Blog Entry: 3/25/2006 4:24:41 PM
ok, well that should not be a problem then.. its meant to be able to be put in a folder like that.. just make sure the folder is not a subweb or anything like that... meaning dont set the folder up to have its own application in IIS. Just use a regular folder of course that is part of the root iis application.
Perhaps you just didnt edit the paths in the settings like I mentioned., Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.
If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
http://support.cjwsoft.com/code/moreinfo169-1.htm
but change the target of the form to one of your frames
personally though I think that would be a somewhat goofy setup to have going on
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?
As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .
Really, the best thing to do is expirment and see how things behave.
,
the no concurrent login feature is based on IP addresses.. if you logged in again using the same IP address it would let you in regardless. So for example if you were behind a rhome router and logged in to a site on the internet it would nt matter if you had multiple computers at home because they would all have the same external IP address... etc etc
In other words it is tricky to correctly test..
I really need more detailed info on everything going on. I real world scenarios there are no issues with that feature that I know of. At least according to customers so far. ,
Best setup I recomend is just setting up a rig and making a workgroup.
No real reason for a production machine to have any access to internal
security when you think about it.
classic asp should be pretty easy to move, just set up new webs and
dump the scripts in there. If you have 2 machines its always easier to
look at the one while your building the other. Basically copy the setup
and tada... the only thing you might need to remeber is components (if
your using any) and thats usually not a very big deal either.
Point sort of being at some point your going to have to change that
thing around and while its no fun you have to imagine now is a better
time to bite the bullet and get it set up the right way. Your
alternative is to mess around for hours and hours praying that you
change domain wide security to the point that running NET
apps on that domain controller works. Personally I wouldnt sleep well
knowing I had just messed around so bad with the OS that I had no clue
what bugs and security holes I might have accidently opened in the
process. I wont even get into the possible things that might stop
working on the rest of the domain if you fiddle with accounts like
"Network Service"
Oh and if thats not enough reason to make you think about it, consider
how hard it will be to try and rember what you did at 2AM 6 months from
now if that machine takes a dive or some critical update undoes what
you changed.
I feel for you though, trust me we have all been down that road once or
twice. Get some sleep and in the AM the task at hand wont seem nearly
as bad. You live and you learn, and you will definatly be WAY better
off making things right sooner than later
, Well, I assumed I'd be able to tweak this thing but it is all so intertwined it doesn't pay to mess with any of the files. Hence, I'm going to have buy a different system only a week or two after buying the unlimited version here.
As I leave I want to give you some impressions here. While the system is low-cost, the 99 dollar version is missing a few pieces that I think would bring the value to 99. It is one thing to talk about the speed/performance, but to a degree that's hard to measure, and to anyone with web advertising on their site, performance will always run second to potential site income.
It definitely needs a user interface and registration for advertisers, and it definitely needs a single variables file for changing the hundreds of variables for which there is no control. I had to search on my own just to change the look and feel.
Lack of multi-zone support is a serious drawback. I would submit that anyone with a serious website needs it, and will gladly pay you 139 over 99 for just that one feature.
Take them or leave them, they are just suggestions.
, I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.
Can't I simply delete the code that does encryption?
If not, how can I
take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,
export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks
, Thanks, I know, I have it all figured out and have thought about it before. Just no time yet to do it. It will probably be an add-on/mod when I get time. , Parent Paths ?
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&P N=1
, so, on control_pics.asp where you see
<% =TempDesc %>
you could try doing this instead
<% =Replace(TempDesc," ","") %>
, I log all 404 errors on my site and since installing ASPBanner, I get a lot of the following error:
/aspbanner/edit_banner.asp?Banner_ID=11&User_ID=1 contains a broken link:
/aspbanner/right1.gif
ID changes and there are various missing links. Some missing links include:
/aspbanner/drop2.gif
/aspbanner/left1.gif
/aspbanner/right2.gif
etc.
While not critical, these are filling up my error logs and it takes time for me to sort through them.
, I'll try to help when I get back tues night,, see the contact page for info on where I am
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry
, I am not talking about image resizing. I need to know if it is possible to limit the upload to images where their height or width is less than 500 PIX. , the reason being is because when I do installs I do not touch any of your existing content. I only install the base application and make sure everything in it working correctly and also that the example protected pages are working. I do not integrate it with your existing site or edit any of your existing web content. That is up to you
sorry about that, but it would be way too time consuming and editing people's existing pages is a good way to cause a lot of headaches for me and the customer if something goes wrong. Not only that but everyone uses the system differently and it wouldnt make sense for me to be the one doing that based on access levels, groups.. etc etc which will all be custom to how you want things set up.
more on installation policies here.
http://www.cjwsoft.com/installation_service.asp
, DONE IT
DON'T WORRY!
DON'T ASK HOW, BUT NOW IT WORKS!!
THANK YOU IF IT WAS YOU, OR THANK YOU GOD IF IT WAS ME!!!
, that erorr in no way means what it says.. it is just a generic error because something failed.
if you want to PM me info on how to get into your site and I will take a look.. I don't think it is something that can be figured out otherwise especially when you are not telling much about what is going on. There are a lot of factors and settings that are relevant. , alternate databases are right here.. the documentation clearly links to this, its really not difficult to find
http://support.cjwsoft.com/code/moreinfo164-1.htm, well, you should probably be backing up the SQL database on a regular basis. That is between you and hosting company. If they let you connect via SQL Enterprise Manager you can do backups on your own.
As far as the aspprotect files and folders go back them up somewhere, and then only worry about backing them up again if you change some of the files.
That's really all there is to it. None of the ASPProtect files change on their own except the generated log files that you may or may not care about backing up.
I mean the important thing is the Database, and then of course any your own .asp pages that you protected as well as any custimizations you made to the users area or your site...
, well, I think John just told you what the deal is. He knows more about ASP.NET than anyone else I know.
If you are going to run a non-standard setup then you are going to have big problems like you are having. , Need to know more about ASP ?
Check out these links.
| |
15 Seconds
Free resource for developers working with Microsoft Internet Solutions. 15 Seconds is the biggest IIS and ASP development resource in the world. |
| |
ASP FAQ
Have a question about ASP? Check the ASP FAQ site. They've probably got the answer. |
| |
ASP Free
Your 1st source for free ASP and ASP.NET live demos, downloads and more!!! |
| |
ASP Connections
ASP Connections Conference for the ASP Developer features sessions on ASP Performance, IIS 5.0, ASP 3.0, XML, ADO, E-Commerce, VID, COM, COM+, MTS, DHTML, load balancing, and more. Speakers include Mike Amundsen, Wayne Berry, Charles Carroll, Michael Corning, Jeff Niblack, & Ken Spencer. |
| |
4GuysFromRolla
4GuysFromRolla: Web Technology, Programming, Humor... All this and it counts as work! |
| |
CoverYourASP.com
A great new site. It's got some great stuff and is using JScript! A must see! |
| |
askASP
Promising new site! Check out the question archives! |
| |
CodeHound
CodeHound ASP - The ASP Developer's Search Engine! |
| |
CodeAve.com
A neat ASP reference with some interesting features. Check out their "Script Writers" |
| |
ASPZone
The website for advanced ASP developers. |
| |
DevASP
A relatively new ASP site. Straight forward and informative. |
| |
www.LearnASP.com
This in another site maintained by Charles Carroll, and it specializes in Active Server Pages programming issues. Contains links to a wide range of resources and articles. |
| |
ASPin.com
The ASP Resource Index. Here you will find the stuff you need to take advantage of ASP and make your website an interactive mecca. |
| |
ASP Sites
A great place to go to find ASP resources fast! |
| |
Macromedia - DevNet
While much of the content is Dreamweaver MX-centric, they also have a fair amount of plain vanilla ASP.NET content as well. |
cwilliams38431.8787152778, I cleaned up the code as you suggested, and I still can't get the images to display without the whitespace around it.
How do I download the ASP version? I'll give it a try.
Thanks for your help,
JDooley
, ConnectionString = "DBQ=C:\TradersReportsCom\aspprotect\data\database\ASPProtec t_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
I have already set the folder permissions as indicated in the documentation.
, Lastly, I put there information here to help, but please don't ask me any questions about it.
I am not microsoft SQL server support. If this doesn't work for you simply start troubleshooting and doing google searches like I do. , 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
Before you even start please read this thread and do what it says.
If any errors show up it is important you see the real error instead of a useless HTTP 500 internal server error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1
Once doing that make sure to use Internet Explorer as you follow along with these directions.
Now, unzip your installation zip file that you downloaded from CJWSoft.
Use a program like winzip and be sure you have it set up to unzip the directories as well. You can also use windows xp's built in folder compression tools to unzip the archive.
When you unzip the application you should have all of the following folders and files. (more or less, it depends on the version)
Now, you can copy all of these files into the root of your website or if you like you can make a folder called "aspprotect" and put all of these folders and files in that folder. Either way it really does not matter.
Now, contact your web hosting company and instruct them that you need permissions set on the data folder that you copied into your website. This folder and all of its child folders need modify permissions set on it for the anonymous webserver account. It is very important that they set the permissions correctly and on all the child folders as well.
Here are some threads on exactly how these permissions are set.
If you run your own server or are developing locally you can do this yourself. If not most likely you need to put in a request to your hosting company as you CAN NOT set these permissions via Frontpage or FTP.
Windows 2003 Server and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=136& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1
Windows XP Pro and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=56& PN=1
Once permissions are set.. run this page via your web browser
http://www.mysite.com/data/setup_info.asp
Replacing the part in blue with your website info.
When this page is run it will report back a screen like so:
Now, take the connection string info it shows you.
Edit the "dataconn_inc.asp" file in the root of the ASPProtect system and use that data connection information. It should be valid for the server.
If you are using MSSQL server instead of Access please see the SQL database creation directions as you will need to create the MSSQL database and use a special connection string for that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=160& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1
Now, take the CookieEncryptionKey and PasswordEncryptionKey info that it gives you and enter it into the "config_inc.asp" file in the root of the ASPProtect system. These will be the unique keys that your encryption will be based off of.
Ok...
The files have been copied to your website, the permissions are set on the data folder, and the database connection is ready.
Now.. run this page
http://www.mysite.com/password_admin/get_me_in.asp
Replacing the part in blue with your website info.
This is a special page we use to get into the system for the 1st time.
If you get a nasty error when you run that page similar to this.
Error Type:
Active Server Pages, ASP 0131 (0x80004005)
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
Then parent paths are disabled on the webserver and you need to do an extra step to deal with that. Follow this link.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=162& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1&TPN=1
If you get any other variery of "80004005" error then there is a problem with your data connection.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1
Those errors are usualy related to database folder permissions or an imcorrect physical path to the database file specified though they can mean a lot of things.
Once you get the page running you will see a login prompt and one form field
You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.
If all goes well you will see the admin area of ASPProtect.
Now that you are in the system you need to create an admin account.
Click on "ADD NEW USER".. fill out the info and add a user.
You really only need to fill out (first name,last name,email,username,and password)
Now save that user.
You should see a new user listed in the admin area. Click on Edit user to the left of the new account. On the edit screen check the "admin" checkbox and save the user.
You just created an Admin account.
Now click on the "log off" button on the top menu and click yes to log off.
Now close the browser. Then run this URL
http://www.mysite.com/password_admin/default.asp
Replacing the part in blue with your website info.
You should now be able to in to the admin area of the system using the new admin account you created.
You are now ready to go to the settings page so click on the settings tab in the menu. There are a lot of options and paths that need to be set on this page. Every setting is described in detail on this page. You need to go through the page and set things up properly. Anytime the page asks for a path to a url or file the page will auto generate what should be the path to use. (expected path) If your server has parent paths disabled a few of those auto generated paths will not show up. If that is the case run this url from your server and it should tell you the paths to use for those settings.
http://www.mysite.com/data/expected_paths.asp
Replacing the part in blue with your website info.
Once your all done and the system seems to be running fine you should go back and delete the following pages as they are no longer needed and pose a potential security risk.
http://www.mysite.com/data/setup_info.asp
http://www.mysite.com/data/expected_paths.asp
http://www.mysite.com/password_admin/get_me_in.asp
You should back up the original zip archive you got from CJWSoft in case you ever need those files again.
VERY IMPORTANT: The user passwords from now on will be encrypted using the "PasswordEncryptionKey" you specified in the "config_inc.asp" file.
If you ever change that key all of your passwords will be invalid and you can not get them back unless you know the key and put it back, so plan on never changing that key unless you really know what your doing and know how to decrypt/re-encrypt the passwords using a new key. (something we do not cover at the moment but probably will when we have time to make a tutorial)
, Is there a limit to how many access levels the program has? We were thinking of having a different access level for each client that logs on our site so we can customize their web experience. We see 6 in one place of the program, 8 in another, but is there any reason why we couldn't make 100 more?
Thanks again for the help!
, noted.
1.) this has been explored and because of the way groups works is not feasable. Because us this I wrote code to allow you to view and sort all users for any group on the actual groups page. You pick a groups and then click the "Show Users" button
2.) noted
, sorry for the confusion, but I am not that good with the tech explantions yet.
what it boils down to is I have an Access Database containing over 100
members names. I want only those people to be able to get into
the secure pages.
Thanks. Harvey
, did you fix it because I see all the pictures just fine ?
http://mcintoshcounty.org/real_estate/view_item.asp?Ad_ID=1
, Hi
I downloaded the .chm format installation documentation but when I open it I get the index but can't see any of the pages so am a bit stuck.
, I have narrowed it down. The ../ for includes will not work with .asp files but will work in .shtml files.
any ideas?
, thats a new one... I need some sort of error to go on..
No error ever ? It must eventually show something ?
, Your actually confusing me with the whole "joe bloe" thing and user access. I just do not get what you are trying to tell me. Perhaps you can explain in a less confusing way. Your just not technically explaining it andand thats what I need to know to possibly help.
As for the subweb thing you just can not do that. Subwebs have their own sets of application and session variables. An ASPProtect installation and any pages you protect with it are required to be in the same "application" in IIS. Sicne subwebs have their own "applications" in IIS that won't work. It is the nature of "forms based authentication" A sub web is alo considered by our licensing to be a seperate web site and ASPProtect is licensed per web site.
As for breaking pages.. you really shouldnt be editing any pages in the admin area as you will break them unles you are very good with ASP. (does not sound like you are..no offense meant at all)
Pages in the "users" folder are less complex and it is usually ok to edit them carefully.
http://www.powerasp.com/content/hintstips/common_sense.asp
Pages of your own that you password protect can still be edited in your usualy way though without effecting anything.
Truth is if you back things up before you start editing how can you go wrong ? That's how you learn.
, I recently upgraded my ASPclassifieds from MS Access to SQL. The application launches, I can browse existing catagories, etc. but when I try clicking on the login, guestbook, register or accessing the classifieds_admin, I get the HTTP 500 - Internal server error. Guessing this must be a folder or file permission issue? Have tried changing IUSR permissions but nothing helps.
Please advise.
Thanks, lancem
, CJWSoft offers a mutually beneficial partnership program for resellers of our Active Server Pages Based Web applications.
The program is very simple.
- You offer our products to your customer's as Ready-to-Run Web Site Applications.
- We sell your company our software at a 50% discount allowing you to re-sell if for the same price we sell it for or slightly higher.
- Your company installs the application in the customer's web site and configures it for the customer.
- Your company is in charge of installation support and general usage issues. We handle other more complex issues as usual.
Each time a customer purchases an application from you, you are required to purchase a license from us.
These must be purchased online via PayPal. You will be give a special password protected URL where these purchases can be made. You are in charge of setting up a system for your customers to purchase the software from you. You are also responsible for purchasing a license from us within 7 days of a license being purchased from you.
Below are the applications currently eligible for the program.
They have been chosen because of their popularity and reliability.
You must resell all three applications below.
The details and pricing of this program may change at any time.
 |
ASPBanner Standard sells for 99.95 (You pay 49.95)
ASPBanner Standard is a high end Banner Rotation system. Web Based Administration for managing the users and banners in the database. Advertisers can monitor online statistical reports via their web browsers. |
 |
ASPProtect Version 6 with Option Pack sells for 99.95 (You pay 49.95)
Easily Password Protect any ".asp" page within your web site. Easily integrates with your current website or project design. Web Based Administration for managing the users in the database. |
 |
ASP Photo Gallery Pro sells for 49.95 (You pay 24.95)
ASP Photo Gallery allows anyone to have their very own online photo album. Upload an unlimited amount of albums. Set up categories however you like. Allow others to upload photos. Optional image resizing and thumbnail creation. |
We are looking for Web Hosting Companies and ISP's who can sell an average of 2 applications per month.
If you are not a serious company with a professionally done website you need not apply.
We are not looking for mom & pop operations.
To be very clear:
We are looking for experienced ASP Development/Hosting Companies that are serious about being a reseller and ready to go.
We need knowledgeable resellers that are experienced with ASP and will be able to install the application for the customers and handle some of the general installation issues that may come up.
To qualify for the program:
Please send us a brief overview of your company, Website URL, and your expectations for the program. After looking over your information we will get back to you with a response.
Contact us
Additional Info:
Our applications run on NT based servers only with true Microsoft ASP support. They do not run under Chilisoft. Our applications are licensed per website. That means one running installation of the database and scripts. Qualified resellers will be reviewed every quarter to see if they are meeting the 2 application per month quota.
AND LASTLY PLEASE DONT WASTE OUR TIME. IF YOU ARE NOT SERIOUS DONT EVEN BOTHER APPLYING. I HAVE HAD A LOT OF WANNABES SIGN UP FOR THE PROGRAM AND THEY ARE EITHER NOTHING BUT A PAIN IN THE BUTT OR THEY NEVER SELL ANYTHING. IF THAT IS YOU DONT BOTHER. ON THE OTHER HAND IF YOU ARE A GOOD SIZED COMPANY AND YOU KNOW WHAT YOU ARE DOING WE WE"LL HAVE A WONDERFUL AND PROFITABLE RELATIONSHIP.
I think you getting all confused about dsn's and what they really are.
A system dsn gets created via the ODBC control panel and gets listed there. A system dsn is nothing more than a registry entry telling information about where the database is an how to connect to it. Then every time code accesses the database it has to do a registry lookup. The whole process adds a lot of delays, causes very poor performance and is unnecessary.
A dsn-less connection simply connects directly to the database by specifying the driver being used, where the database is, and some other information like the password if there is one.
To get aspprotect or any other ASP application using a database all you have to do is make sure the database folder has correct permissions and then make a connection string like so. (with the correct info for your directory structure of course)
DBQ=c:\inetpub\wwwroot\aspprotect_6\data\database\ASPProtect _access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp
If you are wondering Access databases always use the same username.
So, basically if permissions are set correctly and the directory is valid it will work.
It is really that simple. 99% of the time when people have problems it is one or the other.
That being said, don't worry about the odbc control panel and what is listed there for connections. All we really care about is that odbc drivers are installed and somewhat current.
One last thign for reference: even if you do make a system dsn the database folder still needs the correct permissions.
If you still cant see the upload buttons after checking the settings send me a PM with the info and I will take a look at your installation. It will have to be up on a live server of course.
, I've given the IUSR account modify access for the aspprotect folder.
In the ODBC manager module on the webserver I've taken out the aspprotect access driver option.
ConnectionString = "DBQ=D:\missourirealtor.org\members\aspprotect\data\database \ASPProtect_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
I've also taken out the password on the access database.
The original database of users I had was an access database from a different program called spooky login. I exported them into a tab delimited file and changed the column headings to match those in aspprotect exactly. Actually access would not let me import them in the databases without them being exact.
I imported that information directly using access's import options. I tried the import/export manager in aspprotect but kept timing out as well.
If you bought ASPBanner Unlimited Version 7.3 Before August/10/2004 this file needs to be updated.
It fixes a bug where the JavaScript method is not properlly closing an html Image tag. It can cause other hyperlinks on your web page to link to the same place the banner links to. This does not always happen but this fix is the way the code should be so it is best to update it.
Copy this file into your ASPBanner folder over the existing file of the same name.
recent activity infomation is temporary and mantains itself per application start up.. when the web application restarts for whatever reason the info is reset
ahh, I see..
that is not really something you should change.. it is pretty much always going to say read for any folder
It's hard to say, but adjusting settings like that could inadvertently change folder permissions in a way that could cause problems and be hard to correct. I really don't know that for sure but it is very easy to totally mess up permissions when trying different things. In the past I had to reinstall iis just to get things back to normal. I eventually over time learned what to do and what not to do and have never had a problem since. I am not saying you are one of those people but a lot of people have problems because they play around with things they shouldn't or they go nuts trying to give every account permission starting from root folders... overwriting important default permissions instead of just making changes to a few specific folders.. not understanding the importance of what they are doing..... etc etc
Sometimes you practically have to be a NT expert just to fully understand permissions. I know a lot and I can handle my own server but it's hard to explain the low level basic of NT permissions to others as there is a lot to it under the scenes. A lot of hard core NT/2000 users do all the permissions from the command prompt because there is a lot more control at that level.
Like I said earlier, what you showed me looks right but this isn't a complex issue and the error means what it means. Something isn't right with the permissions.
I would start from scratch if I were you. Perhaps consider doing an install in a new web instead of in your root like you showed me. Or try installing it on another machine for troubeshooting sake.
I am sorry I can't think of some amazing answer on this one, but I think this is just one of those weird situations that requires starting from scratch or trying it on another machine.
, Great software.
How easy would it be to copy the email address entered at registration directly into the login id field so that the user's email address is automatically used as the login id?
Also, where in the code can I turn off the random password generator - I'd rather force people to pick something they can remember themselves.
