help.net

hahahahahah . oops sorry, paschal. :-) That was one of the great advances from asp to asp.net. In asp you either had to have function in a file and then #include that file in every single page or have some type of session validation code that throws invalid sessions out to a login page - on every single page. Probably someone more experienced with asp might give you some mroe useful advice. Congrats on all of your rollouts, by the way.

I did a proof of concept where I rewrote the asp security scripts to call aspx pages and to react accordingly.

Instead of the original IsLoggedIn() redirecting to the asp login page, it would call an aspx page.

Ill see if it at home tonight

For my example , EnsureAccess is the function called to secure the asp page with an asp.net login.
I'm just using the existence of a session variable, but you can link it to your existing asp security.
WebForm1.aspx is an asp.net secured page that return "OK".

===SecureAsp.asp===============

<%@Language=vbs%>
<%
Response.Buffer=true
EnsureAccess _
"http://localhost/Examples/FormsLoginSecure/WebForm1.aspx" _
,"/Examples/FormsLogin/Login.aspx" _
,"ENABLE_ASPXAUTH"

Sub EnsureAccess(URLSecurePage,VPathLoginPage,SessionItemName)
Dim oReq
If Session(SessionItemName) <> "OK" Then
Response.Write "SESSION BEING SECURED: "

Set oReq = Server.CreateObject("MSXML2.ServerXMLHTTP.3.0")

Call oReq.Open("GET",URLSecurePage,false)
Call oReq.SetRequestHeader("Cookie","a=b")
Call oReq.SetRequestHeader("Cookie",Request.ServerVariables("HTTP_COOKIE"))
oReq.Send
If oReq.responseText <> "OK" Then
' Response.Write oReq.responseText
' Response.Write "<HR>"
Response.Write "Failed"
' Response.Write "<HR>"
' Response.Write "<a href='"
' Response.Write
Response.Redirect VPathLoginPage & "?ReturnUrl=" & Request.ServerVariables("SCRIPT_NAME")
' Response.Write "'>Login</a>"
' Response.Write "<HR>"
Else
' Response.Write "<HR>"
Response.Write "Passed"
Response.Write "<HR>"
Session(SessionItemName) = "OK"
End IF
Else
Response.Write "SESSION PREVIOUSLY SECURED<BR>"
End IF
End Sub

%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 7.0">
<TITLE></TITLE>
</HEAD>
<BODY>

<%
Dim Item
For Each Item in Request.ServerVariables
' Response.Write Item &" :" & Request.ServerVariables(Item) & "<BR>"
NExt
%>
</BODY>
</HTML>



===WebForm1.aspx===============
<%@ Page language="c#" AutoEventWireup="false" %>OK

Did you try it yet?

Hi Andrew Yes sorry too busy to give my feedback, but well it doesn't work.

The problem I have is when I get back to my asp page.

Hard to expalin but this is the page order I got reading your code.

I have an ASP page A.asp
I have secure.asp and webform1.aspx.
And of course Login.aspx

What is working well is the page A to secure page to Login.

After start the trouble. I'll go back to webform1.aspx, fine.

I have in the code behind of the webform1.aspx page soomething to say read the page querystring (sent from the Login page) and redirect to the page A.asp in this example.

This part works well.

but when A.asp start I call using your trick the webform1.aspx to be sure I am authenticated.

The problem come from the fact that when it call the page he continue the code without waiting that the webform1.aspx return OK. so this is where I am stuck for the moment.

I am thinking now about cookies, because apparently you can't really mix well asp sessions with the .Net equivalent.

As I said, the session is just the way to show that it works.
You should check whatever you check for your security and set whatever you set.

You should not use Session varaible in production code unless absolutely neccesary.

I use them in samples, but I haven't used one in production code for at least 4 years.



I didn't just post this, I make it work before posting it.

WebForm1.aspx should do nothing other that provide the ServerXMLHTTP request with "OK".

Set oReq = Server.CreateObject("MSXML2.ServerXMLHTTP.3.0")

Call oReq.Open("GET",URLSecurePage,false)
Call oReq.SetRequestHeader("Cookie","a=b")
Call oReq.SetRequestHeader("Cookie",Request.ServerVariables("HTTP_COOKIE"))
oReq.Send

Is on side of the bridge, WebForm1.aspx is the other.

Thanks Andrew for the help but the issue here seems to be the oReq.Send.

When I do a test with oReq.responseText to see if I have "OK", apparently the test return false all the time because it seems for me that he don't wait enough to get back the value returned by webform1.aspx.
I am thinking about cookies now, maybe because they are at the end the same for .Net or ASP.

I'll put the whole thing in a separate solution this weekend and send you the zip.
(Is your email addy around here?)

oReq.Open("GET",URLSecurePage,false) is a synchronous call, it should wait/block until the response is returned.

Here it is all zipped up in a solution.
with a web app named AspFormsAuth


http://uitemplates.europe.webmatrixhosting.net/example_zip/AspxAuth.zip

Very Interesting..