Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 160
  • Last Modified:

VB5/Active-X / ASP Shared App Security

I was unsure as to where to post this question since it pertains to VB5 / Active Server Pages /  VB script and HTML.

I am developing a series of applications for a corporate Intranet using VB5-Active-X for some applications and ASP for others.  Each of these applications needs to be able to identify exactly who the user is by SSN.

I am setting up application security that will check against a SQL Server database table to determine that the correct userid and password have been provided and supply back a Social Security Number for the application to identify the user.

I can code a login screen for each application but that will be a huge pain for the users since they'll have to identify themselves to each application.

What I would like is some kind of mechanism that would allow me to collect security info one time for a user and make that information available to all applications.  The perfect solution would put the SSN or UID/PWD in a place on the PC  (Cookie? or INI file?) where each application could access it each time they start up.  It would be perfect if the user could provide login info once and never have to login in again for a matter of months.  Perhaps there is an Active-X control that I could use with VB 5 and ASP to provide this functionality.

All users are using Internet Explorer to communicate to an IIS server.

I've been developing in VB for 5 years so I should userstand the VB portion of you answer.  I've only been developing in ASP for a few months so I'll need more detailed info no the solution for that environment.

Thanks,
Ken
0
kfenske
Asked:
kfenske
  • 5
  • 4
1 Solution
 
estogoCommented:
Hello K,

I would save the information to the session object under a recognized key

<% Session("SSN") = 111-11-1111 %>

This information acts as a cookie (as a matter of fact, the user has to have cookies enabled for this to work) and the information persists until the next time they log in.

Be careful though, you should always intialize the values in the session object on Application_onstart so that other values you save via the session object don't persist.

Hope this helps!!

Erik Stogo

0
 
kfenskeAuthor Commented:
Erik,
Thank you for so prompty responding to my question.  I do need further clarification concerning the use of Session("SSN") in ASP.

I have found that the Session("SSN") variable is not persistent when I shut down my browser and start it up again.  I also find that it is not persistent when I recycle the client or web server machines.  I am not using the "Abandon" method on the session or variable.  Perhaps I need to specify a special parameter for my session or configuration of my IIS server to make it persistent, do you know what this?  The way I have always coded Session variables it appears the client is unaware of them variables since the Session is in ASP server-side code and not a client script.  Do I need to change the way I use Session?  I currently use the following invocation:

<%Session("SSN") = "123456789"%>

Finally, I don’t know how to get at Session variables from a VB5 Active-X document.  How can I do this?

Thanks

0
 
estogoCommented:
Yeah, that data is only good for the session.

If you're not afraid of using ActiveX controls, and it doesn't sound like you are, the create a control that encapsulates api calls to the registry or getsettings & savesettings.

You can create instances of the object on the client side and call the methods of the component. VB 5 allows you to include the library for dealing with Session, Request, Response etc. if you include the Microsoft Active Server Pages 1.0 Library.

Only bummer is, as you know, new users will have to download the component via a cab file. Even a small app like the one described will take about 4-5 minutes over a 28.8 because it needs all of the VB runtime files also.

The good thing is that the client has only to take this hit once (unless you change your code and put a new version on the web server, then it's automatically downloaded for them)

The other good thing is now you have all of the might and glory of VB to save your settings to the registry, ini or whatever you want. So you can read from the registry when your page loads.

I'm putting this one on "answer" again, let me know if that's annoying you. :)

Thanks,

Erik Stogo






0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
estogoCommented:
Yeah, that data is only good for the session.

If you're not afraid of using ActiveX controls, and it doesn't sound like you are, the create a control that encapsulates api calls to the registry or getsettings & savesettings.

You can create instances of the object on the client side and call the methods of the component. VB 5 allows you to include the library for dealing with Session, Request, Response etc. if you include the Microsoft Active Server Pages 1.0 Library.

Only bummer is, as you know, new users will have to download the component via a cab file. Even a small app like the one described will take about 4-5 minutes over a 28.8 because it needs all of the VB runtime files also.

The good thing is that the client has only to take this hit once (unless you change your code and put a new version on the web server, then it's automatically downloaded for them)

The other good thing is now you have all of the might and glory of VB to save your settings to the registry, ini or whatever you want. So you can read from the registry when your page loads.

I'm putting this one on "answer" again, let me know if that's annoying you. :)

Thanks,

Erik Stogo






0
 
kfenskeAuthor Commented:
Estogo,
Thanks for the info on creating an Active-x object.  I think I can use this for both the ASP and Active-X document pages I’m putting up.  Unfortunately I don’t know a great deal about creating an active-x object and using it.  Any advise on resources for learning how to do this would be appreciated.

Thanks again for answering my question.


0
 
kfenskeAuthor Commented:
I consider this question answered so why did it show up here again?
0
 
estogoCommented:
The Mastering VB 5 CD is a great course for learing the nuts and bolts of Client-side components (and components in general).

Also, Appleman's book 'Developing ActiveX components using VB 5' is a super-good text for becouming an ActiveX component Guru!

See ya,

Erik Stogo


0
 
kfenskeAuthor Commented:
I can see how to add the MS Active Server Pages Library to my project but then I don't know it's properties, events or methods.  I've run into this problem with all the Active-X items you can add to a project.  Where is the documentation for this stuff?

Thanks,
Ken

P.S.  If this is the wrong way to ask this question in this forum could you tell me the correct way?  Should I post this as a new question?

P.S.S.  I was wondering something else.  I answered someone elses question on SQL Code and I got a message saying I recieved 800 points for answering it correctly.  But when I look at my points toi ask a question I only have 100 pts.  Hows does this work and what are answer points used for?

Thanks
0
 
estogoCommented:
you need to open a new question (by going to the main area of the VB page, not in this box)


0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now