Solved

Including .JS file in ASP.NET for runat=server

Posted on 2007-11-26
10
962 Views
Last Modified: 2010-08-05
Hi,
I'm doing my first ASP.NET integration with SecPay, (an online payment provider in the UK).  I've done plenty of integrations in classic ASP but am now struggling to get the md5 check to work in ASP.NET.

I'm falling at the first hurdle of including the JS file.  In classic ASP, the SCRIPT tag was as follows:

<SCRIPT LANGUAGE="JScript" RUNAT="Server" SRC="includes\md5.js">
</SCRIPT>

But if I try and place this in my .aspx file in Visual Studio 2005, the </script> tag for my codebehind gets underlined in blue and the useful error message of "Syntax Error" gets displayed.

If I place my JS SCRIPT tag above my codebehind <script> tag, the Page Directive "<%@ Page Language="VB" ... " gets underlined with the error message 'Syntax Error'.

how do I include ths JS file so that I can call it's functions from my page load sub?

Help appreciated...
0
Comment
Question by:jammy-d0dger
10 Comments
 
LVL 3

Expert Comment

by:bcaff86
ID: 20353851
You should not add the script tag in your code behind.  You should add it just like you would in ASP in the head section of your markup.
0
 
LVL 16

Expert Comment

by:McExp
ID: 20353853
The JS include would not need the runat=server property.
<script language="jscript" type="text/jscript" src="includes\md5.js" />

Open in new window

0
 
LVL 22

Expert Comment

by:RedKelvin
ID: 20353872
0
 

Author Comment

by:jammy-d0dger
ID: 20357905
Guys thanks for replying.  However, I think you're missing the point, (or maybe I am).  The Javascript include file is to be accessed from server-side code so removig the runat="server" means that it becomes client-side script, does it not?

Like I said, the my PageLoad event needs to be able to call the function 'hex_md5' which is inside the .JS file.  If I try and include the JS in the <HEAD> tag as suggested, I get, unsurprisingly, and error that states: "hex_md5 is not declared"

How do I get the Javascript file to be accessible to server-side ASP.NET code?
0
 
LVL 3

Expert Comment

by:bcaff86
ID: 20358267
ohhhh....ok, what you need to do is add the link to the js file in the header like you normally would - no runat=server - it is client side script.

Then in your code behind you need to add a call to the client function like below.  If you need to pass params to the function you can just build the full string hex_md5('some param') and put that in where I just call hex_md5().

Effectively this calls your client function onload.
If Page.ClientScript.IsStartupScriptRegistered("md5") = False Then

Page.ClientScript.RegisterStartupScript(Me.GetType(), "md5","hex_md5()", True)

End If

Open in new window

0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:jammy-d0dger
ID: 20358432
OK, sorry I think you're going to have to help me out here.  It's looking promising... but how do I read the value of what's returned from hex_md5(md5string).

In classic ASP it would have been:

Dim sResult as String
sResult = hex_md5(md5string)

I'm sure I should be able to work this out but I can't :(

Many thanks for your help.
0
 
LVL 3

Expert Comment

by:bcaff86
ID: 20358633
The easiest way, off the top of my head, is to create a hidden field in your form with runat=server.  For your client script set it equal to MyHiddenField.Value = hex_md5(md5string).

Then server side you can access MyHiddenField to get the returned value.
0
 

Author Comment

by:jammy-d0dger
ID: 20358704
that's no good because the md5string contains a key which I can't have visible in a 'view source' as a value of a hidden field.

Bl**dy nightmare.  I'm now thinking that the best way to do this is using the built in MD5CryptoServiceProvider in ASP.NET?

I started to build a test script but stumbled when I realised that I needed to compare a String with an array of Bytes.  See, SecPay send a hash string with their payment response and I have to read that from the response object, then my own constructed string, (based on transactionID, amount and a private key), to the hash function that would then return a hash string which I could compare with the SecPay hash.

I can't work out how to get this hashed value back out of the .NET class as a String rather than a Byte array, (or how to compare the two).

Ahhhhhhh....
0
 
LVL 3

Accepted Solution

by:
bcaff86 earned 500 total points
ID: 20358726
Ok - makes sense...comparing strings and byte arrays isn't too difficult.  And if you're dealing with crpyto stuff you probably do want to keep it all server side.

Check out this for the basics on string to byte array comparisons.

http://www.chilkatsoft.com/faq/DotNetStrToBytes.html
0
 

Author Comment

by:jammy-d0dger
ID: 20360165
What a hell-ride this has been.  Many thanks to Microsoft for once again dumbfounding me with what seems like making a simple task, incredibly complicated.  For those of you who may stumble upon this thread... here's what I had to do (where md5string is the unencrypted string that I have to check against and spHash is the md5 hash string sent from SecPay) :

           'The string we wish to encrypt
            Dim strPlainText As String = md5string

            'The array of bytes that will contain the encrypted value of strPlainText
            Dim hashedDataBytes As Byte()

            'The encoder class used to convert strPlainText to an array of bytes
            Dim encoder As New UTF8Encoding()
   
            'Create an instance of the MD5CryptoServiceProvider class
            Dim md5Hasher As New MD5CryptoServiceProvider()

            'Call ComputeHash, passing in the plain-text string as an array of bytes
            'The return value is the encrypted value, as an array of bytes
            hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(strPlainText))
           
            'now convert the crappy MS raw hash data to a string in readable format. Idiots!!
            Dim strMD5 As String = ""
            For Each bytByte As Byte In hashedDataBytes
                strMD5 &= bytByte.ToString("x2")
            Next

            'check to see MD5 hash matches            
            If strMD5 <> spHash Then
                Response.Write("Security Hash failed. IP stored.")
                'do a server.transfer to hash_failed screen or whatever
            End If

So, there you have it.  I tried using the example on your link bcaff86 and whilst they worked as converters and returned a hex-based byte array, the byte array returned from MD5CryptoServiceProvider is in a raw format that is of no use to anybody!!!! Thanks for that Microsoft!  I stumbled across that neat little Byte to Hex String converter here:

http://www.thescripts.com/forum/thread373773.html

Many thanks for sticking with me bcaff86. Although you didn't have the final answer, you did get me a good deal of the way there so the points are yours.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now