Solved

VB5/Active-X / ASP Shared App Security

Posted on 1997-09-04
9
153 Views
Last Modified: 2012-06-27
I was unsure as to where to post this question since it pertains to VB5 / Active Server Pages /  VB script and HTML.

I am developing a series of applications for a corporate Intranet using VB5-Active-X for some applications and ASP for others.  Each of these applications needs to be able to identify exactly who the user is by SSN.

I am setting up application security that will check against a SQL Server database table to determine that the correct userid and password have been provided and supply back a Social Security Number for the application to identify the user.

I can code a login screen for each application but that will be a huge pain for the users since they'll have to identify themselves to each application.

What I would like is some kind of mechanism that would allow me to collect security info one time for a user and make that information available to all applications.  The perfect solution would put the SSN or UID/PWD in a place on the PC  (Cookie? or INI file?) where each application could access it each time they start up.  It would be perfect if the user could provide login info once and never have to login in again for a matter of months.  Perhaps there is an Active-X control that I could use with VB 5 and ASP to provide this functionality.

All users are using Internet Explorer to communicate to an IIS server.

I've been developing in VB for 5 years so I should userstand the VB portion of you answer.  I've only been developing in ASP for a few months so I'll need more detailed info no the solution for that environment.

Thanks,
Ken
0
Comment
Question by:kfenske
  • 5
  • 4
9 Comments
 
LVL 1

Expert Comment

by:estogo
ID: 1433734
Hello K,

I would save the information to the session object under a recognized key

<% Session("SSN") = 111-11-1111 %>

This information acts as a cookie (as a matter of fact, the user has to have cookies enabled for this to work) and the information persists until the next time they log in.

Be careful though, you should always intialize the values in the session object on Application_onstart so that other values you save via the session object don't persist.

Hope this helps!!

Erik Stogo

0
 

Author Comment

by:kfenske
ID: 1433735
Erik,
Thank you for so prompty responding to my question.  I do need further clarification concerning the use of Session("SSN") in ASP.

I have found that the Session("SSN") variable is not persistent when I shut down my browser and start it up again.  I also find that it is not persistent when I recycle the client or web server machines.  I am not using the "Abandon" method on the session or variable.  Perhaps I need to specify a special parameter for my session or configuration of my IIS server to make it persistent, do you know what this?  The way I have always coded Session variables it appears the client is unaware of them variables since the Session is in ASP server-side code and not a client script.  Do I need to change the way I use Session?  I currently use the following invocation:

<%Session("SSN") = "123456789"%>

Finally, I don’t know how to get at Session variables from a VB5 Active-X document.  How can I do this?

Thanks

0
 
LVL 1

Expert Comment

by:estogo
ID: 1433736
Yeah, that data is only good for the session.

If you're not afraid of using ActiveX controls, and it doesn't sound like you are, the create a control that encapsulates api calls to the registry or getsettings & savesettings.

You can create instances of the object on the client side and call the methods of the component. VB 5 allows you to include the library for dealing with Session, Request, Response etc. if you include the Microsoft Active Server Pages 1.0 Library.

Only bummer is, as you know, new users will have to download the component via a cab file. Even a small app like the one described will take about 4-5 minutes over a 28.8 because it needs all of the VB runtime files also.

The good thing is that the client has only to take this hit once (unless you change your code and put a new version on the web server, then it's automatically downloaded for them)

The other good thing is now you have all of the might and glory of VB to save your settings to the registry, ini or whatever you want. So you can read from the registry when your page loads.

I'm putting this one on "answer" again, let me know if that's annoying you. :)

Thanks,

Erik Stogo






0
 
LVL 1

Accepted Solution

by:
estogo earned 100 total points
ID: 1433737
Yeah, that data is only good for the session.

If you're not afraid of using ActiveX controls, and it doesn't sound like you are, the create a control that encapsulates api calls to the registry or getsettings & savesettings.

You can create instances of the object on the client side and call the methods of the component. VB 5 allows you to include the library for dealing with Session, Request, Response etc. if you include the Microsoft Active Server Pages 1.0 Library.

Only bummer is, as you know, new users will have to download the component via a cab file. Even a small app like the one described will take about 4-5 minutes over a 28.8 because it needs all of the VB runtime files also.

The good thing is that the client has only to take this hit once (unless you change your code and put a new version on the web server, then it's automatically downloaded for them)

The other good thing is now you have all of the might and glory of VB to save your settings to the registry, ini or whatever you want. So you can read from the registry when your page loads.

I'm putting this one on "answer" again, let me know if that's annoying you. :)

Thanks,

Erik Stogo






0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:kfenske
ID: 1433738
Estogo,
Thanks for the info on creating an Active-x object.  I think I can use this for both the ASP and Active-X document pages I’m putting up.  Unfortunately I don’t know a great deal about creating an active-x object and using it.  Any advise on resources for learning how to do this would be appreciated.

Thanks again for answering my question.


0
 

Author Comment

by:kfenske
ID: 1433739
I consider this question answered so why did it show up here again?
0
 
LVL 1

Expert Comment

by:estogo
ID: 1433740
The Mastering VB 5 CD is a great course for learing the nuts and bolts of Client-side components (and components in general).

Also, Appleman's book 'Developing ActiveX components using VB 5' is a super-good text for becouming an ActiveX component Guru!

See ya,

Erik Stogo


0
 

Author Comment

by:kfenske
ID: 1433741
I can see how to add the MS Active Server Pages Library to my project but then I don't know it's properties, events or methods.  I've run into this problem with all the Active-X items you can add to a project.  Where is the documentation for this stuff?

Thanks,
Ken

P.S.  If this is the wrong way to ask this question in this forum could you tell me the correct way?  Should I post this as a new question?

P.S.S.  I was wondering something else.  I answered someone elses question on SQL Code and I got a message saying I recieved 800 points for answering it correctly.  But when I look at my points toi ask a question I only have 100 pts.  Hows does this work and what are answer points used for?

Thanks
0
 
LVL 1

Expert Comment

by:estogo
ID: 1433742
you need to open a new question (by going to the main area of the VB page, not in this box)


0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction I needed to skip over some file processing within a For...Next loop in some old production code and wished that VB (classic) had a statement that would drop down to the end of the current iteration, bypassing the statements that were c…
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now