Solved

VB5/Active-X / ASP Shared App Security

Posted on 1997-09-04
9
152 Views
Last Modified: 2012-06-27
I was unsure as to where to post this question since it pertains to VB5 / Active Server Pages /  VB script and HTML.

I am developing a series of applications for a corporate Intranet using VB5-Active-X for some applications and ASP for others.  Each of these applications needs to be able to identify exactly who the user is by SSN.

I am setting up application security that will check against a SQL Server database table to determine that the correct userid and password have been provided and supply back a Social Security Number for the application to identify the user.

I can code a login screen for each application but that will be a huge pain for the users since they'll have to identify themselves to each application.

What I would like is some kind of mechanism that would allow me to collect security info one time for a user and make that information available to all applications.  The perfect solution would put the SSN or UID/PWD in a place on the PC  (Cookie? or INI file?) where each application could access it each time they start up.  It would be perfect if the user could provide login info once and never have to login in again for a matter of months.  Perhaps there is an Active-X control that I could use with VB 5 and ASP to provide this functionality.

All users are using Internet Explorer to communicate to an IIS server.

I've been developing in VB for 5 years so I should userstand the VB portion of you answer.  I've only been developing in ASP for a few months so I'll need more detailed info no the solution for that environment.

Thanks,
Ken
0
Comment
Question by:kfenske
  • 5
  • 4
9 Comments
 
LVL 1

Expert Comment

by:estogo
Comment Utility
Hello K,

I would save the information to the session object under a recognized key

<% Session("SSN") = 111-11-1111 %>

This information acts as a cookie (as a matter of fact, the user has to have cookies enabled for this to work) and the information persists until the next time they log in.

Be careful though, you should always intialize the values in the session object on Application_onstart so that other values you save via the session object don't persist.

Hope this helps!!

Erik Stogo

0
 

Author Comment

by:kfenske
Comment Utility
Erik,
Thank you for so prompty responding to my question.  I do need further clarification concerning the use of Session("SSN") in ASP.

I have found that the Session("SSN") variable is not persistent when I shut down my browser and start it up again.  I also find that it is not persistent when I recycle the client or web server machines.  I am not using the "Abandon" method on the session or variable.  Perhaps I need to specify a special parameter for my session or configuration of my IIS server to make it persistent, do you know what this?  The way I have always coded Session variables it appears the client is unaware of them variables since the Session is in ASP server-side code and not a client script.  Do I need to change the way I use Session?  I currently use the following invocation:

<%Session("SSN") = "123456789"%>

Finally, I don’t know how to get at Session variables from a VB5 Active-X document.  How can I do this?

Thanks

0
 
LVL 1

Expert Comment

by:estogo
Comment Utility
Yeah, that data is only good for the session.

If you're not afraid of using ActiveX controls, and it doesn't sound like you are, the create a control that encapsulates api calls to the registry or getsettings & savesettings.

You can create instances of the object on the client side and call the methods of the component. VB 5 allows you to include the library for dealing with Session, Request, Response etc. if you include the Microsoft Active Server Pages 1.0 Library.

Only bummer is, as you know, new users will have to download the component via a cab file. Even a small app like the one described will take about 4-5 minutes over a 28.8 because it needs all of the VB runtime files also.

The good thing is that the client has only to take this hit once (unless you change your code and put a new version on the web server, then it's automatically downloaded for them)

The other good thing is now you have all of the might and glory of VB to save your settings to the registry, ini or whatever you want. So you can read from the registry when your page loads.

I'm putting this one on "answer" again, let me know if that's annoying you. :)

Thanks,

Erik Stogo






0
 
LVL 1

Accepted Solution

by:
estogo earned 100 total points
Comment Utility
Yeah, that data is only good for the session.

If you're not afraid of using ActiveX controls, and it doesn't sound like you are, the create a control that encapsulates api calls to the registry or getsettings & savesettings.

You can create instances of the object on the client side and call the methods of the component. VB 5 allows you to include the library for dealing with Session, Request, Response etc. if you include the Microsoft Active Server Pages 1.0 Library.

Only bummer is, as you know, new users will have to download the component via a cab file. Even a small app like the one described will take about 4-5 minutes over a 28.8 because it needs all of the VB runtime files also.

The good thing is that the client has only to take this hit once (unless you change your code and put a new version on the web server, then it's automatically downloaded for them)

The other good thing is now you have all of the might and glory of VB to save your settings to the registry, ini or whatever you want. So you can read from the registry when your page loads.

I'm putting this one on "answer" again, let me know if that's annoying you. :)

Thanks,

Erik Stogo






0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:kfenske
Comment Utility
Estogo,
Thanks for the info on creating an Active-x object.  I think I can use this for both the ASP and Active-X document pages I’m putting up.  Unfortunately I don’t know a great deal about creating an active-x object and using it.  Any advise on resources for learning how to do this would be appreciated.

Thanks again for answering my question.


0
 

Author Comment

by:kfenske
Comment Utility
I consider this question answered so why did it show up here again?
0
 
LVL 1

Expert Comment

by:estogo
Comment Utility
The Mastering VB 5 CD is a great course for learing the nuts and bolts of Client-side components (and components in general).

Also, Appleman's book 'Developing ActiveX components using VB 5' is a super-good text for becouming an ActiveX component Guru!

See ya,

Erik Stogo


0
 

Author Comment

by:kfenske
Comment Utility
I can see how to add the MS Active Server Pages Library to my project but then I don't know it's properties, events or methods.  I've run into this problem with all the Active-X items you can add to a project.  Where is the documentation for this stuff?

Thanks,
Ken

P.S.  If this is the wrong way to ask this question in this forum could you tell me the correct way?  Should I post this as a new question?

P.S.S.  I was wondering something else.  I answered someone elses question on SQL Code and I got a message saying I recieved 800 points for answering it correctly.  But when I look at my points toi ask a question I only have 100 pts.  Hows does this work and what are answer points used for?

Thanks
0
 
LVL 1

Expert Comment

by:estogo
Comment Utility
you need to open a new question (by going to the main area of the VB page, not in this box)


0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now