Blog Entry: 3/25/2006 4:50:02 PM
Hi Chris:
Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?
I'm not quite sure what the syntax would be in the URL.
Warren , Are you aware ASP can run on any machine running win95/95,2000,xp pro, 2003. You really should test all asp code locally before running it on live servers but anyway... that is your deal
I am not sure if memory alone will be enough for that server but it could help. I saw a decent amount of free memory when I looked. Its just about an 8-10 year old system on every aspect (processer,OS,Hard drives, memory etc etc) and not only that something is tasking the heck out of the resources left over for asp database access. Something is just wrong. I don't know what it is but I am pretty sure it is not aspprotect. I got rid of my last nt 4 server about 4-5 years ago but the application always ran great on NT and I still have some customers using NT 4. Not many though.
if you email me the import file and the encryption keys you are using I will make a database for you.. just zip it up and send it to chris-cjwsoft.com
replace - with @ ,
Hi Chris,
I tried changing using Notepad in the config_inc.asp
from:
If Application("SERVER_SOFTWARE") = "" Then
Application("SERVER_SOFTWARE") = Request.ServerVariables("SERVER_SOFTWARE")
End If
To
Application("SERVER_SOFTWARE") = "iis/6"
and the albums still do not show up under the categories 
Rhona (rookie)
, and did you response.write that session value to see if it holds anything to ensure it is being set , Hello-
I'd like to set up the system to redirect to a landing page (say home1) after the user logs in.
I have looked at all the documentation and can't find something that explains how to do this. I am thinking that I can set up a log in as the default in my root directory that will have a form with an action=check_user_inc.asp. I have looked at the code there but cannot find a place where I would place a redirect to home1.
Help please
Thanks , No luck...this is the message
Return To Import / Export Screen.
Active Server Pages error 'ASP 0113'
Script timed out
/members/aspprotect/password_admin/upload_post.asp
The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeout or by changing the value in the IIS administration tools. , I have tried everything to get your CJWSoft code working..I purchased the auto listings software and I am stumped, and actually you stumped my hosting provider, my database is stored in the database directory on the root.
I have even tried your ASPtest and still cannot connect. My have connected other databases without an issue on this same host, I have named a DNS Auto for my database and ponted to that in my code but get the following error you see at http://www.burkesauto.com and even when i try you test script found here at http://www.burkesauto.com/asptest.asp . cwilliams38145.8522800926, This post unfortutely needs to be here because this application has been the biggest pain in the neck for me you could possibly imagine. This is not because of problems with the application, but because of people's general lack of knowlegde regarding ASP.NET. This post totally voices my stance on what sort of knowledge you need to have and also the fact that I am not going to support anything but general installation on a correctly and professionaly set up live server.
ASPProtect.NET is a great application but using ASP.NET requires a lot more basic knowledge than using classic ASP and there are a lot of basic low level ASP.NET things that need to be set up correctly for an application like ASPProtect.NET to run. These are things I do not cover because you should know the ASP.NET basics when using an application as complex as this. It's just that I don't have time to nor should I have to teach people the basics of ASP.NET. I don't charge nearly enough for ASPProtect.NET to offer that kind of support.
So, I will say it one more time. ASPProtect.NET is targeted towards experienced Visual Studio.NET developers that know how to work with Code Behind VB.NET and are familiar with basic ASP concepts such as IIS application settings, the .NET framework, the aspnet_client folder, and the basics of the web.config file. If you are using ASP.NET for whatever reason you need to know about these things. The best way is to get some good books and do set up ASP.NET on a local development machine so you can start learning.
If you are one of the ASP.NET challenged let me say this as well.
Stick with Classic ASP. ASP.NET is a step in the wrong direction for the average user which I like to refer to as "Joe Coder". Classic ASP is very powerful and easy to pick up. ASP.NET is not easy to pick up and never will be for a lot of people. In my opinion it’s actually the wrong technology to use for anyone other than big corporations who need extreme scalability in their applications or for the hobbyist or object oriented programmer who just wants to use the latest and greatest. Ask yourself if you really want to deal with compiling Code Behind code each time you make changes to your web site as opposed to just editing some files in notepad real quick like you can do with classic ASP ? Do you have the money to purchase and use Visual Studio.NET or are you going to struggle with compiling all your ASP.NET pages using a command line compiler and a batch file ? Yes, you can build ASP.NET code that isn't code behind but why even bother if that is the case because your missing the point of ASP.NET if you do that and missing out on a lot of powerful new features and concepts.
When I do custom projects for bigger clients I usually end up using ASP.NET because they want to go that way and understand the time and money involved. When I do any of my own projects I use Classic ASP because the truth is you can still make some rockin busy scalable web sites with Classic ASP just like you can still make great web sites with CGI, PP, Cold Fusion.. etc etc. Look around the web because a lot of the biggest sites out there still use those scripting technologies and their stuff runs very well. ASP.NET is a lot of hype and although some things about it are plain awesome it is an environment best suited for real object oriented programmers, not the weekend code warriors.
The other thing to keep in mind about classic ASP is the shear abundance of applications and scripts available for it. ASP.NET can be expensive for that reason alone as there still is a shortage of good time tested applications out there and what is out there is always priced a lot higher.
In addition to that half of the ASP.NET applications out there are just half baked poorly converted versions of their Classic ASP counterparts. Is that the kind of thing you want to sink twice the money into or would you rather have something that runs well and has been tweaked year after year into a rock solid product?
To make things worse a lot of the hosting companies out there offering ASP.NET hosting are severely limiting the basic abilities of ASP.NET because of various security concerns. This means if you go with a Host that does that 75% of the asp.net stuff out there won't run on the hosted server. Isn't that wonderful ?
Now, Let's make things even worse. So far every time Microsoft has released a new version of ASP.NET a lot of things from the previous version have stopped working and needed to be modified to work correctly. Is that really something you will have the time, resources, and energy to deal with.
You may ask "but is classic ASP going to be around 5 years from now?" Though you never really know until the new version of windows server ships I say "Hell Yes" it will be. According to my sources at Port80 Software who work very closely with the folks at Microsoft (as well as many other sources out there) it will almost certainly be in Longhorn which is the next version of Windows Server. Longhorn probably won't come out until 2007 and will be popular for 3-4 years after that. The version of windows server after that will most likely support Classic ASP as well and if it doesn't I am sure there will be a way to make ASP run on it. If you really look around a lot of hosting companies are still running Windows Server 2000 which is 5 years old at the moment. The bottom line is Classic ASP helped put Microsoft web technologies on the map. Microsoft can not simply drop it because if they do they give up a dominate market share to the scripting competition being PHP, CGI, Cold Fusion.. etc etc PHP for instance a huge installed base on many platforms which are essentially free. ASP.NET can not compete with that in any way and not supporting Classic ASP would put microsoft in a bad position.
Take it from me. If you are a weekend code warrior/script kiddie. You'll be a lot happier sticking with classic ASP. You will also have save a lot of money and you can still have great web sites. There are tons of great applications out there in ASP and ASP still is and always will be the easiest scripting language to work with and learn. Better yet look around on sites like www.4guysfromrolla.com and see if you actually understand any of the latest articles. If it looks like Greek to you that is yet another sign that you should stick to classic ASP.
Personally, I will be focusing just as much time and effort on ASP.NET as I will on Classic ASP in the years to come for a few reasons.
- Because I sell software I obviously need to convert/re-write most of my appIications to work with ASP.NET. My living may eventually depend on it.
- Because I love using the latest technologies I want to continue to develop using ASP.NET.
- Because I do many custom projects for various clients using ASP.NET is a must.
- Because in some cases using ASP.NET over classic ASP makes total sense.
Just don't fall for the HYPE folks. I am one of the few established developers out there that has a set of Balls and is willing to put the truth out there and see past the bullsh*t. If you go ASP.NET do it because you seriosuly think you need the power and scalabilty and money and time is not an issue or because you are a hobbiest and object oriented programmer who likes working with and has time to work with the latest and greatest web scripting technolgies out there. I truly believe that so far ASP.NET is as much a success as it is a failure. I am sure some of you out there know what I mean by that.
All this being said you should also realize that ASPProtect.NET is a little different than your average ASP.NET application because it uses a lot of advanced ASP.NET techniques and you essentially use it to password protect your existing scripts meaning you need to integrate your stuff with our stuff in a sense. If you just go buy some random ASP.NET application like a classifieds system or storefront it is probably just going to run on it's own an therefore will be a lot easier to set up and deal with.
Here are some links you folks should read as well.
http://rtfm.atrax.co.uk/infinitemonkeys/articles/asp/905.asp
http://www.itnewsgroups.net/group/microsoft.public.inetserve r.asp.general/topic2074.aspx
http://support.microsoft.com/default.aspx?scid=fh;%5Bln%5D;L ifeWin
Chris Willians
http://www.cjwsoft.com/about.asp , Just an update,,,
the permission were all correct.... i left it and tried from my pc at work and it works fine... so i dont know what hahhpened.... thansk for your quick response
regards
Domenic
Sydney, Australia , This server is sitting in my den on a DSL circuit, so I don't have a hosting company. The install for Windows 2000 server is with default settings for all components installed.
I am not sure what you are referring to when you say:
"Does emailing work under the simplest scenario ? (directly from the users screen"
What user screen?
What settings are you referring to that I may have chosen? , Hi,
Ok, well... you have a lot of stuff going on there.
More importantly than that.. you cant even log into the admin area using the admin account. There is something majorly wrong with the installation.
I also notice you havent even saved any path settings in the settings page of the admin area. I am looking that over now and filling in the missing info. That information needs to be populated. , Hi,
Its just not enough information to go on. I need more details on what is going on. There are a lot of configuration settings in these applications. I really do not know what to make of that screen shot.
My 1st guess is that if you cannot delete a picture that the picture folder does not have delete permissions ??
I also need to mention that I am not sure what this has to do with ASPImage ? , If you are using an ACCESS Database try to avoid using a system DSN. They are much slower because they go through ODBC which then uses the Jet Drivers to access the database. They also have to do a registry lookup.
ttp://www.4guysfromrolla.com/webtech/070399-1.shtml
http://www.powerasp.com/content/database/dsn_vs_dnsless.asp
It's funny because in the 4guys article they ask the question..
"Hmmmm... so who was right, Microsoft or Wrox?"
I'll tell you who was right and who said it 1st. It was me and I said it on my old powerasp.com site before anyone else ever did.
I found it out on my own by experimenting when I was the Systems Analyst for an large ISP. We we had web servers that were not running well. I didn't read about this solution anywhere because no one was talking about it at the time. Microsoft said use System DSN's so everyone just took their word for it.
I took a lot of heat for saying that back in the day but over time everyone started saying it.
, All fixed... I changed the remote server from localhost.omegaphibeta.net or whatever it said there to localhost
I sent a test email to myself and got it no problem
the error you were getting was email component related , Right, I've done that. My concern is that it will time out again while I'm trying to import the file.
The import/export manager does not show up under the users tab when I log in normally. I have to pull up the page in frontpage and then preview it a browser to get it to show. , I just installed the software, but I can't find any place where I can see when users logged in, can someone please tell me where I can do this?
Thanks , Good Morning, any suggestions on how to best "fake out the system" -- I would like to try to keep this clean so I can see the real errors?
My thought was to try to just move those .gif files to the directory that it thinks it should be in -- do you have any better suggestions? Or reasons why I really wouldnt want to do that? , I did try to redit the banner and the old link was there, not the new one. In addition I tried to ad a new banner to an account but it too was not saved.
Since I can see the banners from the aspbanner solution, does that not tell me that the solution is properly connected to the database? The only thing is the solution only appears to be able to read the data and not write or delete it.
The settings for the directory are read write execute and delete so I am not sure what I need to do to get it working again
, Hello,
Sorry
No, there is not.
not the way the code ships.. The program keeps tracks of everything by the way it ranames files. The system has been tested to work well with as many as 10,000 images files. Any more than that and you need something a little more serious meant for that amount of images.
You could certainly modify it do work that way if you are good with source code. There are actually as many drawbacks as doing doing it that way as there are advantages.
Take Care
, I am not sure. I can tell you that I run windows 2003 server and I have never had any issues setting permissions for ASP.NET files and folders. This very server is 2003 and the ASPProtect.NET demo runs on this server as well.
Course, I can't say that I have specifically tried to remove ASP.NET READ permissions on the database folder as it's just not something I would not have a reason to do. Why are you trying to do that? The ASP.NET account needs that permission. If you are trying to stop file browsing and downloading in that folder that is not how you do that. The best way to do that is by keeping the database somewhere else on the server that is not part of the http web. , pretty clever...
If anyone is interested in what the Mod function actually does this article explains it nicely. They even use it for the same purpose in the examples.
http://www.asp101.com/articles/steven/mod/default.asp cwilliams38210.6791898148, OK, thanks.
Nick , Hi Chris,
Our company has a big dilemma on how to manage the database for accounts that are expiring/expired.
We saw the function to email a batch of users who are expiring soon but this doesn't help us to complete the renewal process.
Once the email is sent, what happens afterwards? how can we setup the system so that we can renew their expiry dates or accounts without too much hassle?
The system currently doesn't have any renewal functions or to allow batch changes on multiple accounts at the same time so we have to manually edit one account at a time. This is extremely tedious if we have over 1000 accounts to manage (and we will).
If you have anything to suggest on all this I would appreciate it :)
Thanks alot
Sylvain , It's not working because i guess im copying the viewstate also...and it comes up
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. , Making progress. I have made the appropriate settings and now I have the option to upload. When I upload, I get the following message:
"Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.
Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard"
I am using IE6 XP SP2. I also am using DUNDAS UPLOAD, ASPIMAGE.
I think I set permissions correctly bot not positive. I have given all auth to everyone for the database etc. , Your probably talking about "Session.Timeout" which is a feature of the IIS webserver. Please do a google search on it for more information.
In the meatime if you look at the top of the "check_user_inc.asp" file you should see a section like this where you can try to change the value.
' Minutes you want before the session times out.
' This is set on the server to be default to 15 or 20 minutes depending on the server version
' You can change it there or override it here.
Session.Timeout = 30
Specifying it like that is supposed to overwrite the value for your web in the IIS console which is usualy 20 minutes.
, The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.
Download Documentation
You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.
Please continue to check the support forum threads for the most up to date documentation.
IMPORTANT
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then choose unblock down in the lower right corner ...then you can open and view the file correctly , I dont know about your error on line 6 when uploading..
as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.
I really need more information and possibly acess to the system to do some troubleshooting...
This is anot a feature anyone has ever had an issue like this with. , One of my users is looking to do mass updates (multiple records). He wants to be able to update the "Expiration Date" for a group of users who work for the same company. , 1st: try it with a normal dsn-less connection like we show in the example.. dont use that OLEDB.4.0 connection string.. connecting like that can cause a lot of problems and is not as great as everyone thinks it is and it can sometimes be difficult to get it working when the database has a password set on it
For the sake of troubleshooting just connect like so: (fixing the path of course)
ConnectionString = "DBQ=C:\Inetpub\wwwroot\aspprotect\data\database\ASPProtect_ access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
ASPProtect will generate the actual connection string you should use when you run this page
http://www.mysite.com/data/setup_info.asp
Replacing the part in blue with your website info.
2nd: any IIS server setup to have the access database over the network path like that has a poor setup... and that can cause all sorts of problems as well, access is not designed to run over the network like that.. for more on that read this thread - Start 5 posts down
http://support.cjwsoft.com/code/code_info.asp?TID=479&KW =OLEDB%2E4%2E0
3rd: If the app does not run using the connection string like I say to use then the problem is 100% on their end and is either related to permissions or the fact they are keeping the access database on a network path which is BAD BAD BAD... no quality host that knew what they are doing would set it up that way.. ultimately you don't want to host asp with a place that has a setup like that
4th: If you want to try some other stuff out we have a free guestbook, asptest, and a free version of aspbanner you can try out as well... www.cjwsoft.com
5th: If you need a quality asp host that knows what they are doing and offers great asp support www.alentus.com is the place
6th: Your right, it is not the code, its the data connection , MODS are NOT SUPPORTED.. questions about them will not be answered in the support forums. If you want to use a MOD you are considered an advanced user and will need to sort out any issues that may or may not come up.
MODS are used at your own risk and may or may not require certain basic coding skills. , Has anyone used the aspmail function to send and recieve emails from within your forms? If so what string did you use in the aspmail_host field in the connections database.
thank you
adam , Alright...I'll try those out. Also, if I do the data import on my laptop initially and just publish it to the server do you think that will help?, (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , Is it possible to set the user account time limits when they register? I am using email verification and am trying to have their accout expire 32 days after their initial login.
Also I have an issue with the email notification not notifying me when a new user logs in. It does a beautiful job notifying the new user. I do not understand why my server will send to one and not the other, I ahve searched the links but none seem to answer this.
Thank you for your help and insight , Humm..
I have no idea where links to hose graphics are being called.
I checked the source of edt_banner.asp and I see no calls to any images named like that
I didnt see any calls in the header and footer files either...
, its no different than linking to an image or another page. you have to adjust the path to the include file based on what directory you are in.. or you get an error
This is noted in the admin area on the code generator page which also gives you 2 examples of ways of calling the server side include. (Virtual or File include)
These threads below are also full of info. I found them by doing a quick search and they should help you out as well.
http://support.cjwsoft.com/code/code_info.asp?TID=349&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=303&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=236&KW =The+include+file , This may be an old question ??? If it is please point me to the post or documentation where I can find the answer please.
When creating protected pages I am using the following to protect them:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="/aspprotect/check_user_inc.asp"-->
But that is not working. I get the following error when I try to access the members logon page in the directory that I wish to add the pages to:
Active Server Pages error 'ASP 0130'
Invalid File attribute
/filelocation/filename.asp, line 3
File attribute '/aspprotect/check_user_inc.asp' cannot start with forward slash or back slash.
However if I create the pages in the root of the AspProtect directory and use a link to the same page that exists in the AspProtect directory and the following include:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
The pages work fine.
I really do not want to put all of my protected pages in the root of the AspProtect directory.
I would like to mix protected and unprotected pages throughout the site in order to #1 make it easier to administer. #2 keep the AspProtect directory solely for authentication. And, #3 keep any user authentication pages out of the AspProtect directory.
TIA
, you can whatever you like but like I said those gif files are already in the correct place. The log parser is messing up. ,
Hello,
I want to create a user for my manager. This user should be able to see
all statistics (Reports) and all (Banners). But, he should not be able
to edit anything.
How can I create the type of user described above?
Best regards,
Mohammad Al-Mohsin
,
Timecard Entry: 3/25/2006 4:50:03 PM
E-Mail, Voice-Mail, Setup, Few calls regarding accounts is all....very slow! Surfed the net and chatted with some friends while studing mags I brought in. , answered tech related calls. checked and called on rad log, dial-up issues, and ask a question emails., Travel from WDT to Clayton., Admin for java ticker component., fairly slow, installing ncftpd on new linux box for Howard and setting up SSH 2.0, finish billing reconciliation, Amy - Fixing errors found in NextCom and ChrisCross webs., teched calls and radlog , Putting E911 Packets together in a binder & began reading, did tech support radlogs and expiring users as well did a emergency house call for a user per Ron, read and sent emails, Power FSBO, and cross reference web billing, got busy again... calmed down once or twice, but stayed moderately busy. Some long calls tonight., install Visio chart tool: create Process flow charts for meeting with GiSCO, phones very busy , Read/wrote email,, ALLIED COOPERATIVES CONTINUED INTITAL DESIGN, lunch, fix nnyads website, Provisioning, Getting info and WO# for Channel 7 project (banner ad and upload component admins), Vermont Internet public site design work, team meeting, SenatorJimWright.Com - Transfering content from original site into upload manager database. Publishing to server, testing, good to go., Gather data for MS Tech Support, changed channel partner spread sheet to include distributors and id's for cp's and distr's. emailed to marketing dpt. , did some rad logs and answered phones,
|
