Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Including .JS file in ASP.NET for runat=server

Posted on 2007-11-26
10
Medium Priority
?
1,010 Views
Last Modified: 2010-08-05
Hi,
I'm doing my first ASP.NET integration with SecPay, (an online payment provider in the UK).  I've done plenty of integrations in classic ASP but am now struggling to get the md5 check to work in ASP.NET.

I'm falling at the first hurdle of including the JS file.  In classic ASP, the SCRIPT tag was as follows:

<SCRIPT LANGUAGE="JScript" RUNAT="Server" SRC="includes\md5.js">
</SCRIPT>

But if I try and place this in my .aspx file in Visual Studio 2005, the </script> tag for my codebehind gets underlined in blue and the useful error message of "Syntax Error" gets displayed.

If I place my JS SCRIPT tag above my codebehind <script> tag, the Page Directive "<%@ Page Language="VB" ... " gets underlined with the error message 'Syntax Error'.

how do I include ths JS file so that I can call it's functions from my page load sub?

Help appreciated...
0
Comment
Question by:jammy-d0dger
10 Comments
 
LVL 3

Expert Comment

by:bcaff86
ID: 20353851
You should not add the script tag in your code behind.  You should add it just like you would in ASP in the head section of your markup.
0
 
LVL 16

Expert Comment

by:McExp
ID: 20353853
The JS include would not need the runat=server property.
<script language="jscript" type="text/jscript" src="includes\md5.js" />

Open in new window

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jammy-d0dger
ID: 20357905
Guys thanks for replying.  However, I think you're missing the point, (or maybe I am).  The Javascript include file is to be accessed from server-side code so removig the runat="server" means that it becomes client-side script, does it not?

Like I said, the my PageLoad event needs to be able to call the function 'hex_md5' which is inside the .JS file.  If I try and include the JS in the <HEAD> tag as suggested, I get, unsurprisingly, and error that states: "hex_md5 is not declared"

How do I get the Javascript file to be accessible to server-side ASP.NET code?
0
 
LVL 3

Expert Comment

by:bcaff86
ID: 20358267
ohhhh....ok, what you need to do is add the link to the js file in the header like you normally would - no runat=server - it is client side script.

Then in your code behind you need to add a call to the client function like below.  If you need to pass params to the function you can just build the full string hex_md5('some param') and put that in where I just call hex_md5().

Effectively this calls your client function onload.
If Page.ClientScript.IsStartupScriptRegistered("md5") = False Then
Page.ClientScript.RegisterStartupScript(Me.GetType(), "md5","hex_md5()", True)
End If

Open in new window

0
 

Author Comment

by:jammy-d0dger
ID: 20358432
OK, sorry I think you're going to have to help me out here.  It's looking promising... but how do I read the value of what's returned from hex_md5(md5string).

In classic ASP it would have been:

Dim sResult as String
sResult = hex_md5(md5string)

I'm sure I should be able to work this out but I can't :(

Many thanks for your help.
0
 
LVL 3

Expert Comment

by:bcaff86
ID: 20358633
The easiest way, off the top of my head, is to create a hidden field in your form with runat=server.  For your client script set it equal to MyHiddenField.Value = hex_md5(md5string).

Then server side you can access MyHiddenField to get the returned value.
0
 

Author Comment

by:jammy-d0dger
ID: 20358704
that's no good because the md5string contains a key which I can't have visible in a 'view source' as a value of a hidden field.

Bl**dy nightmare.  I'm now thinking that the best way to do this is using the built in MD5CryptoServiceProvider in ASP.NET?

I started to build a test script but stumbled when I realised that I needed to compare a String with an array of Bytes.  See, SecPay send a hash string with their payment response and I have to read that from the response object, then my own constructed string, (based on transactionID, amount and a private key), to the hash function that would then return a hash string which I could compare with the SecPay hash.

I can't work out how to get this hashed value back out of the .NET class as a String rather than a Byte array, (or how to compare the two).

Ahhhhhhh....
0
 
LVL 3

Accepted Solution

by:
bcaff86 earned 2000 total points
ID: 20358726
Ok - makes sense...comparing strings and byte arrays isn't too difficult.  And if you're dealing with crpyto stuff you probably do want to keep it all server side.

Check out this for the basics on string to byte array comparisons.

http://www.chilkatsoft.com/faq/DotNetStrToBytes.html
0
 

Author Comment

by:jammy-d0dger
ID: 20360165
What a hell-ride this has been.  Many thanks to Microsoft for once again dumbfounding me with what seems like making a simple task, incredibly complicated.  For those of you who may stumble upon this thread... here's what I had to do (where md5string is the unencrypted string that I have to check against and spHash is the md5 hash string sent from SecPay) :

           'The string we wish to encrypt
            Dim strPlainText As String = md5string

            'The array of bytes that will contain the encrypted value of strPlainText
            Dim hashedDataBytes As Byte()

            'The encoder class used to convert strPlainText to an array of bytes
            Dim encoder As New UTF8Encoding()
   
            'Create an instance of the MD5CryptoServiceProvider class
            Dim md5Hasher As New MD5CryptoServiceProvider()

            'Call ComputeHash, passing in the plain-text string as an array of bytes
            'The return value is the encrypted value, as an array of bytes
            hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(strPlainText))
           
            'now convert the crappy MS raw hash data to a string in readable format. Idiots!!
            Dim strMD5 As String = ""
            For Each bytByte As Byte In hashedDataBytes
                strMD5 &= bytByte.ToString("x2")
            Next

            'check to see MD5 hash matches            
            If strMD5 <> spHash Then
                Response.Write("Security Hash failed. IP stored.")
                'do a server.transfer to hash_failed screen or whatever
            End If

So, there you have it.  I tried using the example on your link bcaff86 and whilst they worked as converters and returned a hex-based byte array, the byte array returned from MD5CryptoServiceProvider is in a raw format that is of no use to anybody!!!! Thanks for that Microsoft!  I stumbled across that neat little Byte to Hex String converter here:

http://www.thescripts.com/forum/thread373773.html

Many thanks for sticking with me bcaff86. Although you didn't have the final answer, you did get me a good deal of the way there so the points are yours.

0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question