Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Post to an ASP page
- Thread starter barryna
- Start date
Well actually this is the wrong place this post this message however.
Your asp page can contain a call directly to your activeX dll in the following way
<%
set newObj = Server.CreateObject("projectname.classname"
Response.write newObj.aMethod
set newObj = nothing
%>
Where newObj.Method returns a string.
Your asp page can contain a call directly to your activeX dll in the following way
<%
set newObj = Server.CreateObject("projectname.classname"
Response.write newObj.aMethod
set newObj = nothing
%>
Where newObj.Method returns a string.
However if you want to generate a post from VB here is a good way to do it:
Private Sub BuildPostData(ByteArray() As Byte, ByVal strPostData As String)
Dim intNewBytes As Integer
Dim strCH As String
Dim i As Integer
intNewBytes = Len(strPostData) - 1
If intNewBytes < 0 Then
Exit Sub
End If
ReDim ByteArray(intNewBytes)
For i = 0 To intNewBytes
strCH = Mid$(strPostData, i + 1, 1)
If strCH = Space(1) Then
strCH = "+"
End If
ByteArray(i) = Asc(strCH)
Next
End Sub
Private Sub Command1_Click()
Dim strPostData As String
Dim strHeader As String
Dim varPostData As Variant
'Make the Post Data String
strPostData = "Name1=Value1&Name2=Value2"
'Pack the post data into a byte array
BuildPostData bytpostdata(), strPostData
'Write the byte into a variant
varPostData = bytpostdata
'Create the Header
strHeader = "Content-Type: application/x- + Chr(10) + Chr(13)
'Post the data
Web.Navigate2 " 0, "", varPostData, strHeader
End Sub
Private Sub BuildPostData(ByteArray() As Byte, ByVal strPostData As String)
Dim intNewBytes As Integer
Dim strCH As String
Dim i As Integer
intNewBytes = Len(strPostData) - 1
If intNewBytes < 0 Then
Exit Sub
End If
ReDim ByteArray(intNewBytes)
For i = 0 To intNewBytes
strCH = Mid$(strPostData, i + 1, 1)
If strCH = Space(1) Then
strCH = "+"
End If
ByteArray(i) = Asc(strCH)
Next
End Sub
Private Sub Command1_Click()
Dim strPostData As String
Dim strHeader As String
Dim varPostData As Variant
'Make the Post Data String
strPostData = "Name1=Value1&Name2=Value2"
'Pack the post data into a byte array
BuildPostData bytpostdata(), strPostData
'Write the byte into a variant
varPostData = bytpostdata
'Create the Header
strHeader = "Content-Type: application/x- + Chr(10) + Chr(13)
'Post the data
Web.Navigate2 " 0, "", varPostData, strHeader
End Sub
- Thread starter
- #4
I was able to successfully post to my asp page, but when I do so, how can I get the result back? (read the html produced in the web browser?)
Plus, i don't understand your first post about "Your asp page can contain a call directly to your activeX dll in the following way", mainly because I'm not familiar with activeX dll's. This may be my solution to the above question, i don't know.
You've been a great help so far. I can post to an asp page from my vb app! I'm half way there.
Plus, i don't understand your first post about "Your asp page can contain a call directly to your activeX dll in the following way", mainly because I'm not familiar with activeX dll's. This may be my solution to the above question, i don't know.
You've been a great help so far. I can post to an asp page from my vb app! I'm half way there.
Ok here is the idea.
Someone comes to page1.asp. They post data via form, querystring, session, etc.
Anyway. Let's say that the post from page1.asp goes to page2.asp
That data can be either in an asp page directly.
i.e
<%=(Request.Form("username"%>
Where (=) is a shortcut for Response.write.
Or what you can do is the following:
Using VB6 create a new project-> ActiveX dll in there create a public class method that returns HTML data.
I.e
your new Project1
your new class1
In class1 method called
Public Function returnSomeHTML(passMeAString as String) as String
returnSomeHTML = "<HTML>" & passMeAString &"</HTML>"
end Function
Now in page2.asp
<%
set newObj = Server.CreateObject("Project1.class1"
Response.write newObj.returnSomeHTML(Request.Form("username"
set newObj = nothing
%>
Since you passed the data in a method you can do whatever you want to the string before you sent it back.
Good luck and let me know.
Of course you can do the same directly in an ASP page, but believe me, as the system get's more and more complex if you take the route of using just ASP pages you will become a nightmarish maintainence project.
Someone comes to page1.asp. They post data via form, querystring, session, etc.
Anyway. Let's say that the post from page1.asp goes to page2.asp
That data can be either in an asp page directly.
i.e
<%=(Request.Form("username"
%>Where (=) is a shortcut for Response.write.
Or what you can do is the following:
Using VB6 create a new project-> ActiveX dll in there create a public class method that returns HTML data.
I.e
your new Project1
your new class1
In class1 method called
Public Function returnSomeHTML(passMeAString as String) as String
returnSomeHTML = "<HTML>" & passMeAString &"</HTML>"
end Function
Now in page2.asp
<%
set newObj = Server.CreateObject("Project1.class1"
Response.write newObj.returnSomeHTML(Request.Form("username"
set newObj = nothing
%>
Since you passed the data in a method you can do whatever you want to the string before you sent it back.
Good luck and let me know.
Of course you can do the same directly in an ASP page, but believe me, as the system get's more and more complex if you take the route of using just ASP pages you will become a nightmarish maintainence project.
- Thread starter
- #7
Is there a free control out there that operates like the control supplied by Dart Communications PowerTCP -> HTTP/1.0.
You can use Dart's Web Control to communicate with Web Servers using HTTP (Hypertext Transfer Protocol) and HTTPS (HTTP with Secure Socket Layer encryption). It provides a programming object model for session transport and header management.
This control has a 'Post' Method which is exactly what I wish to use. This method has the following properties:
//**************************
Post data to an HTTP server.
Syntax
Object.Post Data [ , RequestHeaders ] [ , Result ] [ , Headers ] [ , Username ] [ , Password ]
Part
Description
Object
Object expression that evaluates to a Web Control.
Data
String or Byte array. Specifies the source file name, or a String or Byte array that contains data to be sent to the server.
RequestHeaders
Optional DartStrings Object. The headers to send in the request.
Result
Optional String or Byte array. Specifies the destination file name, or an un-dimensioned String or Byte array that will be dynamically expanded and filled with response data.
Headers
Optional DartStrings Object. The headers received from the server.
Username
Optional String. Username for basic HTTP authentication. Defaults to no user.
Password
Optional String. Password for basic HTTP authentication. Defaults to no password.
//**************************
I find this contol to be very useful especially because of the 'result' parameter which is what I need after I post to an asp page. The costs for this control is impractical for me to buy, so is there a free one out there that does the same thing?
You can use Dart's Web Control to communicate with Web Servers using HTTP (Hypertext Transfer Protocol) and HTTPS (HTTP with Secure Socket Layer encryption). It provides a programming object model for session transport and header management.
This control has a 'Post' Method which is exactly what I wish to use. This method has the following properties:
//**************************
Post data to an HTTP server.
Syntax
Object.Post Data [ , RequestHeaders ] [ , Result ] [ , Headers ] [ , Username ] [ , Password ]
Part
Description
Object
Object expression that evaluates to a Web Control.
Data
String or Byte array. Specifies the source file name, or a String or Byte array that contains data to be sent to the server.
RequestHeaders
Optional DartStrings Object. The headers to send in the request.
Result
Optional String or Byte array. Specifies the destination file name, or an un-dimensioned String or Byte array that will be dynamically expanded and filled with response data.
Headers
Optional DartStrings Object. The headers received from the server.
Username
Optional String. Username for basic HTTP authentication. Defaults to no user.
Password
Optional String. Password for basic HTTP authentication. Defaults to no password.
//**************************
I find this contol to be very useful especially because of the 'result' parameter which is what I need after I post to an asp page. The costs for this control is impractical for me to buy, so is there a free one out there that does the same thing?
I believe I have found some more info for you:
- Thread starter
- #11
ok, I should probably tell you exactly what I am using this for so you get a better idea of what I am doing. Just so I don't take a wrong fork here and end up wasting time. I will be distributing an application to clients where they will be registering their product for a 30 day free trial. I want this process to be seamless so the user doesn't have to do anything. After the program is installed, and is run for the first time, the hard drive serial number will be posted to an ASP page on our web site. An interent connection is required and the application checks for an open one and informs the user if there isn't (the install program is downloaded from our site so we know they have internet). Our ASP page will process this and compare it to a database to make sure this user isn't trying to enable a second 30-day trial on the same computer. If the hard drive serial number doesn't exist in the database, an enablement key for the 30 day trial is the result which is sent back directly to the program which it uses to write a key in the registry so the program will be active for 30 days. There is also a lot of encryption and what not to make this process perfect and impossible to get around (i.e. contining to re-enable 30 day trials and use the program with out buying it). This is a brand new idea I came up with and am trying to implement on a free-lance basis. That is why buying any additional controls won't work for me because of lack of funds. All other methods I have come up with, a user 'Could' get around to continue using trial software (which I have unfortunately have done before). The ASP page is written and done. I am able to post from my app to the ASP page on our site and there is a correct result. The only thing I need is get this result back to the program that sent the post so the program can use the result sent back.
So you want to send this "Key" back to the user.
Okay, and you want the program to read it, not the user simply copying and pasting..ok..Now.
You will need to use the ASP Object for the following reason: You need your program to get the "Response" object from your asp page. It is certainly possible to do.
Get some info from Microsoft on the ASP Object Library, along with distribution rights, etc..and that will work for you.
Just a question? What stops a user from sending a "BS" Harddrive serial number?
Okay, and you want the program to read it, not the user simply copying and pasting..ok..Now.
You will need to use the ASP Object for the following reason: You need your program to get the "Response" object from your asp page. It is certainly possible to do.
Get some info from Microsoft on the ASP Object Library, along with distribution rights, etc..and that will work for you.
Just a question? What stops a user from sending a "BS" Harddrive serial number?
- Thread starter
- #13
Good. I will further research the Microsoft ASP Object Library to get what I need to read a response from an ASP page.
The control I am using in my vb app grabs the hard drive serial number from the first fixed drive. Then the vb app sends this hard drive serial number to the ASP page encrypted. The ASP page reads the encrypted serial number, checks the db, and if ok, sends back an encrypted key. The vb program reads this in, encrypts it again using a different encryption scheme and stores it in the registry. This stored registry key is what will allow the program to run for 30 days. Because of the encryption it would take a hacker a very long time, if even possible, to change the registry key appropriately for the program to accept it and run propery. The key is encrypted using the date, hard drive serial number and other things to make it impossible to figure out. A person could just call the asp page manually and send it a BS serial number, but the response back from the ASP page would mean nothing. It would not match the first fixed drive's serial number when processed, plus the program would not be reading the reponse because it did not send the post. Plus, if someone did manage to get to the db on the web, and download it, everything stored in the database is encrypted and would be gibberish. The only possible thing that a person could do in order to get past my system would be if he could change the hard drive serial number to something else, which I don't think you can. I've heard re-formatting the drive could cause this change, but I am not certain. And if this is the case, and they want to go to that extreme and reload everything back onto their computer every month, then so be it.
Thanks for the help. I will post what ever success if have.
The control I am using in my vb app grabs the hard drive serial number from the first fixed drive. Then the vb app sends this hard drive serial number to the ASP page encrypted. The ASP page reads the encrypted serial number, checks the db, and if ok, sends back an encrypted key. The vb program reads this in, encrypts it again using a different encryption scheme and stores it in the registry. This stored registry key is what will allow the program to run for 30 days. Because of the encryption it would take a hacker a very long time, if even possible, to change the registry key appropriately for the program to accept it and run propery. The key is encrypted using the date, hard drive serial number and other things to make it impossible to figure out. A person could just call the asp page manually and send it a BS serial number, but the response back from the ASP page would mean nothing. It would not match the first fixed drive's serial number when processed, plus the program would not be reading the reponse because it did not send the post. Plus, if someone did manage to get to the db on the web, and download it, everything stored in the database is encrypted and would be gibberish. The only possible thing that a person could do in order to get past my system would be if he could change the hard drive serial number to something else, which I don't think you can. I've heard re-formatting the drive could cause this change, but I am not certain. And if this is the case, and they want to go to that extreme and reload everything back onto their computer every month, then so be it.
Thanks for the help. I will post what ever success if have.
I understand but there are some things you need to consider. First make sure that encryption is Collision Resistant (i.e. different Serial numbers don't map to the same value: how ever unlikely it may seem, a good computer can crack a poor Collision Resistant Hash Function.) Also am I to understand that you keep "some" information in the Registry? You best be sure that encryption scheme(I am assuming it is Symmetric) does not able a hacker to understand anything about your encryption mechanism. Also It is my belief(and hey this is opinion) that a HD Serial Number is simply not a big enough seed to properly secure a system(afterall 40 bit keys are not even considered secure anymore)..Let me know what you think, and If I may be so bold may I suggest you look into the way Microsft has used "autenthication" in there applications, and the apparent shortcomings.
- Thread starter
- #15
Well, that is a good point. Let's say I'm using the popular MD4 or MD5 hash functions. Wouldn't it be correct if I said it isn't so much the hash result that I need to worry about, but the input that produced the hash result? If a hacker has a good idea of what your input is, let's say just the hard drive serial number of the computer the software is installed on and the date of installation, then he might be able to pretty easily re-produce your hash result. After he knows this your pretty much screwed, cause he then can produce a new hash result using a different install date, and the 30-day trial keeps on going as long as he wants. Now, what would be a good method to prevent a hacker in 'guessing' what your input is (i.e. seeding)? I'm curious about your opinion on this.
Just to make things interesting, let's say the hash function used above meets the following criteria:
A one-way hash function must satisfy the following properties:
– preimage resistance: it is computationally infeasible to find any input which hashes to any pre-specified output.
– second preimage resistance: it is computationally infeasible to find any second input which has the same output as any specified input.
– collision resistance: it is computationally infeasible to find a collision, i.e. two distinct inputs that hash to the same result.
Just to make things interesting, let's say the hash function used above meets the following criteria:
A one-way hash function must satisfy the following properties:
– preimage resistance: it is computationally infeasible to find any input which hashes to any pre-specified output.
– second preimage resistance: it is computationally infeasible to find any second input which has the same output as any specified input.
– collision resistance: it is computationally infeasible to find a collision, i.e. two distinct inputs that hash to the same result.
I need to think about the second part a little. However for the part about preventing someone from breaking your hash, well that is a problem with symmetric encryption, however there is a way. A good way in fact. What you need is a "Good!" psuedorandom generator (randomize) is not that good. Anyway. If you feed a psuedorandom generator a previous genuine random number (one that you don't know, and either will anybody) along with a CRHF, then even a hacker will not be able to break it b/c well he will always be one step behind (Just like unix encrypts passwords). I think a good place to start with this is to possible use a nice good old-fashioned feistel-network about 4 iterations ought to do it. Sorry a little all over the place...It's late...lol. But let me think some more this is certainly not easy, but interesting.
- Thread starter
- #17
Well, I have found info about hard drive serial numbers:
Every hard drive has a distinctive Volume Serial Number, with the chances of any two drives you encounter having the same serial number astronomically high. For this reason, the Volume Serial Number is often used as part of copy protection schemes. One caution is that operating system re-installations and upgrades may change a Volume Serial Number, and formatting certainly will.
So, the hard drive serial number can change, so is there anything else that can be grabbed that is unique on every system? Pentium III processors have a processor id that can be grabbed, but there are utilities that can turn that off and prevent anything from reading the id. I don't know if all processors have an id. I am assuming not.
Every hard drive has a distinctive Volume Serial Number, with the chances of any two drives you encounter having the same serial number astronomically high. For this reason, the Volume Serial Number is often used as part of copy protection schemes. One caution is that operating system re-installations and upgrades may change a Volume Serial Number, and formatting certainly will.
So, the hard drive serial number can change, so is there anything else that can be grabbed that is unique on every system? Pentium III processors have a processor id that can be grabbed, but there are utilities that can turn that off and prevent anything from reading the id. I don't know if all processors have an id. I am assuming not.
Again you are running into the same issues that Microsoft must face with it's "Authentication" fiasco.
The only thing I can suggest to you is to possible use some form of unforgeability schema. If you need I believe ieee has some good literature on this. And if you have powerpoint take a look at this:
The only thing I can suggest to you is to possible use some form of unforgeability schema. If you need I believe ieee has some good literature on this. And if you have powerpoint take a look at this:
- Status
Similar threads
- Locked
- Question