So You Want ASP, Huh?
Application Security Testing: An Integral Part of DevOps
[Is ASP A Language?]
[Can I Use ASP?]
[Test For ASP Yourself!]
[How You Do It]
Performed with Twilight Zone voice...
You're surfing along and everything looks OK, but then you look up at the location bar. There's no .html up there. It's new. Instead there's an .asp. Sign post up ahead. You have entered the Active Server Page zone.
And there's probably a monkey tearing up the wing out the window.
Now, here's the fun part. I get to try and explain this Active Server Page process in 1000 words or less. To get a better handle on all of this, I actually hired a guy to sit and talk with me for a couple of hours and explain it all. It's amazing how expensive brainy people are. These are the type of things I do for you people...
The purpose of this tutorial is to get you familiar with the ASP process and hand out a couple of ASP examples for you to play with on your own pages.
ASP, What's That?It's actually a pretty interesting way of doing things. Let me attempt to get it all into a nutshell.
If you haven't connected the dots yet--ASP are initials that stand for Active Server Pages. The concept is pretty straightforward. Imagine that you have an
office with 50 people. Each of them has their own phone line. You would like to show their phone usage (a very business way of saying "bill") over the Internet. You could do it by
creating 50 different pages every night at midnight when the phone bill is compiled. That would work, but would be very labor intensive. Or you could set up an ASP system to do the work for you.
You would create a text-based page and give it an .asp extension. That page would act as a template for the fifty different pages it will produce. Employee A logs in and offers a password to prove that he is who he says he is. The ASP page is then called upon. The template grabs the person's name along with a few other basic items found in an employee database set up on the same server as the page. Then a second database, the one with all the phone records, is contacted and that person's phone usage is gathered.
All these pieces of information are then displayed to the viewer in the form of an HTML page. You can look at the source code, but you won't see the template. You'll see the HTML code produced by the template. All of the work is being done by the server rather than by coders. It's all very clever.
Where ASP really shines is that is doesn't involve the browser to do the work. At the moment there are a lot of error messages being thrown around the Web because a person is attempting to look at a web page designed specifically for Internet Explorer using Netscape Navigator. Silly surfer, CSS is for kids!
But ASP does all of its magic before the browser gets the page, so what the user has matters very little. The server does all the work rather than relying on the browser to read all the tags, go see the CGI which contacts the database, with replies with a code that is placed in the browser window--hopefully--in a scripting language the browser understands.
IS ASP A Language?No. ASP is the name of the process. That computer language most commonly used to make Active Server Pages is Microsoft's VBScript. The reason is that ASP itself comes from the utility research kitchens of Microsoft.
Can I Use ASP?I don't know. I hope so, but you'll have to find the answer to that question server by server. You may have heard that ASP was a "Microsoft" thing. It is. Your server, not you, but rather your server must be running the Microsoft I.I.S. (Internet Information Server) operating system, version 3.0 or higher. If not. There's no ASP for you. And before you write and ask me, as someone always does, no. There is no way to "trick" your server into understanding and running ASP if it is not configured to do so.
Case in point: Notice this page is named "asp.html" Notice it is not an Active Server Page entity. Why? Because the servers HTML Goodies sits upon run a UNIX operating system. My own servers don't support it. Bummer.
Mitch Vassar was nice enough to tell me that you can play with
ASP on your own computer running Windows 95/98 by grabbing Microsoft's Personal Web Server.
In fact, you may already have it. It comes bundled with the Windows NT
Option Pack 4.0 and the VB6.0 disc. You may also want to check if it's available with your
version of FrontPage.
Please understand that using the Personal Web Server will allow you to play with ASP on your own computer. You cannot just upload it and get your server to run it.
Test For ASP Yourself!Every so often I get a letter from a webmaster telling me to stop telling my readers to ask their webmaster if the server is configured a certain way. It can get tedious answering the same question again and again.
So what I'm going to do is give you a very simple ASP "template" page that you can copy, paste and post to your system. Then go look at it with your browser. If you see the correct results, you're in. If not, join the crowd. Here ya go:
<%@ LANGUAGE="VBSCRIPT" %>
<!--- You should get --->
Copy everything between the horizontal lines and paste it to
a text editor. Make sure you then save it to a file in text-only format just like you would any other HTML document.
Save the file as "test.asp". Do Not save this with an .html suffix. If you do you'll kill the entire test.
Next, FTP the file to your web server. You must look at this test file from your server rather than your hard drive if you want to get a true reading. The reason is that this file uses VBScript, which Internet Explorer understands just fine. It might give you the correct results from your hard drive. That's not good.
Finally, go look at the file on line. You do not have to "turn it on" like certain files in UNIX. If you have the right server operating system, it'll just work. If you get this:
Today's date and time is
A Useful ASP Example: SSIAfter talking with my ASP wizard, I asked him if he could write a few useful ASP examples I could hand out to people on line. He said he would...for a nominal fee. I really have to look up the word "nominal" means when I get a chance.
He and I put together five ASP examples that perform popular tasks. At least tasks that are popular with HTML Goodies readers. I intend to offer all five over four different tutorials. You've already got one. The first is that simple date and time test file up there.
The second ASP example you'll get here is an effect that people have been screaming for, for quite some time now. It's called an SSI or Server Side Include.
This too is a simple one, but hey, this is just the introductory tutorial.
Dig this: You have a series of 50 pages again. At the top of every page you want to put a greeting which you'll update everyday. You can go in and change all 50 pages, each time you change the text, by hand. But that's a killer in terms of time.
But imagine if your daily greeting is simply a page unto itself. Then, on each of the 50 pages you had a line of code that would take what was on that greeting document and post it to the page. That way, when you update the greetings page, you update all 50 pages because they all have a line of SSI code. And where ever that SSI code sits is replaced with the text on the greeting page when the page is loaded.
It sure would make updating pages quicker. I know. I use SSI's all the time on the HTML Goodies pages. I just use a different method than this one I'm about to give you. But that's another tutorial.
How You Do ItFirst off, this is an ASP event, so you must be running this off of a server that can do it. What browser the user has is immaterial. The server is the thing in ASP.
First we create the page that contains the text to be inserted. I called it the "greeting" page in the example above. This text can be anything including HTML code, or scripting, or anything. The server doesn't care. It's just going to replace the SSI command with whatever is on this page. Just remember, this page does not have to be a fully formed HTML document, or any type of document for that matter. It can be just a line of text with no alterations at all. What ever is contained will simply be included where another page has the SSI command.
Save the page with a name and an .asp extension. It has to have the .asp extension. For this example we'll say we named the file "greeting.asp".
Next we'll create the page that is calling for the text included in greeting.asp.
Each page that will contain the SSI will need to be saved with the .asp extension. Always - no exceptions.
In addition, all pages that will contain the SSI will need to have this as its first line:
Get that line above everything including the DTD and the <HTML>. Always. No exceptions.
Now the simple part. Where ever you want the text of the file greeting.asp to appear, place this command:
When the page loads to the browser window, you'll have the text of the file greeting.asp where that SSI command above was placed. The source code will never show that command. Just the text from the other file.
It's a very slick little system. Just remember that the SSI command above is set up to display a file called greeting.asp. You'll need to change out the file name to whatever you name your own inclusion file.
That's ThatThat's the beginning skinny on Active Server Pages. I have three more examples lying in wait for the next three new tutorial posts. They are: An honest to goodness working password system, a random ad banner event, and a guestbook event that displays a thank you page that you can fully create. I'm not sure which one will come up next. Suggestions will be accepted via email.
So go! Find out for yourself if you can run Active Server Pages. If so, you're in for some fun. My server at school has ASP capabilities. It's really slick. And a lot of fun to play with.
[Is ASP A Language?]
[Can I Use ASP?]
[Test For ASP Yourself!]
[How You Do It]
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...