2003 and the ASPProtect.NET demo runs on this server as well.
Course, I can't say that I have specifically tried to remove ASP.NET READ permissions on the database folder as it's just not something I would not have a reason to do. Why are you trying to do that? The ASP.NET account needs that permission. If you are trying to stop file browsing and downloading in that folder that is not how you do that. The best way to do that is by keeping the database somewhere else on the server that is not part of the http web. , Some of our users complained that their users id and passwords are sent in the clear. So we decided to invest in an SSL certificate from Verisign. It has been tested fine with all forms and pages in ASPProtect version 6. The only remaining page which I am not sure how to protect is the home page. Let's say my home page is http://www.MyDomain.com/index.asp. When the user goes to this link he/she will be presented with the check_user_inc.asp page so he/she can enter their ID and PW. So how to make the login information send from this page thru HTTPS?
, thats because you can not have exchange server running at the same time as the windows IIS virtual smtp server..
they clash with one another... and thats why the emails never get picked up by the iis stmp server
you have to send the emails another way like using a true remote mail server.. I am not sure but if your exchange server can do pop 3 you can probably use that that way
you may be able to change the pickup directory that cdosys uses under the virtual SMTP scenario, but I am not sure if that will work with exchange picking it up, but maybe it will work ok because you said it does when you paste them in there manually.. I do not really know.. you'd have to try it and edit the email sub routine to use that pickup path
"scripts/emailing_subs_inc.asp" is where you could try editing that path
, UPDATE... on very very busy sites these methods have been reported to fail once in a while.. meaning .NET gets overloaded and instead of a banner its shows some error code.
its not the banner system .. its the .net engine and the calling method
cwilliams38326.8618865741, here is the next response to this which was emailed to me but should have been posted here
From: Mo Afifi
Sent: Sunday, October 23, 2005 4:47 PM
To: CJWSoft Support Info
Subject: Re: CJWSoft Support Info : SSL - Verisign Certifcates
Hello,
Thank you for responding to my posting. In the second line of your response you said “not start them off at an http:// url". I think what you meant is to "not start them off at an https:// url". If this is your intention then I agree with you 100%. I have revised my pages so the users will go first to a non-https page and then make a choice either to use secure or non-secure access. Please note that the site is not intended to be completely SSL protected but only the sign up pages. I have another problem though when I click on the "Secure Log In" and enter my log in information; the entire subsequent URLs will have https:// in them which I could not shake off. As I said the intention was to use the https for sign in only.
I realize that this issue does not have any thing to do with your product, but any input will be appreciated. Best,
, One problem that is appearing is that in the admin section, in the users.aspx page, only one user is showing up when there are in fact 9 users. Also, when I click the edit user or email icon, the page does not go to the edit screen, it remains on the same page.
Also, I’ve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile. It could be due to the fact that the rest of the project is in C#. Or it could be due to some other factor in ASP Protect.
, well, for now you have to watch the logs. What your talking about would take up a lot of server resources and database space to keep track of. Maybe some day, but no plans at the moment., Chris -
Long time no talk, which is a good thing. I have purchased another product from you, ASPVendor. I am running into an issues.
When I try and remove the image through the image manager, it does not remove it. Screen shot attached.
2005-10-19_194248_image_upload.zip
Thanks
, And here is an even simpler version where the database name is hardcoded and the User_ID is set ahead of time from wherever you are getting it from
'User_ID = CmdListUsers("User_ID") ' getting it from another database query
User_ID = Request("User_ID") ' getting it from the page post
SELECT COUNT(Album_ID) AS Alb_Count FROM Albums WHERE User_ID = " & User_ID & " AND Album_Active = 1" cwilliams38433.0595949074, Hi, I am glad you like the system.
Thx for the comments..
The banner logic in aspbanner it tweaked for speed and performance.. that sort of thing really wouldn't fit into the current code structure very well. It would slow things down and be a nightmare to code because of the way aspbanner uses ultra fast application variables for the banner rotation. Basically its a feature I didnt incorporate for performance and pricing reasons.
I would suggest making different zones for different conditions.. then surrounding the banner calling code with if else logic so a different baner zone was called under certain conditions.
That way performance would not be effected and you could actually show a different group of banners based on certain conditions.
Sorry, but that is the best advice I can offer at this time.
I built ASPBanner for performance and at this time I refuse to sacrifice that for any feature that will slow it down and consume more resources.
cwilliams38383.5395601852,
Both
the NET and Classic ASP versions of this application are designed for
fine granularity protection of individual apsx extension files.
ASPProtect.NET is not designed or intended to protect sub directories,
or non aspx content such as Adobe Acrobat .pdf files etc etc.
I
completely disagree with your statement that “most sites” have a login
box on the left hand side of the page. I suspect you thinking of the
ever popular php based forums and “Nuke” type CMS systems which are set
up that way but if you look at any site written entirely using .NET
that’s rarely if ever the case. (Granted I cant say for sure because I
personally haven’t looked at >50% of the estimated 18 billion + web
pages on the internet) Just off the top of my head www.CafePress.com
come to mind as a pure .NET site. If you take a look the login button
it takes you to its own login page there is not global login form used
throughout the site. Reason being that .NET introduced this thing
called a “view state” which is used to store things like your session
ID (and way more) and must be posted back to the server in order to
keep track of visitors. This technology comes in especially handy when
you have a web farm in place and your content is being spit out out by
more than one server at the same time
I
can think of loads of scenarios where the web servers need to know who
you are even though you are never directly contacting them via http.
This approach is a very smooth and actually very clever solution for
enterprise level websites that simply can’t be handled with a single
web server.
On
a practical level I know what you are saying but that application sets
up all sorts of things when a protected page is accessed and the user
is not yet authenticated. That’s the entire reason you need to put that
snippet of code at the top of a page you want to protect. That code
snippet calls the ASPProtect.NET class and runs through all the logic
to see if you are able to access the page. If you are the subroutine
exits and the server continues to process the remaining logic on the
page. AKA you are able to access its content. If you are NOT
authenticated ASPProtect will setup all the proper session and
viewstate info and redirect you to the login page for authentication.
You may have also noticed a parameter on the login page called
ReturnURL. The application looks for that info and if you do have a
user ID and password the application automatically redirects you to the
page you were trying to access in the first place.
Really
I have no idea what you are trying to do, but there is a world of
difference in how something looks verses how it works. Lets just say
there was a simple way to do what your thinking, what are you going to
do with that login form after the person logs in? Just keep displaying
it on the entire site so people get confused and don’t know if they are
logged in or not? Just that little part of the equation will require
making some changes to either ASPProtect.NET or your application will
have to have some logic built into it to stop displaying the login
forum.
It
sounds to me like your basically looking for a super simple 101 type
deal that allows people to sign up for an event and you the admin can
see that information? I’m guessing they can also log in again and check
out their details and see what event they signed up for?
If
that’s the case you’re trying to take a very sophisticated protection
application and downgrade it into something that would be one heck of a
lot easier to write all from scratch in about an hour.
Your
not going to be able to “plug and play” a simple form into a page and
turn that application as a magic universal login solution for a
website, while its 100% possible to use the application that way if you
choose, you need to check out the source code and plan your custom
integration accordingly.
, My client has a list of 13,000 members that
have already been assigned ID's and passwords with a
homegrown system.
When doing a bulk import, will we be able to retain the userid and password or will a new id be assigned during the bulk load?
Thanks in advance for your help.
, This is great documentaion for windows script 5.6
in windows chm file format for jscript and vbscript.
We use server side vbscript in all our our ASP 3.0 applications so this info can be a lot of help.
2005-02-18_150921_vbscript_docs.zip
cwilliams38401.6321990741, There are several pages on my website that a user may go to that are not protected (e.g. home page). If the user has indicated that they want to be saved on this computer (until they explicitly log off), and their 1st entry point is to an unprotected page, how do I determine whether they have logged in before, and extract the info from the cookie / session variables without forcing them to log in or making the entry page protected?
, Hi,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://
, Windows 2000 server you said ? Just checking on that one ?, Okay, here's the problem. The out of the box sql script creates a catalog called aspphotogallery and a user id aspphotogalleryuser.
The out of the box GalleryConnectionString tries to access a catalog called aspgallery and a user id aspgallery
'*** GalleryConnectionString = "Provider=sqloledb;Data Source=p600laptop;Initial Catalog=aspgallery;User Id=aspgallery;Password=temp;"
I see the readme.txt has been corrected but the line in dataconn_inc.asp still needs to be changed.
lancem38325.9032986111, Not really. The way I thought activity would work is that I would always see the last 50 users. Not sure what controls that and why I wasn't seeing it, but it sounds like it is an IIS thing and since my site is not all that busy, it will not show the users if some process has reset the numbers. Not a big deal.
As for the log files, I think it is related to my other question regarding the export directory. I have the ISP looking into things at thier end to see if they are doing anything that could cause the directories to disappear.
Thanks,
Dave
, I am running .asp pages and using the longer code method to display flash banners on my site.
I have noticed a considerable decrease in the loading of my index page when I have a banner called. When I remove the banner, all is fine.
Any suggestions?
Dave
, again I will ask you what is the real error??
see the link above when I asked you the 1st time.
(I need the error details and line number.. etc etc)
and what kind of a server are you trying to run it on ?
you mention xp pro but in a confusing way ?
, Trying to make sense of this. I am still confused. In the file config_inc.asp. I found the setting for "uploaddirectory". That entry looks like this [UploadDirectory = CmdGetConfiguration("UploadDirectory")]. I assume there is a config file where the value of upload directory is located.
The settings in the config_inc.asp file have not been changed. they are set to the way it was delivered. Is there a document that gives instructions as to what and where the config settings are to be changes?
, thanks!! the file took care of the extra slash. I also fixed the problem by modifying the permissions.
dazed
, OK, so I misread the instructions. Wouldn't have been the first time
that happened... but I just had an account get created, guy then
paid, and... no activation. I had to go in the next day and do that by
hand. What should I do to look for troubleshooting on the issue? I've
got all the default directories set up and all the files where they
should be. What next?
, It appears there was a flag problem. When reading it into SQL Server, it converted the True/False in Access to 1/0 in SQL Server.
, Redirecting is not something ASPProtect does because you can
do that sort of thing using simple ASP redirects.
In all of these examples you are going to want to protect the pages you send these users to accordingly.
So that if they know the url they just cant go their directly without loging in.
Redirecting example..
This page will redirect admins or level 4 users to a certain page and anyone else to
another page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Admin") = "True" or Session("Access_Level") = "4" Then
Response.Redirect("sompage.asp")
Else
Response.Redirect("someotherpage.asp")
End If
%>
Redirecting example..
This page will redirect level 1 users to a certain page. level 2 users to certain page, and anyone else to
another page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Access_Level") = "1" Then
Response.Redirect("level1.asp")
ElseIf Session("Access_Level") = "2" Then
Response.Redirect("level2.asp")
Else
Response.Redirect("allothers.asp")
End If
%>
Redirecting example..
This page will redirect user "PistolPete" to a certain page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Username") = "PistolPete" Then
Response.Redirect("somedirectory/somepage.asp")
End If
%>
then just make sure the page you send the user to to also checks to see if the user is the right user.... to make sure others users can't access each others pages
<%
If Session("Username") <> "PistolPete" Then
Response.Write("You do not have access to this page.")
Response.End
End If
%>
etc etc etc.... these code snippets should point you in the right direction...
, When a logged in user with specific group rights tries to look at a
page that has different group membership requirements the Login screen
comes up giving them an opportunity to login with different rights to
view the page. If you log in again with your current user name
the same login screen returns with the added words something to the
effect of "Access Denied, you dont have group rights to this page...".
The only way to get back to the previous page is to hit the back button
on the browser (there is not a back button on the denied page).
I would really rather not even present the "login again" screen to a
user but just have a custom page that says "access denied" of my own
design with a back button on it. Is this an option provided for
in ASPProtect currently? I did not see it in the admin section
settings tab. Is there a separate "login again" asp file that is
being used for this
group access deny message that I could alter, or does it always have to
be the login asp file?
Or would this require me modifying the check_user_inc.asp file around
line 356 to change this behavior (I don't want to screw up any other
stuff though...).
Thanks!!
Oh, PS. just a quick check...it looks like if a user is an
"admin" he automatically gets to see all group pages regardless of
which set of group numbers are assigned in his user account...is that
right?
, Ohhh...
I was thinking it worked like this; A user goes to that page and logs in.. and from there they can then browse the site and do what they want..
So in order for it to work i need to edit a page say... members.aspx (i assume it needs to be an asp.net page) and in the header put that protect code and when a user accesses it, it will prompt them for their un and pw and then if correct will allow them to view the page... and likewise if they are still logged in will be able to use the page?
If that is how to works as i mentioned above thats great...
I understand the redirect principle...but say i have a log in box on the main page... you know like most pages have a user log in on the left hand side... i wanted to do that. But i cant obviously protect the main home page or else normal users will not be able to view it without logging in or registering
, Just copy the files over. have permissions set on any folders that need it, and edit the data connection so it's valid for the new server. Once you get logged to the admin area go update all the settings so any urls are valid.
really its no different than a new installation so just follow those directions but use your existing files.
There is no domain pointing involved...
As logn as the old stuff is not accesible on the live internet you don't need another license.
As for my installation fee of 25. That is only for new installations. I charge more for something like that as there may be compications such as custom changes to the code that I would have to deal with. Customers often custimize the login and users area.. etc etc .. and there may be hardcoded urls and what not to worry about changing.
LASTLY, I noticed all your other posts are in the ASPProtect 7 area so the installaton process for that is a bit different than for Version 6 so what I said above is not quite the same process. Please make sure you post in the correct area when asking questions. , actually, passwords can be up to 75 characters long in ASPProtect.
the only requirement when entered from a non admin user is that they are at least 4 characters long.
what does MSAccess have to do with this ? Are you trying to convert and old system or something? I noticed you created and "old password" field in there ? Is there something I do not know about as far as what you are trying to do?
Passwords in version 7 are encrypted so I hope you understand all of that and realize you can not enter or change passwords right from SQL server. Also if you import info you must handle that accordingly and convert the passwords to encrypted format for the new version., This first one may be an obvious one, but is it only .asp files that I can protect as in no HTML files.
Can the program be set to protect my whole https directory contents (though the answer to the last question may have bearing here - there are html files as well as .asp in there) as in http://secure.mydomain.com
Thanks in advance
, I don't believe that the iframe method is supported in a .NET (aspx) implementation, is it?
JDooley
, Please be more specific. What hit count are we talking about ?
User Logging ? Albums ? Something else ?
Please descriube the situation in detail. There are really no settings for any sort of hit count.
, I am using VS 2005, when i go to new project in visual basic folder asp.net web application is not there..
Can i add it somehow?
, still.. its got to be somthing along those lines.. I have seen times when even dbo didnt have full rights to a particular database so permissions should always be manually checked..
The import data routine is most likely the source of the trouble
For troubleshooting sake I would create a fresh installation from scratch using the sql script we provide and a new SQL user. Then see if that works. If it does then try to import your data into that.
There are no other things I can think of doing. Sometimes you just have to start with a clean slate. , ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
