469,927 Members | 1,799 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,927 developers. It's quick & easy.

HEAD and GET requests

Hello,
I have to write some asp pages that react to HEAD and GET requests.
The scenario is this: This is going to be a WAP site. When someone goes to
the main page, it is redirected to a payment server.
The payment server then issues a HEAD request for which the IIS Server has
to return some specific header fields. After this, the payment server takes
care of how the client pays, etc. When everything is fine, it issues a GET
request, for which the actual content must be returned.
According to the documentation that I have, this can be quite simply
achieved:

pay_main.asp
<%Response.AddHeader "Header1", "Value1"%>
....
<wml>
.... <!-- content -->
</wml>
This way for HEAD requests the server will send the appropriate header
information and for GET requests it will return the whole content.
Now what I want to do is set up a session variable that indicates if the
payment already took place. I could do this in VBScript after adding the
header fields to Response. But I don't know whether the server-side VBScript
(apart from the Response.AddHeader... statements) gets executed when the
server replies to HEAD requests, or only when it replies to GET requests.
If it does, then I'll have to find some way to somehow determine whether the
server is currently replying to a GET or a HEAD request (in the first case
the payment has already taken place). Is there any way to do this?
Jul 22 '05 #1
1 2049
What you want to do is very possible with ASP -- part of what it was
designed to do. Remember, ASP is just as powerful as PHP and ASP.Net -- what
distinguishes them is mainly available class libraries and design paradigm.
In terms of raw functionality, they are pretty much equivalent.

For example, it is ASP that popularized the notion of having server-side
script execute to generate the response, which itself can contain
client-side script. Of course, in the ASP file both client and server sid
script looks like the same script, hence some obvious confusion (unless you
follow a good design paradigm -- something ASP.Net later fixed).

So, for all practical purposes, you should consider the server-side script
executed to generate the response. It is ASP's job to figure out how to
handle GET/HEAD correctly. Consider the following ASP page:

<%
Response.AddHeader "Header1", "Value1"
Response.Write "Hello World"
Response.AddHeader "Header2", "Value 2"
%>
If ASP works the way you are hypothesizing, how would ASP be able to execute
statements sequentially, yet not send entity body but send both response
headers for a HEAD request?

Thus, you will need to use Request.ServerVariables("REQUEST_METHOD") to
distinguish between HEAD/GET.
FYI: Your payment/authorization model seems quite weird to me. Authorization
is purely based on a property of the request (i.e. GET vs. HEAD). There is
no verification on the WAP generation on IIS -- so why bother authorizing?

You are going to have to prove that your custom scheme is able to deal with
replay, spoofing, and man-in-the-middle security attacks if you ever plan to
charge for services -- and the responsibility is squarely on you since it is
your custom scheme.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Agoston Bejo" <gu***@freemail.hu> wrote in message
news:e6*************@TK2MSFTNGP15.phx.gbl...
Hello,
I have to write some asp pages that react to HEAD and GET requests.
The scenario is this: This is going to be a WAP site. When someone goes to
the main page, it is redirected to a payment server.
The payment server then issues a HEAD request for which the IIS Server has
to return some specific header fields. After this, the payment server takes
care of how the client pays, etc. When everything is fine, it issues a GET
request, for which the actual content must be returned.
According to the documentation that I have, this can be quite simply
achieved:

pay_main.asp
<%Response.AddHeader "Header1", "Value1"%>
....
<wml>
.... <!-- content -->
</wml>
This way for HEAD requests the server will send the appropriate header
information and for GET requests it will return the whole content.
Now what I want to do is set up a session variable that indicates if the
payment already took place. I could do this in VBScript after adding the
header fields to Response. But I don't know whether the server-side VBScript
(apart from the Response.AddHeader... statements) gets executed when the
server replies to HEAD requests, or only when it replies to GET requests.
If it does, then I'll have to find some way to somehow determine whether the
server is currently replying to a GET or a HEAD request (in the first case
the payment has already taken place). Is there any way to do this?

Jul 22 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Tony | last post: by
4 posts views Thread by rzimerman | last post: by
8 posts views Thread by Michael Schwarz | last post: by
2 posts views Thread by Soni Bergraj | last post: by
reply views Thread by Håkan | last post: by
3 posts views Thread by Phillip B Oldham | last post: by
7 posts views Thread by =?Utf-8?B?Vkg=?= | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.