Blog Entry: 3/25/2006 4:22:13 PM
no, its part the concurrent login checking system.
currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)
when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over
sorry
as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional. , sorry.. you just said above you were using XP SP2 so that is the article I referred you to as I just assumed you were talking about your local web server
here is my article on permissions regarding server 2003
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp
I can look at your installation monday if you like. In about an hour I leave for a wedding thingie and I wont be around again untill monday around noon
Try the uploading using VBSCRIPT method just for the heck of it. Perhaps there is an issue with the installation of the dundas component.
CJW
,
Well. fontpage publishing is evil. That you have found out.
Do not use it. It usually wont work right when running asp code locally and also at the server because of differences with the paths and virtual directory structure. etc etc etc
You can definetly use frontpage to connect to the web site live and drag and drop files into it/edit them... but the sooner you stop using the publishing feature the better off you will be. , New Power Supply and a new (CPU Fan/Heat Sink) seemed to do the the trick. She's running like a champ now...
Hopefully it keeps doing so. Only time will tell.
It she's stable I can get back to designing some new software. cwilliams38296.9772800926, I would like to change this file name to the typical Login.aspx, how to do this? I have a VS 2003 but need instrutions if that's the route to go., Hello,
I really need more infomation..
for starters
what is the server ? iis4,5, or 6 ?
what is the version of aspbanner.. aspbanner standard or aspbanner unlimited ?
what was the error message before you removed the "on error resume next"
was the sql database created using the sql creation scripts we provide as that is VERY important.
and lastly what are the the regional settings of the server ?
what is the date format ? , Ok nevermind that... i got by that wasn't paying attention...
The problem is even before this which i didn't know until now.
I placed the protect tag in a page i called members.aspx
When i go to this page is says ACCESS DENIED etc etc etc.
When i go to login to view this page i get the error..which i DIDNT know because i assumed it was working. This is the error im getting:
Server Error in '/MAP' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /map/users/aspprotectlogin.aspx
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42
btw it says /map because that is the subfolder within the root folder , If by permissions ou are reffering to the IUSR with write/execute
permissions, they are already set. I get this error when I hit the 'Create New
Export File From Current User Database' link:
Microsoft VBScript runtime error '800a004c'
Path not found
/ASPProtect/password_admin/export.asp, line 76
Any other suggestions?, I am using ASPProtect's password program, which has been very successful, for managing over 1,500 military veterans' memberships at http://www.vspa.com. What I am trying to do now is utilize the "Groups" code, as generated by the Admin page, to prevent members with expired accounts (and non-members) from accessing restricted "members only" .ASP pages they may have bookmarked, or found via web search. The code generated and used is as follows:
<%@ LANGUAGE="VBSCRIPT" %>
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * ADMIN * Member Current * Member Life * Officer/Staff * ) -->
<% GROUPACCESS = "10,12,14,19" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->
The above is placed over the <html><head> statements on the page.
When I am logged in the code works perfectly! When I log off and try the URL again, the page appears in its entirety but with a Login box for Username and Login Password at the top of the page. You may view the problem at: http://www.vspa.com/aspprotect/vspa-password-enter.asp .
What I would like to have happen is expired members and non-members would be sent (or Redirected) to a Login page. I do not want the Login password box to merely be inserted above the page that I am trying to keep them from visiting.
Don Poss,
VSPA Webmaster , Version 8.1 can work with MySQL
http://www.aspbanner.com/aspbanunlimited_v8.asp
It is just not supported at all.
The standard version can not work with MySQL.
There were a lot of changes to make the new version work with it and I really only did ift because I have a couple friends with busy sites that could only use MySQL.
It sounds like your site is way too busy for using an access database as you mentioned. , Just wanted to let you know that after modifying the remote host string in the email pages and getting the correct connection from my server, everything is running fine.
I hope you enjoyed your vacation.
thank you
adam , So do I just replace the four folders that came with aspprotect with the four (in my case domain directory) folders in the patch or just move the files?, It just sits there indefinitely without an error being returned. The only clue I have is that it seems to be connecting to the database when I try to log-in. I know this because I decided to erase the files and start again, but I could not delete the database because it was "in use". After I rebooted to clear that connection and erased the database, then re-did the install, the same condition exists after entering the key on the get_me_in.asp page. It just sits there indefinitely., Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Source Error:
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
Line 3: |
Thanks!
, Good Morning - I getting errors in my system log that says "404 file not found" for a number of files - Here are a few examples:
I ideas on how to fix this? Note: The system seems to be working fine, but I want my log files as clean as possible.
Thanks. shirley , ya,
any variation of a site url is going to have its own set of application and session variables.. soy you have to be consistant with your navigation links
example (for anyone that comes across this thread)
http://www.examplesite.com/somepage.asp
is going to have a different set of application and session variables then
http://examplesite.com/somepage.asp
even though they are basically the same page , gotcha...thanks. , Awesome -thanks - I'll give it a try , Thank you for the response to my question. In the mean time if I can figure any workaround I will post it here. , The redirection at 1st login feature is supposed to work like I explain in this thread.
http://support.cjwsoft.com/code/moreinfo385-1.htm
Though what you just said is a bit confusing it sounds like you have some sort of browser problem and it is doing the redirect every single time. ?
I would suggest reseting all your browser settings to normal and making sure cookies are enabled because forms based authentication uses session variables and cookies must be enabled for session variables to work correctly. If not something like this could happen as the redirection at 1st login would happen over and over every time.
So try it on other computers and try with firefox as well as IE. Many people go nuts with their browser settings and way too much stuff blocked which can cuse all sorts of issues. Also some script blocking and firewall software can cause problems so disable all of that when testing.
You may also have created some sort of endless loop. (I really need to know way more information on what you did to know that for sure)
You may also want to consider doing your redirects manually meaning you protect a a page and right after the protection you use regular ASP redirect statements to redirect the user whevever you like based on their session info which is available to easily check immediatly after someone gets through the authentication.
I still stand behind my statements that redirection is not good site design. You really really need to understand and plan your ASP pages as well as have a very good understanding of the session and how all of that works if you use redirection with a password authentication scenario. You should never be redirecting someone to an ".htm" pages except during testing because you wont be able to stop users who are not supposed to go there from going there directly. , Hello,
I have ASPprotect 7 installed on my remote server. I am able to go to the examples/default.asp page and login in without any difficulties. If I copy the code from that page and paste it in a new page called the same thing but in a different folder, I get this error; (Keep in mind that this is essentially the same exact page in a different location of the website)
Error Type:
Active Server Pages, ASP 0126 (0x80004005)
The include file '../../check_user_inc.asp' was not found.
/aspprotect/Pages/default.asp, line 3
I get the same error if I paste the "protection code" I have generated into the top of a current (.asp) page in my site.
Basically, the only pages that work are the ones that came with the program as examples. Thats great, but now I need to make it work for my pages. Any thoughts?
, Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..
Same thing happens... certain passwords just do not work.
So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.
Here is an example.. see the screenshot below.
Username "admin" password "petepetepete"
The top query done in Enterprise Manager is valid and shows the user.
The bottom query is also valid but it does not show the user.
And that is exactly what is happening from the ASP codes point of view.
Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.
It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.
I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.
One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.
It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.
Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.
Your call..
, I am testing this now and there is something wrong.
PayPal is hitting the ipn.asp but the database is not being updated.
I will figure it out shortly though and post the anwer here. , I am getting closer.
This error actually does not have anything to do with the forgotten password feature or your database.
It has to do with the settings you chose for emailing.
it relates to aspmail and it not liking the remotehost you used, or something like that.... etc etc , ASPProtect version 6 does not officially support any sort of redirection or is it a feature.
You can however do redirection after login with some basic ASP if-else statements and ASP redirects. Basically you check the session variables after successful login and send users where based on that info. You of course also need to protect any pages you send users to and make sure any people that aren't supposed to go there do not go there directly and bypass your security.
I highly frown on Redirecting during login (In my opinion it is poor site design and it defeats the purpose of dynamic web pages, there is seldom a good reason to even need to do it if you design your site well) but you can check out this thread which should give you lots of good information.
http://support.cjwsoft.com/code/code_info.asp?TID=17&KW= redirect, The only other thing I can think of if you are not getting any errors.
Is that you may have the path to the server include file correct but ASP server side code is not executing in that part of your web site.
You can do a simple test to tell if it is...
Make a simple ".asp" page in the same folder.
Put only this code in it.
<% Response.Write ("ASP is executing") %>
then run the page via the web browser thru the server..
If the text prints out ASP is running... if you don't see anything it is not cwilliams38229.5820486111, Is there a limit to how many access levels the program has? We were thinking of having a different access level for each client that logs on our site so we can customize their web experience. We see 6 in one place of the program, 8 in another, but is there any reason why we couldn't make 100 more?
Thanks again for the help! , Ok, for starters what is the real error ? Please read this.
http://support.cjwsoft.com/code/moreinfo11-1.htm
2nd I always recommend using CDOSYS before any other email component. All servers have it running by default and ASPProtect supports some a html editor if you use that component. I would give that a try as well. It's the best emailing option.
, I am trying to import a database into my list of registered
users. When I go the import_export_manager.asp page most of the
content is missing. All that appears is the first 2 lines of text
and a box. The rest of the page is blank. I have tried this
under 5 different browsers on 3 different machines and on 2 operating
systems. I also ftp'd the original .asp file with no success. Any
clues?
, yes, How can I have fixed size height and width image without distortion. Is there a component that I can use or how can I change the existing code.
yes, unless its ratio matches
how could it not be ?
Please keep questions like this in the forums... thx.
there is no need for this to be a private message
-- Previous Private Message --
Sent by : eeye
Sent : April/29/2005 at 2:19pm
If I choose fixed width and height is the thumbnail image going to be distorted?
-- Previous Private Message --
Sent by : cwilliams
Sent : April/29/2005 at 1:17pm
that is not possible unless you rewrite the code.
You onlyahve the two options we give in the config file for thumbnails
fixed width and height all the time
or
fixed width / dynamic height
-- Previous Private Message --
Sent by : eeye
Sent : April/29/2005 at 1:07pm
Hi William
One more questions for you. is there a way to make sure that all the thumbnails are the same size without distorting the images (in the thumbnails). Or if a picture's height is bigger than its width is there to create the thumbnail such that the height of the orginal becomes the width of the thumbnails and vice versa.
Basically I just want the thumbnail pictures to be in a perfect row with all the picture heights the same and all the pic width the same.
Thanks
Sean , 1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., Well, you cant have a login box on the home page when using ASPProtect.NET.. there is no way to make that work. I tried all day to come up with something and it is not going to happen. I suggest you make a login button and link it directly to the protected page you want them to start on. The redirect or link them whereever from there. Either that or write your own forms based authentication solution that works exactly the way you want it to or edit the code accordingly since you have the source. It is not a feature we advertise for the product regardless. It works the way it works. , SQL Server Datareader Datawriter Permissions..
here is a screenshot that shows how to set datareader and datawriter permissions on an aspbanner database using "SQL Enterprise Manager"
In this example we are making sure the aspbanneruser has those permissions on the aspbanner table in the database
cwilliams38325.8002893519, You can't do that. ASPProtect 7 does not work with ASP.NET.
It is a classic ASP application. As the web site states it can only be used to protect ".asp" pages written using vbscript.
ASP and ASP.net are completely different animals.
Thats why we have a .NET version.
http://www.aspprotect.com/more_info_net.asp
, Sorry you feel that way, not my intention. I'm not threatening anything. I was very happy you responded when did so there no reason for any bad feelings. I like your product as I said before and have no problems with it. Sorry again, that was not my intention. Merry Christmas… , Hi Chris,
We installed our key onto the live server.
However, since our temp key has expired, we can't access our application on our development machine because the login won't work anywhere except on the live server.
Of course we can access the application on dev, if we remove the aspprotect tags, but if we need to log in to do something unique to the user, then we have a problem.
Can we get another temp key from you? And would there be a better long term solution to this debug/maintanence issue?
--JP , sorry for delay responding,
I got bombarded with support inquiries while I was gone and I missed this one since I been home.
Does the server_info.asp page I provide say that aspupload is indeed installed. Let's start there. , this error really does not mean anything specific
Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard"
If you get an error its real weird that the file is being uploaded.
Generally if you get an error during upload it is because of one of these 3 things
Invalid physical path specified
Unsupported upload method chosen
Permissions
See my article on XP and permissions
http://www.powerasp.com/content/new/windows_xp_pro_and_permi ssions.asp
many people dont do their permissions right on XP Pro and that article covers everything , Please Note : Users with the option pack a new feature called groups that is much more powerful than access levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default and also info on an alternate scenario we have provided.
In the "check_user_inc.asp" that comes in the root of this system Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
The "check_user_inc.asp" included in the "extras" directory is an example of changing the access level checking code
to work differently. In that "check_user_inc.asp" Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 2
Level 3 has Access to - Level 3
Level 4 has Access to - Level 4
Level 5 has Access to - Level 5
Level 6 has Access to - Level 6
Level 7 has Access to - Level 7
Level 8 has Access to - Level 8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
If you get creative you can create some interesting access level checking scenarios.
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive. cwilliams38114.6506712963, I downloaded v7 3/7/2005
I entered a password that was supposed to be all caps with only first letter caps.
it is odd, if I go to other user and enter wrong password that does not come up. it apprpriately goes to a screen that says Access Denied.
thx ,
Timecard Entry: 3/25/2006 4:22:13 PM
print soon to expire, open incidents, prepare money for Clayton, Timberview - Trail conditions admin, Went over budgets and emailed worksheets to managers for review, technical support supervisor. emonitor, radlog, dial up issues, ask us a questions, incoming calls, emails, took mostly incoming calls ... helped techs as needed ..covered incoming calls and tech issues , Lunch, lunch, Gisco - 3 additional payroll runs, Review possible trademark issue with 1000ISLANDS.NET, Conference call w/ Jim Gilbert and Netsurfer re: DSL products., dialup issue, Cancellations, check voice mail/email-
give changes to rob for bridge authorty
go over info from web sites
ftp access for creg systems
enter info from last two weeks info ti database
, working on channel partners page, logins / new user / billing, cphospital.org staff administrator complete, Helped Kelly compile database for Saratoga mailer and set up meetings for Dave, Steve and I are going over my MBO's for SOftMLS2 and deciding the priority of which we need to start working on certain things., Press release and distribution of Info for The users group, steady, Meeting with Baldwinsville Chamber, Packup, Voice-Mail, lookup up due date for Don's home line., taking sign ups, quality checked sign ups, callbacks from voicemail. checked emails, incident report, cc reports, answering phone, , same as above, General, worked with Gary on a small problem., Cortland: getting set up with FTP account for realtor.com. Several emails., Trouble shoot workstation logon problems, Reading with Ed on how to properly ground our antenna on top of the Herald Building. Also went over some ideas about how to ground it and which route we are going to take, Telernet / Watertown Daily Times DSL in Lowville research., phones, radlog, dial up issues, email, ask us a question., Called users back on voice mail, and RAD. ,
|
