I'm developing a website and I need to have my asp page connect to a VB script on a remote server send it some variables and get a string returned. Then spit out the returned data.
I've done similar work in Java.
Can anyone point me in the right direction to help me produce a simple proof of concept?
Basically you can send request data to the remote server using a request string:
http://www.example.com/GetMyString.asp?MyVal1=value1&MyVal2=value2
Then on the remote server in the GetMyString.asp page retrieve these values using the Request Object and then send back the string result by using Response.Write
'<%
value1 = Request["MyVal1"]
value2 = Request["MyVal2"]
newvalue = "The values receievd were: "+ value1+ " and "+ value2
Response.Clear()
Response.Write(newvalue)
Response.End()
%>'
Related
I'm moving an old ASP application from a Windows Server 2012R2 to a new Windows Server 2016 Standard Edition:
Old server had IIS 8, new server uses IIS 10
this application has some routines that makes an MSXML2.ServerXMLHTTP.6.0 call to a page hosted on the same server:
the problem is that this routine works on the old server, but does not work on the new server
I build this small routine to make the test
<%
Dim xmlhttp
Dim payload
payload="OID="&Timer*100
Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
xmlhttp.setTimeouts 30,500,1000,1000
xmlhttp.Open "GET", "http://sameserver.com/test.asp?"&payload , false
On Error Resume Next
xmlhttp.Send
If Err.Number Then
response.write "ERROR: Could Not Retrieve Remote Server <br> Error Number: "&Err.Number&"<br>Error Description: "&Err.Description
Err.Clear
Else
response.write = "OK: "&xmlhttp.ResponseText
End If
On Error Goto 0
Set xmlhttp = nothing
%>
that works on the old server but on the new server returns
Error Number: -2147012894
Error Description: Operation Timeout
I thought there were some bad/missing settings on new server, perhaps in IIS Settings, but I also tried a very simple test in PHP, that works fine:
<?php
$timer= new DateTime();
$payload='OID='.$timer->format('Y-m-d%20H:i:s');
$url='http://sameserver.com/test.asp?'.$payload;
echo file_get_contents($url);
?>
Clearly I can change these routine and use PHP, but I'm afraid that this error could create also other, at present, undisclosed issues
Can suggest the possible reason, or, at least, which checks has to be made?
Thanks
Your answer is here. Microsoft recommends not making ServerXMLHTTP to the same server. There are probably alternatives; it's hard to tell what you're trying to do from the code you posted.
I am trying to read a text area (id= Message) and save it into the database. The problem is that if the user enters a single quote (') in the text, both the codes below fail to handle it.
Request("Message")
or
Replace(Request("Message"),"'","")
both fail with the error message
Security violation occurred
Incorrect value was passed for field "Message"
.
Seems like it fails as soon as it reads Request("Message")
I suspect this might be a hosting level security measure to protect against SQL injection. If this is the case the only solution might be to ask your host to disable it (and protect from this yourself) or to add some JavaScript to replace or HTML encode apostrophes when the form is submitted.
Are you testing this on a local computer or just on a site hosted with a web hosting company?
You should use a Command-object to securely save userentered data to the database.
set cmd = Server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = conn
cmd.CommandText = "INSERT INTO table(message) VALUES(?)"
cmd.CommandType = 1
recordsAffected = 0
call cmd.Execute(recordsAffected, array(Request("Message")&""))
if recordsAffected <> 1 then
Response.Write "Something went wrong!"
else
Response.Write "Data saved!"
end if
The code above assumes you have an open connection to the database stored in the variable conn.
The code line on where this is happening is on the response.redirect below:
Catch exR As System.NullReferenceException
Dim dt As CustomDataObject = New CustomDataObject("SP_Retrieve_LoginPort")
Dim port As Integer = dt.getdatatable.Rows(0).Item("Port")
Response.Redirect("http://" & Request.Url.Host & ":" & port)
I get the following in my Request URL: http://©:53/Default.aspx
Where does the copyright symbol come from?
This is a difficult one, without more information.
I think that it may be to do with the string contents of Request.Url.Host and how it is displayed.
Char value © and © will give you a copyright symbol.
I would, however, look at your host - do you have a web host setup e.g. IIS locally or are you relying on ASP.NET development server?
I would suggest that you setup a default web server and virtual directory for your project under IIS and then in dbug mode I'd expect HttpRequest.Url.Host to report back localhost
I am trying to upload files to Azure Blob Storage using Classic ASP (no choice!). However although I can use can list container contents using MSXML2.ServerXMLHTTP I am failing to create blobs. I need to use it to upload PDF files so am using BlockBlob.
I believe I am failing to create the authorisation key correctly. Does anyone have a code sample of creating the authorisation key in Classic ASP VBScript? I have something like below but have no idea how to generate the key in Classic ASP.
' replace with your account's settings
' setup the URL
baseUrl = "https://<myaccount>.blob.core.windows.net"
Set http = Server.CreateObject("MSXML2.ServerXMLHTTP")
PathUrl = baseUrl & "/test/myblob"
' setup the request and authorization
http.open "PUT", PathUrl , false
'How do I generate this key from the headers and path using HMAC-SHA256 and my prim/sec account key
http.setRequestHeader "Authorization", "SharedKey <myaccount>:?????"
http.setRequestHeader "Date", "2011-6-16 9:22"
http.setRequestHeader "x-ms-date", "2011-06-16 9:22"
http.setRequestHeader "x-ms-version", "2009-09-19"
http.setRequestHeader "Content-Length", "11"
http.setRequestHeader "x-ms-blob-type","BlockBlob"
http.setRequestHeader "Content-Type", "text/plain; charset=UTF-8"
postData = "hello world"
' send the POST data
http.send postData
' optionally write out the response if you need to check if it worked
Response.Write http.responseText
I get the error AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Thanks
Graeme
You would have to implement the equivalent of the algorithm defined here:
http://msdn.microsoft.com/en-us/library/dd179428.aspx
However, there is an easier way that I recommend if possible. I would have your ASP application make a ASMX (or WCF equivalent call) to a .NET application that returns a shared access signature (SAS) with a short life (e.g. with 10 min expiry). Just pass the name of the PDF you will upload and have it calculate a signature for you with write access. Once you have the signature, you can simply PUT against it without worrying about calculating anything. If the PDF is very large (> 64MB), you will have an issue where you need to worry about breaking into blocks, but for smallish PDFs you can do a very simple PUT operation on the SAS without worrying about it.
The code for this is trivial:
var blobName = "foo.pdf"; //taken from ASP app
var blob = container.GetBlobReference(blobName);
var sas = blob.GetSharedAccessSignature(new SharedAccessPolicy()
{
Permissions = SharedAccessPermissions.Write,
SharedAccessExpiryTime = DateTime.AddMinutes(10)
});
The container in this case is whereever you want users to upload. The 'sas' variable will contain the querystring portion that you need to send. You just need to append it (e.g. blob.Uri.AbsoluteUri + sas).
With this solution, your ASP app is ignorant of Windows Azure blob storage and the details and only your .NET app needs to know the key or how to calculate a SAS.
You can upload files to azure storage using simple C# application.
Please refer the link for more details.
< http://tuvian.wordpress.com/2011/06/24/how-to-upload-blob-to-azure-using-asp-net-tool-for-upload-files-to-azure-using-asp-netc/ >
Issue
Msxml2.ServerXMLHTTP keeps returning 401 - Unauthorised errors each time we attempt to read the contents of a file (ASP) from a web server.
Source server is running IIS6, using NTLM integrated login.
This process has been used successfully before, but only in as far as extracting XML files from external websites, not internal ones.
The proxy settings in the registry of the server on which the script is run has also been updated to bypass the website in question, but to no avail.
All paths identified in the VBScript have been checked and tested, and are correct.
User running the script has correct read/write permissions for all locations referenced in the script.
Solution needed
To identify the cause of the HTTP 401 Unauthorised messages, so that the script will work as intended.
Description
Our organisation operates an intranet, where the content is replicated to servers at each of our remote sites. This ensures these sites have continued fast access to important information, documentation and data, even in the event of losing connectivity.
We are in the middle of improving the listing and management of Forms (those pesky pieces of paper that have to be filled in for specific tasks). This involves establising a database of all our forms.
However, as the organisation hasn't been smart enough to invest in MSSQL Server instances at each site, replication of the database and accessing it from the local SQL server isn't an option.
To work around this, I have constructed a series of views (ASP pages) which display the required data. I then intend to use Msxml2.ServerXMLHTTP by VBScript, so I can read the resulting pages and save the output to a static file back on the server.
From there, the existing replication process can stream these files out to the site - with users having no idea that they're looking at a static page that just happened to be generated from database output.
Code
' Forms - Static Page Generator
' Implimented 2011-02-15 by Michael Harris
' Purpose: To download the contents of a page, and save that page to a static file.
' Target category: 1 (Contracts)
' Target Page:
' http://sharename.fpc.wa.gov.au/corporate/forms/generator/index.asp
' Target path: \\servername\sharename\corporate\forms\index.asp
' Resulting URL: http://sharename.fpc.wa.gov.au/corporate/forms/index.asp
' Remove read only
' Remove read only flag on file if present to allow editing
' If file has been set to read only by automated process, turn off read only
Const READ_ONLY = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("\\server\sharename\corporate\forms\index.asp")
If objFile.Attributes AND READ_ONLY Then
objFile.Attributes = objFile.Attributes XOR READ_ONLY
End If
Dim webObj, strURL
Set webObj = CreateObject("Msxml2.ServerXMLHTTP")
strURL = "http://sharename.fpc.wa.gov.au/corporate/forms/generator/index.asp"
webObj.Open "GET", strURL
webObj.send
If webObj.Status=200 Then
Set objFso = CreateObject("Scripting.FileSystemObject")
Set txtFile = objFso.OpenTextFile("file:\\servername.fpc.wa.gov.au\sharename\corporate\forms\index.asp", 2, True)
txtFile.WriteLine webObj.responseText
txtFile.close
ElseIf webObj.Status >= 400 And webObj.Status <= 599 Then
MsgBox "Error Occurred : " & webObj.Status & " - " & webObj.statusText
Else
MsgBox webObj.ResponseText
End If
Replace your line:
webObj.Open "GET", strURL
With:
webObj.Open "GET", strURL, False, "username", "password"
In most cases 401 Unauthorized means you haven't supplied credentials. Also you should specifiy False to indicate you don't want async mode.
It sounds like the O.P. got this working with the correct proxy settings in the registry (http://support.microsoft.com/kb/291008 explains why proxy configuration will fix this). Newer versions of ServerXMLHTTP have a setProxy method that can be used to set the necessary proxy configuration in your code instead.
In the O.P. code above, after webObj is created, the following line of code would set up the proxy correctly:
webObj.setProxy 2, "0.0.0.0:80", "*.fpc.wa.gov.au"
ServerXMLHTTP will pass on the credentials of the user running the code if it is configured with a proxy, and if the target URL bypasses that proxy. Since you are bypassing the proxy anyway, you can make it a dummy value "0.0.0.0:80", and make sure your target url is covered by what you specify in the bypass list "*.fpc.wa.gov.au"
I would first test if you can reach your url through a normal browser on the same server X you run your code on (A). I would try then reach the url from another PC. One never used to reach that url but in the same network as server X (B).
If B works but A doesn't I would suspect that for some reason your source server (i.e. that one that serves the url) blocks server X for some reason. Check the security settings of II6 and of NTLM.
If both A and B don't work, there is something wrong more in general with your source server (i.e. it blocks everything or NTML doesn't allow you in).
If A works (B doesn't matter then), the problem has to be somewhere in your code. In that case, I would recommend fiddler. This tool can give you the HTTP requests of both your browser and your code in realtime. You can then compare both. That should give you at least a very strong hint about (if not immediately give you) the solution.