Blog Entry: 3/25/2006 4:31:28 PM
Yes, as long as each installation is in in it's own web site.
(or at least in it's own application in IIS)
Meaning you could have 5 directories in your site each with the app installed as long as each directory got set as an application in IIS.
Remember, a license must purchased for each running install except for development reasons on local machines. cwilliams38400.5162384259, For all you advanced users..
Here are two examples of ASP.NET code you can use on your ".aspx" pages to call banners from the ASP 3.0 version of ASPBaner Unlimited V8
This code is not supported... and you of course must change things accordingly like the variable names and zone numbers to match the zone you want to call banners from as well as the url.
2004-08-27_153832_asp.net_examples.zip
cwilliams38226.6523263889,
I have a quick question...when a user signs up I have a drop down menu for Company name and they have a choice of branch selections. Everything works fine but when the info is saved in the database there is some sort of conversion to lower-case...?
Original drop list selection:
Winston Salem, NC - (XXX/XXX) - original
In the database (access), some letters are lowercased now...why? anything to do with the period, , or - ?
Winston Salem, Nc - (xxx/xxx) - what is saved
, sorry.. you just said above you were using XP SP2 so that is the article I referred you to as I just assumed you were talking about your local web server
here is my article on permissions regarding server 2003
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp
I can look at your installation monday if you like. In about an hour I leave for a wedding thingie and I wont be around again untill monday around noon
Try the uploading using VBSCRIPT method just for the heck of it. Perhaps there is an issue with the installation of the dundas component.
CJW
, Thought this would be easy. A few more pointers should get the database connection to work:
1) How do you decide whether it is a DSN (system datasource) or not? Does just putting the file in the ODBC make it so?
2)We have other files in there for other server applications, does that mean we’re stuck using DSN’s or is the file independent of that control dialog?
3) Assuming we get rid of using DSN for this database (or not), does the code go referenced in your article http://www.powerasp.com/content/hintstips/permissions.asp apply here or should it just work?
What else are we missing? , Thanks for that. The upload size is just as effective and possibly a better solution to maintain server space.
What about individual gallery permissions. So only 1 member can post in only 1 gallery. I have a forum of 500 plus members so if they want to add a gallery than setting a permission would be idea for each gallery. , Here is the complete page with the error message:
============================================================ ===
Unspecified error
This means there is most likely a problem with the "ConnectionString" info that you specified.
If you are using a DSN-Less Connection with MSACCESS.
Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.
ConnectionString = "DBQ=C:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"
If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.
If you are using a System DSN
It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.
============================================================ ===
I am the only one on the site since I just transferred the files and in the testing phase. It is using an MSAccess DB
, You are right, there are NO entries in the "PayPal_Subscriber_ID" field at all. Any way of fixing this? , ok, how about some more in fo on the setup ?
What version of MSSQl ?
Exactly how did you create the sql database ?
Is it possible banners.asp got edited ?
Did you create all your banners via the admin interface and do all all banners have a zone assigned as that is important ? Sometimes customers will add banner info directly to the database and leave out vital field info that the application requires. Based on that error it is starting to look like that page is coming across a banner with no zone ID and thus the error. , Oh, I just remembered something..
It's been a while since I did this... :)
Nevermind what I said above as that is a different sort of "debug"
When you want to debug like your talking about find this section in the "web.config"
<compilation defaultLanguage="vb" debug="false" />
change it to this
<compilation defaultLanguage="vb" debug="true" />
When you run the code in a production environment change it back though
More Info
http://support.microsoft.com/default.aspx?scid=kb;EN-US;3061 56
, I've got an ecommerce module that's running on it that uses access for the db. Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.
So as far as importing on a faster machine and copying it over to the server...what suggestions do you have? , Editing the look of the login page.
In this version editing the look of the login page is very easy.
You can make this login page look exactly like you web site if you like.
You want to edit the "scripts/login_form_inc.asp" file.
It can be edited with any editor as long as the existing bits of server side code in it and the login form remain in tact.
The best thing to do is back it up before you start editing it.
Then if you goof it up you can revert back to the original.
If you edit this page with FrontPage enable the "show all" feature.
Its the little PIE sign in your icons. It will show the server side code as yellow things on the screen so you know where they are and can be careful not to delete them.
see screenshot
 cwilliams38448.8132638889, Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO , ConnectionString = "DBQ=C:\TradersReportsCom\aspprotect\data\database\ASPProtec t_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
I have already set the folder permissions as indicated in the documentation. , I would say that it isn't all that difficult using mySQL for the backend....the main thing is to make sure you set the primary keys for auto-incrementing in your database. Alos need to make sure that any DELETE SQL statements are formatted like this
DELETE FROM tblName WHERE tblField=SomeValue
and not
DELETE * FROM tblName WHERE tblField=SomeValue
The same holds true for using MSSQL , Password Retrieval System
I'm trying to setup the email functionality and have the following settings:
Email_Component : CDOSYS (Using Remote Server)
Mail Remote Server: the smtp server in my Outlook account
Use SMTP Authentication: Checked
SMTPUsername: the email address in my Outlook account
SMTPPassword: the password in my Outlook account
Email Notification: sales@tradersreports.com
But I get this when I send the request for via missing password info.
CDO.Message.1 error '80040213'
The transport failed to connect to the server.
/aspprotect/scripts/emailing_subs_inc.asp, line 174
This is running on Windows 2000 server.
Any ideas?
Warren , Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen a few times.
Basically the application variable system gets messed up because it was not shut down properlly.
The way to cure it are as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
, from the import page in the admin area.
The import/export file must be tab delimited with no text qualifiers. The 1st row containing field names and the following each being a new user. To create your own import file it must be in this exact format. To find out what field names and their order are simply create an export file using ASPProtect and take a look at it. You can also import that text file into MSACCESS. ,
Both
the NET and Classic ASP versions of this application are designed for
fine granularity protection of individual apsx extension files.
ASPProtect.NET is not designed or intended to protect sub directories,
or non aspx content such as Adobe Acrobat .pdf files etc etc.
I
completely disagree with your statement that “most sites” have a login
box on the left hand side of the page. I suspect you thinking of the
ever popular php based forums and “Nuke” type CMS systems which are set
up that way but if you look at any site written entirely using .NET
that’s rarely if ever the case. (Granted I cant say for sure because I
personally haven’t looked at >50% of the estimated 18 billion + web
pages on the internet) Just off the top of my head www.CafePress.com
come to mind as a pure .NET site. If you take a look the login button
it takes you to its own login page there is not global login form used
throughout the site. Reason being that .NET introduced this thing
called a “view state” which is used to store things like your session
ID (and way more) and must be posted back to the server in order to
keep track of visitors. This technology comes in especially handy when
you have a web farm in place and your content is being spit out out by
more than one server at the same time
I
can think of loads of scenarios where the web servers need to know who
you are even though you are never directly contacting them via http.
This approach is a very smooth and actually very clever solution for
enterprise level websites that simply can’t be handled with a single
web server.
On
a practical level I know what you are saying but that application sets
up all sorts of things when a protected page is accessed and the user
is not yet authenticated. That’s the entire reason you need to put that
snippet of code at the top of a page you want to protect. That code
snippet calls the ASPProtect.NET class and runs through all the logic
to see if you are able to access the page. If you are the subroutine
exits and the server continues to process the remaining logic on the
page. AKA you are able to access its content. If you are NOT
authenticated ASPProtect will setup all the proper session and
viewstate info and redirect you to the login page for authentication.
You may have also noticed a parameter on the login page called
ReturnURL. The application looks for that info and if you do have a
user ID and password the application automatically redirects you to the
page you were trying to access in the first place.
Really
I have no idea what you are trying to do, but there is a world of
difference in how something looks verses how it works. Lets just say
there was a simple way to do what your thinking, what are you going to
do with that login form after the person logs in? Just keep displaying
it on the entire site so people get confused and don’t know if they are
logged in or not? Just that little part of the equation will require
making some changes to either ASPProtect.NET or your application will
have to have some logic built into it to stop displaying the login
forum.
It
sounds to me like your basically looking for a super simple 101 type
deal that allows people to sign up for an event and you the admin can
see that information? I’m guessing they can also log in again and check
out their details and see what event they signed up for?
If
that’s the case you’re trying to take a very sophisticated protection
application and downgrade it into something that would be one heck of a
lot easier to write all from scratch in about an hour.
Your
not going to be able to “plug and play” a simple form into a page and
turn that application as a magic universal login solution for a
website, while its 100% possible to use the application that way if you
choose, you need to check out the source code and plan your custom
integration accordingly.
, When a logged in user with specific group rights tries to look at a
page that has different group membership requirements the Login screen
comes up giving them an opportunity to login with different rights to
view the page. If you log in again with your current user name
the same login screen returns with the added words something to the
effect of "Access Denied, you dont have group rights to this page...".
The only way to get back to the previous page is to hit the back button
on the browser (there is not a back button on the denied page).
I would really rather not even present the "login again" screen to a
user but just have a custom page that says "access denied" of my own
design with a back button on it. Is this an option provided for
in ASPProtect currently? I did not see it in the admin section
settings tab. Is there a separate "login again" asp file that is
being used for this
group access deny message that I could alter, or does it always have to
be the login asp file?
Or would this require me modifying the check_user_inc.asp file around
line 356 to change this behavior (I don't want to screw up any other
stuff though...).
Thanks!!
Oh, PS. just a quick check...it looks like if a user is an
"admin" he automatically gets to see all group pages regardless of
which set of group numbers are assigned in his user account...is that
right?
, Chris,
I've given the IUSR account modify access for the aspprotect folder.
In the ODBC manager module on the webserver I've taken out the aspprotect access driver option.
The dataconn_inc.asp line reads as
ConnectionString = "DBQ=D:\missourirealtor.org\members\aspprotect\data\database \ASPProtect_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
Now this should make it DNS-less correct? with the permissions set properly?
I've also taken out the password on the access database.
The original database of users I had was an access database from a different program called spooky login. I exported them into a tab delimited file and changed the column headings to match those in aspprotect exactly. Actually access would not let me import them in the databases without them being exact.
I imported that information directly using access's import options. I tried the import/export manager in aspprotect but kept timing out as well.
, As I already had directories in my web site root called 'images' and 'templates' I loaded the files into a sub directory called 'aspprotect' as suggested in the installation guide where it say 'either way it really doesn't matter'.
However, it does.
The scripts are often looking for a file which it can't find because the /aspprotect part of the path is missing. Example:
I can't find a way of editing all the scripts that need changing. I'm assuming it would be easier to change my site to avoid using subdirectories used by aspprotect and reinstalling from scratch straight into the root directory.
Anyone with any suggestions?
Many thanks
Ian , FYI. There is a typo in the upgrade (6.0 to 7.0) instructions. It specifies adding a field named "passwords". Should be "password"., I have just started to move my sites to a new dedicated Windows 2003 box. I have parent paths enabled, SSI turned on but I still can't get ../ to work with server side includes. Everything I read online says that I need to turn on parent paths but again, they are already turned on.
The hosting company where the server is located can't tell me anything, they just say that that is the way it is with Windows 2003. I don't buy it!
Can anyone tell me anything on this issue to help enable the ../ for serverside includes? , 1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another? I am asking because there is only one table in the DB, and it is the "Users" table. So I am presuming that there must be other databases that are linked to the DB. Is this correct?
2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software? I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of. , trust me, they (serverobjects) do not check processors.. as a matter of fact they haven't answered support emails for about 3 years. All they do is sell those components like hotcakes and take in mad crazy cash. But I will say the stuff does work well and always has. (that guy probably took all the money he made/makes from those components and took off to Jamaica or something sitting on the beach drinking margaritas)
regardless,
ASP just cant resize pictures on it's own.
It' just not possible. You need a 3rd Party component.
There isn't much to say about the ASP.NET thing.
If your server has ASP.NET installed (meaning you can run aspx pages on your server and the ASP.NET framework is installed) and running you just pick that option in the config file and ASP Photo Gallery will use ASP.NET to make dynamic thumbnails for you.
To run ASP.NET it must be a 2000 or 2003 server. , I have been using the AspHttp Component method for displaying my ads along with the google adsense code. However, in the last few days my site was taking too long to load, so I replaced the AspHttp component, with Javascript method. The site was back to speed. But now, the Google Adsense banners do not show up. Is there a solution for that? Can the Javascript show Adsense banners also? Because they do show the Flash banners., Okay, thanks, I'm going to change the method tonight and see if it makes a difference
I'll report back
Dave , Done!
I was able to put my experience was based on *40 months* of usage! I
think I bought a version way back in 2001, IIRC, so it's been a long,
happy trip with ASPProtect for me!
, it is not uncommon for folder permissions to be lost or changed on a server.. a lot of things can cause it
if it was working and now you can not edit or write new data to the database it is most likely permissions
I would triple check permissions... see my articles if there is any doubt on how permissions are set
http://support.cjwsoft.com/code/moreinfo136-1.htm
http://support.cjwsoft.com/code/moreinfo56-1.htm
, Hi Chris,
The hosting company has been doing some work apparently regarding the database connection issue. Still something is funky 
When I type in www.vickerylightning.com/aspgallery/default.asp I get the custom 404 error page and I noticed that it is trying to open the following:
http://www.vickerylightning.com/skins/default/settings.asp
Is that what it is supposed to do?
Thanks!
Rhona, the rookie
, Permissions and Folder Locations
By default and to keep things clean we store everything in folder called "data"
That folder then has it in 4 sub folders
database (where the .mdb and temporary .ldb files are handled)
export (where the aspprotect export files are saved)
logfiles (where the aspprotect logfiles are saved)
user_pics (where the user pictures are saved)
Doing it this way makes it very easy for a system administrator to right click on one folder and set permissions for that folder and all of it's child folders.
Now, that being said.. you do not have to use these folders.
For example if you already have a folder in your web with modify permissions for the anonymous webserver account then you can use that one folder to store all of the 4 things above.
You'd simply edit your data connection string to point to that folder and then edit the other paths in the settings area of ASPProtect.
We did it that way so you would have options in case your hosting company was being difficult with your ASP hosting needs. cwilliams38403.6837962963, Thanks very much for the quick reply.
That sets my mind at ease 
I was just worried if users would see warnings in their firewall software too.
I realize that the admin would have to have to go through some errors...
And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.
Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...
Thanks , Our login works great, variables even help determine menu options. When user logs on, however, it opens in a new page. Is there a setting somewhere that sets whether you can open in a new or existing page?
Also, when you log off , Access Database Password
By default all of the Access Databases we give out have a default password of "temp"
The Default username that and Access database uses is "Admin" but you should not be concerned with that except in your connection strings.
The default password for the Access Database can only be changed using Microsoft Access to do so. If you have security concerns it would make sense to change the password. The help system built into Microsoft Access best explains how to do that. cwilliams38403.6820833333, OK, well, that error is pretty self explanatory really. There isn't anything else it could mean.
What you showed me in that screen shot all looked correct, but still permissions to that file just can't be correct. The paths are correct. The path to the file looks correct. The ASPNET (ASP.NET) account looks correct.
I would try settings permissions directly on that XML file. Perhaps child permissions did not go through the way you intended. (the advanced tab must be used for that) If that doesn't work try giving ASPNET and Everyone full permissions on the file directly.
Possibly check the paths in the web.config file just for the heck of it.
Last case scenario, you can edit that XML file directly instead of using the screens in the application. Of course if that file does not have correct permission chances are other things like log files will give you issues as well.
That is all I can think of right now. , My client has a list of 13,000 members that
have already been assigned ID's and passwords with a
homegrown system.
When doing a bulk import, will we be able to retain the userid and password or will a new id be assigned during the bulk load?
Thanks in advance for your help.
, When a user 1st signs up a proper case function is run on certain fields.
This is only once on user signup and never done in the admin area.
It's goal is to keep things entered in Proper Case,
so if someone enters "chris williams" it becomes "Chris Williams"
It's not perfect but it helps a lot to keep the data clean and more consistent. Since it only happens during registration those values can be changed later by the admin or the user if someone wants to.
The function is only applied to the fields that it makes sense to apply it to....
In your case adding a drop down menu means you want exactly what is in your drop down to appear so you wouldn't want it happening.
That being said, it is really easy to remove this situation from any field it is happening to during registration.
So edit "users/add_new_account.asp" with a text editor
find
CmdAddUser.Fields("Company_Name") = PCase(Company_Name)
and change it to
CmdAddUser.Fields("Company_Name") = Company_Name
That is all that is needed to made the change cwilliams38421.5069328704, to finalize this thread.... turns out I was correct and this person was not unzipping the zip file correctly. , ok, I moved this thread..
The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.
The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)
That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing.
Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.
Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"
change
Password = CmdDataExport("Password")
to
Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)
Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.
,
Timecard Entry: 3/25/2006 4:31:28 PM
checked on modems, reviewed customer signups, cancels for nonpayment, printed invoices and readied them for mailing, readied money for clayton, answered phone-signups, cancels, acct changes., paid holiday, Went to Physical Therapy., Wans WANS Wans- WOrked on the Sithe quote revisons spoke to Jim and Seth- Wrote up new Quote for Jim crowley, spoke to Chapin Watermatics about wirelss and sent out the Quote, Spoke to Fisher Cast and sent out revised quote for a Point to Point T1 Line and DSL service, Called Whites for Follow up Appointment, called city of Watertown for Follow up - set up apppointment with Lisa for Brownville specialty paper, spoke to ED re: wireless LAN and WAN for Traditional living in Watertown, Sent update to SEACOMM about their Frame Relay, spoke to Darrel and Seth about the Customer follow up program, called customer for Amy at JCC re: VPN, sent out information on DSL to the River edge. Inspected training site for Wireless internet training program, answered phones not too busy tonight., printed, reviewed and mailed invoices; cancellations for nonpayment; answered phones, Answered phones, checked RadLog, Dial Up Issued and AUAQ and called users back in reference to each,, worked on downsizing graphic elements for faster loading, did more radlogs and callbacks as well took more tech calls died off at about 10:00pm.. pretty steady till then, Phone install in Harrisville, **BHCP (fixed price) - CR, Met w/ Kareta w/ St. Lawrence Radiology and Dr. Olsholfski. Completed all Paperwork and discussed plans, new pc bundle logo and refining layout for new brochure, The calls were sparse. Nothing in clumps, 70952-90977 trael back to clayton, Lunch, Printing Invoices, Incidents report, and soon to expire letters. Answer Billing quetions., Traveled to Sackets, quality checked sign ups, cancellations, reports, callbacks from voicemail, checked billing emails with Mary, taking sign ups, answering phone, , Called David Castrucci and did some emerald stuff, examining perl scripts for wwti samba upload scheme, implementing workorders...no wo no pay!, FairPoint Carrier Services Meeting, grabbed a database of web pages we host from Thousand Islands web page (internal, not sure if billable... that's up to Peggy), TIITC DB Admin, meet with roger, Went over schedule with Paul and made room reservations for he and Errol, fixing DANC ISDN static dialup......static IP was missing from radius file.....fixed it reset the modem....all is well., Elaine and I ordered Pizza. Ate what I could. Lunch was accually in the minute intervals when the phone wasn't ringing...,
| 
