Guys:
Is there someway that allows a normal (and old) ASP page to access
Session _or_ Application data of an ASP.NET page?
I can't migrate this ASP page to ASP.NET. This ASP page loads an ISAPI
filter (msmdpump.dll), and I've tried a lot, but can't make this works in
ASP.NET.
Thanks,
Ravi. 6 1238
ASP and ASP.NET are two different HTTP processing environments. They don't
share any implementation of Session state. Your best bet is going to be to
store whatever data you want shared across your ASP and ASP.NET pages in
a database. Use a cookie to identify that user's data in the database.
-Brock
DevelopMentor http://staff.develop.com/ballen Guys: Is there someway that allows a normal (and old) ASP page to access Session _or_ Application data of an ASP.NET page? I can't migrate this ASP page to ASP.NET. This ASP page loads an ISAPI filter (msmdpump.dll), and I've tried a lot, but can't make this works in ASP.NET.
Thanks, Ravi.
But this is trully even when the ASP page is inside an ASP.NET application
folder?
Using a cookie only isn't a security issue? If I check IP address of the
sender against the cookie, do I have the same security that I would obtain
using a session?
Thanks,
Ravi.
"Brock Allen" <ba****@NOSPAMd evelop.com> wrote in message
news:92******** **************@ msnews.microsof t.com... ASP and ASP.NET are two different HTTP processing environments. They don't share any implementation of Session state. Your best bet is going to be to store whatever data you want shared across your ASP and ASP.NET pages in a database. Use a cookie to identify that user's data in the database. -Brock DevelopMentor http://staff.develop.com/ballen Guys: Is there someway that allows a normal (and old) ASP page to access Session _or_ Application data of an ASP.NET page? I can't migrate this ASP page to ASP.NET. This ASP page loads an ISAPI filter (msmdpump.dll), and I've tried a lot, but can't make this works in ASP.NET.
Thanks, Ravi.
> But this is trully even when the ASP page is inside an ASP.NET application folder?
Correct -- the ASP and ASPX file are in the same folder, but they are still
using two different application frameworks. Similar (on the surface, at least),
but different.
Using a cookie only isn't a security issue?
Yes, using a cookie is a security issue, unless you're running over SSL.
But that's no different that how it's always been using Sessions.
If I check IP address of the sender against the cookie, do I have the same security that I would obtain using a session?
I don't know what this means. Cookies are no different that they used to
be. Cookies can be spoofed in ASP and in ASP.NET. That's why I suggest SSL.
And even with SSL, if I'm an attacker and I've somehow acquired someone else's
cookie I can present as if it were my own. Again, these issues are unrelated
to ASP or ASP.NET.
-Brock
DevelopMentor http://staff.develop.com/ballen
Hello, Brook:
I'll do what you suggested:
1. The ASP.NET page generates a unique identifier, that is stored in a
database with sender's IP address;
2. After that, the ASP page is accessed. The ASP page check the
existence of the cookie, and then, in the database, verifies the existence
of this cookie and check the sender's IP address.
3. If permitted, then access is allowed - otherwise, not.
This is almost safe, I hope...
"Brock Allen" <ba****@NOSPAMd evelop.com> wrote in message
news:92******** **************@ msnews.microsof t.com... But this is trully even when the ASP page is inside an ASP.NET application folder?
Correct -- the ASP and ASPX file are in the same folder, but they are still using two different application frameworks. Similar (on the surface, at least), but different.
Using a cookie only isn't a security issue?
Yes, using a cookie is a security issue, unless you're running over SSL. But that's no different that how it's always been using Sessions.
If I check IP address of the sender against the cookie, do I have the same security that I would obtain using a session?
I don't know what this means. Cookies are no different that they used to be. Cookies can be spoofed in ASP and in ASP.NET. That's why I suggest SSL. And even with SSL, if I'm an attacker and I've somehow acquired someone else's cookie I can present as if it were my own. Again, these issues are unrelated to ASP or ASP.NET.
-Brock DevelopMentor http://staff.develop.com/ballen
> I'll do what you suggested: 1. The ASP.NET page generates a unique identifier, that is stored in a database with sender's IP address; 2. After that, the ASP page is accessed. The ASP page check the existence of the cookie, and then, in the database, verifies the existence of this cookie and check the sender's IP address. 3. If permitted, then access is allowed - otherwise, not. This is almost safe, I hope...
I never suggested this :)
IP address is a bad thing to use to identify a user, since people can be
using a NAT or a proxy server. I wrote an app that logged all IP addresses
used by users and people using AOL as their ISP would have 10 different IPs
all in the span of a few requests.
Just issue a cookie and the cookie presented to the application should be
the user's identifier for their custom session data in your database.
-Brock
DevelopMentor http://staff.develop.com/ballen
Well, checking IP address is not an extra effort...
I'll give that a shot!
Thanks, your support was great!
"Brock Allen" <ba****@NOSPAMd evelop.com> wrote in message
news:92******** **************@ msnews.microsof t.com... I'll do what you suggested: 1. The ASP.NET page generates a unique identifier, that is stored in a database with sender's IP address; 2. After that, the ASP page is accessed. The ASP page check the existence of the cookie, and then, in the database, verifies the existence of this cookie and check the sender's IP address. 3. If permitted, then access is allowed - otherwise, not. This is almost safe, I hope...
I never suggested this :)
IP address is a bad thing to use to identify a user, since people can be using a NAT or a proxy server. I wrote an app that logged all IP addresses used by users and people using AOL as their ISP would have 10 different IPs all in the span of a few requests.
Just issue a cookie and the cookie presented to the application should be the user's identifier for their custom session data in your database.
-Brock DevelopMentor http://staff.develop.com/ballen This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Alan Silver |
last post by:
Hello,
I have a server running Windows Server 2003, on which two of the web
sites use the MegaBBS ASP forum software. Both sites suddenly developed
the same error, which seems to be connected to the dictionary object.
After some tinkering, I whittled it down to the following (complete)
ASP...
<%@ CodePage=65001 Language="VBScript"%>
|
by: Earl Teigrob |
last post by:
I am programming ASP.NET using C#.
I have been accessing static variables accross my entire application but now
need to change some of the static variables that are session specific to
instance variables.
(For more background, see previous post about 30 min ago)
It was so cool using static variables because they where global to the
entire application so I could calculate them when the page loaded and use
then anywhere in the app. Now...
|
by: David P. Donahue |
last post by:
Is there a way to iterate through some kind of collection and access
session variables in current active sessions on the website?
For example, I'd like to add a feature to an administrative section of a
website that will show the admin a given session variable ("username"
for example) for every active session. Other info, like IP addresses of
users and whatnot, would also be useful. Can this be done? Where would
I find this...
|
by: matt |
last post by:
I've come across a real problem and am totally stuck as to why this is
happening, hoping desperately that someone else has experienced the same
thing, and knows a solution! Session state should be available from the
PrequestHandlerExecute event, and is most of the time for me however
sometimes asp.net appears not to load session state at this stage. We
have a HttpModule which runs fine 99% of the time however sometimes we
have a problem...
|
by: William |
last post by:
Hi
I have an ASP.NET application that connects to an Access database.
Everything works fine except for the Session object. Data in the session
object is lost after I've made a call to the database.
To test, I've created two test aspx pages. Test1.aspx contains two buttons.
The first button sets values in the session object and then navigates to
Test2.aspx. Test2.aspx only displays the values in the session object.
The second button...
| |
by: Anders Jansson |
last post by:
Hi!
I'm porting an ASP application to ASP.NET 1.1 and having problems with
accessing Session values in ASP that were created and initialized in ASP.NET
1.1.
For example, I added a variable in an ASP.NET pages Page_Load routine, C#:
Int32 Member = 12;
Session.Add("Member", U_Member.ToString());
|
by: George Durzi |
last post by:
Consider these three projects:
- ProjectWeb (my web application)
- Facade (my class library, does data access, etc.)
- Library (a library of classes I reuse in applications)
ProjectWeb references Facade, and on login adds an instance of a
Facade.UserInfo class (a User class) into the user's Session. The session is
called Session, and I can reference the UserInfo properties by
doing: ((UserInfo)Session).UserId or
|
by: Joergen Bech |
last post by:
Fairly new to ASP.NET 1.1. Getting the error below when running
application on a web server outside of my control, but only the first
time I run it:
1. After a long period of inactivity (or updating the code-behind dll)
accessing any aspx page in the application causes the application
to run for the first time. Some of the initialization involves
reading and writing some text and xml files using simple streamreader
and streamwriter...
|
by: Shawn |
last post by:
Well, the subject sais it all. What is the best approach to prevent this
from happening?
Thanks,
Shawn
|
by: Alex Maghen |
last post by:
I want to create an object which is attached to the specific user session and
I want to be able to access that object directly throughout the Pages, Page
Controls, and Master Pages of the site.
I'm assuming that the best way to do that is to create the object and then
put it into the Session? If so, a few questions about the best way to do that:
1. If I want to reliably access that object on any and every page, how do I
make sure that...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |