Solved

VB5/Active-X / ASP Shared App Security

Posted on 1997-09-04
9
158 Views
Last Modified: 2012-06-27
I was unsure as to where to post this question since it pertains to VB5 / Active Server Pages /  VB script and HTML.

I am developing a series of applications for a corporate Intranet using VB5-Active-X for some applications and ASP for others.  Each of these applications needs to be able to identify exactly who the user is by SSN.

I am setting up application security that will check against a SQL Server database table to determine that the correct userid and password have been provided and supply back a Social Security Number for the application to identify the user.

I can code a login screen for each application but that will be a huge pain for the users since they'll have to identify themselves to each application.

What I would like is some kind of mechanism that would allow me to collect security info one time for a user and make that information available to all applications.  The perfect solution would put the SSN or UID/PWD in a place on the PC  (Cookie? or INI file?) where each application could access it each time they start up.  It would be perfect if the user could provide login info once and never have to login in again for a matter of months.  Perhaps there is an Active-X control that I could use with VB 5 and ASP to provide this functionality.

All users are using Internet Explorer to communicate to an IIS server.

I've been developing in VB for 5 years so I should userstand the VB portion of you answer.  I've only been developing in ASP for a few months so I'll need more detailed info no the solution for that environment.

Thanks,
Ken
0
Comment
Question by:kfenske
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 1

Expert Comment

by:estogo
ID: 1433734
Hello K,

I would save the information to the session object under a recognized key

<% Session("SSN") = 111-11-1111 %>

This information acts as a cookie (as a matter of fact, the user has to have cookies enabled for this to work) and the information persists until the next time they log in.

Be careful though, you should always intialize the values in the session object on Application_onstart so that other values you save via the session object don't persist.

Hope this helps!!

Erik Stogo

0
 

Author Comment

by:kfenske
ID: 1433735
Erik,
Thank you for so prompty responding to my question.  I do need further clarification concerning the use of Session("SSN") in ASP.

I have found that the Session("SSN") variable is not persistent when I shut down my browser and start it up again.  I also find that it is not persistent when I recycle the client or web server machines.  I am not using the "Abandon" method on the session or variable.  Perhaps I need to specify a special parameter for my session or configuration of my IIS server to make it persistent, do you know what this?  The way I have always coded Session variables it appears the client is unaware of them variables since the Session is in ASP server-side code and not a client script.  Do I need to change the way I use Session?  I currently use the following invocation:

<%Session("SSN") = "123456789"%>

Finally, I don’t know how to get at Session variables from a VB5 Active-X document.  How can I do this?

Thanks

0
 
LVL 1

Expert Comment

by:estogo
ID: 1433736
Yeah, that data is only good for the session.

If you're not afraid of using ActiveX controls, and it doesn't sound like you are, the create a control that encapsulates api calls to the registry or getsettings & savesettings.

You can create instances of the object on the client side and call the methods of the component. VB 5 allows you to include the library for dealing with Session, Request, Response etc. if you include the Microsoft Active Server Pages 1.0 Library.

Only bummer is, as you know, new users will have to download the component via a cab file. Even a small app like the one described will take about 4-5 minutes over a 28.8 because it needs all of the VB runtime files also.

The good thing is that the client has only to take this hit once (unless you change your code and put a new version on the web server, then it's automatically downloaded for them)

The other good thing is now you have all of the might and glory of VB to save your settings to the registry, ini or whatever you want. So you can read from the registry when your page loads.

I'm putting this one on "answer" again, let me know if that's annoying you. :)

Thanks,

Erik Stogo






0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 1

Accepted Solution

by:
estogo earned 100 total points
ID: 1433737
Yeah, that data is only good for the session.

If you're not afraid of using ActiveX controls, and it doesn't sound like you are, the create a control that encapsulates api calls to the registry or getsettings & savesettings.

You can create instances of the object on the client side and call the methods of the component. VB 5 allows you to include the library for dealing with Session, Request, Response etc. if you include the Microsoft Active Server Pages 1.0 Library.

Only bummer is, as you know, new users will have to download the component via a cab file. Even a small app like the one described will take about 4-5 minutes over a 28.8 because it needs all of the VB runtime files also.

The good thing is that the client has only to take this hit once (unless you change your code and put a new version on the web server, then it's automatically downloaded for them)

The other good thing is now you have all of the might and glory of VB to save your settings to the registry, ini or whatever you want. So you can read from the registry when your page loads.

I'm putting this one on "answer" again, let me know if that's annoying you. :)

Thanks,

Erik Stogo






0
 

Author Comment

by:kfenske
ID: 1433738
Estogo,
Thanks for the info on creating an Active-x object.  I think I can use this for both the ASP and Active-X document pages I’m putting up.  Unfortunately I don’t know a great deal about creating an active-x object and using it.  Any advise on resources for learning how to do this would be appreciated.

Thanks again for answering my question.


0
 

Author Comment

by:kfenske
ID: 1433739
I consider this question answered so why did it show up here again?
0
 
LVL 1

Expert Comment

by:estogo
ID: 1433740
The Mastering VB 5 CD is a great course for learing the nuts and bolts of Client-side components (and components in general).

Also, Appleman's book 'Developing ActiveX components using VB 5' is a super-good text for becouming an ActiveX component Guru!

See ya,

Erik Stogo


0
 

Author Comment

by:kfenske
ID: 1433741
I can see how to add the MS Active Server Pages Library to my project but then I don't know it's properties, events or methods.  I've run into this problem with all the Active-X items you can add to a project.  Where is the documentation for this stuff?

Thanks,
Ken

P.S.  If this is the wrong way to ask this question in this forum could you tell me the correct way?  Should I post this as a new question?

P.S.S.  I was wondering something else.  I answered someone elses question on SQL Code and I got a message saying I recieved 800 points for answering it correctly.  But when I look at my points toi ask a question I only have 100 pts.  Hows does this work and what are answer points used for?

Thanks
0
 
LVL 1

Expert Comment

by:estogo
ID: 1433742
you need to open a new question (by going to the main area of the VB page, not in this box)


0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Suggested Courses
Course of the Month4 days, 13 hours left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question