asp Server XML HTTP Object returns nothing - asp-classic

I am new to asp but need to fix a software for a friend. The problem is the routine that uses MSXML2.ServerXMLHTTP to read an .asp page to produce a voucher. I have got it to work and display pages from any server, but when I try to open a page from my own Windows server the routine just returns blank, or hangs the server. Have tried everything. Wonder if it may be related to permissions?
It seems to get stuck in readyState=1.
<%
Response.Buffer = True
Dim objXMLHTTP, xml
Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
' Opens the connection to the remote server.
xml.Open "GET", "http://someurl/Testpage.asp", False
' Actually Sends the request and returns the data:
xml.Send
'Display the HTML both as HTML and as text
Response.Write "<h1>The HTML text</h1><xmp>"
Response.Write xml.responseText
Response.Write "</xmp><p><hr><p><h1>The HTML Output</h1>"
Response.Write xml.responseText
Set xml = Nothing
%>

A development server has some restrictions on the amount of requests it can handle simultaneously.
Because you are in the process of executing one server-side script already, the server won't respond to the request you are sending via ServerXMLHTTP.
You can work around this by looking up the worker process for your development website in IIS Manager, and under advanced settings increase the maximum number of worker processes, which is propably set to 1.

Related

Is there a way to respond to an HTTP Post on an ASP page?

We are developing an SMS communication platform to communicate with our customers using Twilio. We have 30 - 50 folks who need to communicate with our 3500 customers. Requests to send messages are put into a SQL table, and a VB.NET app takes these messages and sends them via Twilio. An API recieves Twilio's updates/replies/status changes and posts them to the SQL table. The API is on the "outside" (in terms of security) alongside our web server, not on our internal network. The VB.NET app is on the inside. We then have an ASP "chat" page (on the inside) that the reps and dispatch folks can use to communicate back and forth with the customers.
Now for my question. The ASP page reads the conversations for specific phone numbers from the SQL table. I can't have the API communicate directly with the ASP page, since the ASP page is on our internal network, and the API is on the "outside" to satisfy security concerns. So currently I have the VB.NET app sending an HTTP POST to the webpage to signal a new message or status change. The post contains the phone numbers involved, so only the pages with the correct conversation can respond. The ASP page gets the POST and correctly reads the data, but I can't seem to make it trigger an event. Ideally I would have the POST trigger an event to refresh the conversation. Using a debugger, I can see the code going through the motions, but no data is updated. I assume this is because the POST is to the ASP page, not to the server. Javascript doesn't seem to know that this post happened, so I can't seem to trigger an event with Javascript either.
Here's the code for the post from the VB.NET app:
wc = New WebClient()
Dim resp = wc.UploadValues(Chat_URL & url_suffix, "POST", keys)
Here's the code on the ASP page to try to catch the post
If Request.HttpMethod = "POST" And Not Request.Form("posttime") Is Nothing Then
Dim post_jf_phone As String = ""
Dim post_cust_phone As String = ""
If Not Request.Form("jfphone") Is Nothing Then
post_jf_phone = "+" & Request.Form("jfphone").Trim
End If
If Not Request.Form("custphone") Is Nothing Then
post_cust_phone = "+" & Request.Form("custphone").Trim
End If
'If these are the numbers we're viewing...
If post_cust_phone = TxtCustPhone.Text And post_jf_phone = TxtJFPhone.Text Then
Load_Data(TxtCustPhone.Text)
End If
End If
On the initial form load event, the Load_Data function works perfectly, but nothing happens when it's fired from the HTTP POST. I've tried a Response.Redirect and Server.TransferRequest to reload the page, but these don't work either.
Sorry to be long-winded here, but any thoughts would be appreciated.

Session in ASP is not storing values

I have two asp pages in the first page named verify.asp i have write this code:
verify.asp
<%
Username = Request.Form("loginx")
Password = Request.Form("passx")
liberado
Session("liberado") = Username
%>
in the second page i try to use the session variabel "liberado" with any result
barra.asp ,
<%
response.write(session("liberado"))
%>
What i'm making wrong? I m using chrome on IIS of windows 7, Username and Password have values
There was nothing really wrong with your code. Although I can see you've edited it now to remove the dim from liberado, but you've left liberado behind. This means your ASP will try and call a sub called liberado, which presumably doesn't exist. You can go ahead and remove that line.
<%
Dim Username, Password
Username = Request.Form("loginx")
Password = Request.Form("passx")
Session("liberado") = Username
%>
Trying to set a session whilst the session state is disabled will probably result in an error of some kind (and you didn't mention an error in your question). But make sure it's enabled by opening IIS and under ASP > Session Properties set "Enable Session State" to "True".
If it's already true then chances are there's something wrong with your form and the data isn't being posted. On your verify.asp page try running the following code:
for each item in request.form
response.write item & ": " & request.form(item) & "<br>"
next
This will output a list of all the form data being posted.
This could also be a cookie issue. If you're blocking cookies from being set in Chrome then there won't be an ASP session cookie, so session values won't be accessible as you move from page to page.
In Chrome press F12 to open developer tools, click the Applications tab, and from the "Cookies" drop down menu select your domain. Check there's an ASPSESSIONID cookie present, and it's the same cookie on both your ASP pages.
Check the application pool settings in IIS. If there are multiple worker processes active under "maximum worker processes", sessions don't always work. Sessions are stored per process, do if a different worker process handles the second request, the session from the first request might be missing. A setting of "0" means IIS uses as many processes as needed.
More information here

Classic ASP dumping Session Variables (WITHOUT Authentication)

I have inherited an Classic ASP Site and a "bolt-on" ASP.NET site...
NEITHER are using Authentication, BOTH sides have a manual "reinvent-the- wheel" (hard-coded) security system that validates the user/pw from a SQL 2000 database (i.e. "if the user is found via a SQL SELECT, let them in").
New development is in ASP.NET... and they have "integrated" the two sites via ONE login (described above) on the Classic ASP side... then passing a GUID (saved at the time of login to the users record) they validate the GUID on the ASP.NET side ("yes, this is the correct GUID, therefore this is my user... let them in").
Up until now this has been working ONE DIRECTION (Classic ASP to ASP.NET) only with no issues.
(Getting to the problem, bear with me...)
Now they want to perform the same basic design from ASP.NET to Classic ASP by updating the GUID, passing it back, where the lookup validates the user, send them to the correct Classic ASP page... (so the user can return to the Classic ASP side without re-loging-in, previously required) HOWEVER...
***HERE's THE PROBLEM
Session("UserID") is used on the Classic ASP side to (hard code) validate the user... then Response.Redirect is run to send them back to the page that they previously left via "sRedirectToString" ...
'user is found in DB, so send them to the correct page...
Dim sRedirectToString = 'the correct url
Call Response.Redirect (sRedirectToString)
HOWEVER, Session("UserID") gets cleared by IIS or IE (dun'no) and the (hard-coded) validation fails because Session("UserID") is NULL (blank)
Here's the simple (only) validation:
If Trim(Session("UserID") & "") = "" Then
'Session timed out
Response.Redirect('the denied page)
Else
Response.Write "<meta http-equiv=""X-UA-Compatible"" content=""IE=EmulateIE7"">"
End If
So, why are the Session Variables being cleared by a Redirect? (there is no other system authentication is being used).
There is no Session.Abort, nor any specific coding that is clearing Session("UserID").
But when Session("UserID") is tested (see code above) it is found empty and redirects to the DENIED.asp page.
So, hoping there is some property like "PersistSessionVariables" (or something) that I can set so they don't clear...
BUT THEY DO INDEED CLEAR IMMEDIATELY AFTER THE REDIRECT AND THIS IS CONFUSING TO ME.
I appreciate all the Wizards help!

Restrict remote page execution in classic ASP

The title says it all, is it possible to do? Lets say I need to block access via MSXML2.ServerXMLHTTP or any other object, also via ajax IF the request was not local and allow asp execution only on local machine. Is it need to be done in ASP or IIS 7 ?
Lets say we have this code:
url = "http://www.website.com"
set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "GET", url, false
xmlhttp.send ""
Response.write xmlhttp.responseText
set xmlhttp = nothing
Currently, my website is allowing this request from my local address at home, how to block such access?
thanks
You can also block in code - in global.asa - Edit your Session_OnStart event handler:
If request.ServerVariables("REMOTE_ADDR") = "insert your IP address here" Then
Session.Abandon
Response.End()
End If
Note: If someone connects via a proxy server you may see an IP address of the proxy instead. In some cases you may also want to interrogate the X-Forwarded-For header to see if a bad IP address is found there.

"maximum string content length quota (8192) has been exceeded while reading XML data" calling WCF via mexAddress moniker

I'm attempting to call a WCF service via mex from a classic ASP page. I've got the call working using the details on MSDN, but if I pass back an amount of data exceeding 8K I get an exception stating:
The maximum string content length
quota (8192) has been exceeded while
reading XML data. This quota may be
increased by changing the
MaxStringContentLength property on the
XmlDictionaryReaderQuotas object used
when creating the XML reader...
The fix for this is easy enough in .NET client: you can adjust the client config to having a binding with a readerQuotas section including an increased quota. However, since I'm building a service moniker to pass to a GetObject call within ASP, I don't have access to a config to edit. If it were a VB6 app, I could use dllhost.exe.config, but that's not the case. The bindingConfiguration node (and sub nodes) don't appear to be parameters I can set within the moniker string.
Any ideas on how I could influence this parameter within the ASP context? ASP snippet with moniker string referenced below:
Dim strXml, moniker, objProxy
moniker="service:mexAddress='http://localhost/SomeApp/SomeServices/SomeService.svc/mex', "
moniker=moniker + "address='http://localhost/SomeApp/SomeServices/SomeService.svc',"
moniker=moniker + "contract=ISomeService, contractNamespace=http://foo.com, "
moniker=moniker + "binding=WSHttpBinding_ISomeService, bindingNamespace=http://foo.com"
Set objProxy = GetObject(moniker)
strXml = objProxy.DoWork("foo", "bar")
Thanks!
Try setting your maxStringContentLength in your wcf binding configuration on the server side.
It's my understanding that the service:mexAddress moniker actually uses a WCF client behind the COM interface. If that is the case then you can store the WCF config in a file called «foo».exe.config, where «foo» is replaced by the name of the executable.
If you are running the ASP within IIS6 or IIS7, then the EXE that runs the ASP is probably w3wp.exe, which means you need to drop the config into a file called w3wp.exe.config , located in the directory c:\Windows\system32\inetsrv.

Resources