Can I call an .asp page in an iFrame from a different server (based on Parent URL)?

I have an Internet database with an application written in Classic .asp that allows my clients to setup their business info.  Now I am offering them basic websites for free, but those will be subdomains on a different server.

I want the users to be able to edit information in their database (business name, address, email, etc.) and then have the iFrame call an .asp page using the subdomain info as the identifier that will gather the remaining information necessary to display on their website.  Basically they won't need to know HTML, but simply enter their contact info into my database and the .asp page within the iFrame will connect to their database to display that info.  

Does this sound possible?  I basically need to call the .asp page in the iFrame and use the parent URL as my unique identifier.

Feel free to ask questions if I don't make sense...
TIA
OverthereAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

edster9999Commented:
Doing that would be pretty easy.

You would first of all read the address that the page was called by :

<%
    addr=Request.ServerVariables("SERVER_NAME")
    page=Request.ServerVariables("URL")
%>

and then you check it and output the text of the iframe bit based on the string

<%
response.write("<iframe src=http://www.myOtherServer.com/pages/" & addr & ".asp></iframe>")
%>

---- Now for the bad bit ----
This is terrible coding practice.

iFrames are 'long dead'
Google "why you should not use iFrames"

and... you are calling a web page that will be embedded in your site.
This has zero security.
Say my site is called :     eds-site.example.com
and someone elses site is called :   bobs-site.example.com

If you use this method and the page that is pulled allows me to access my settings, then I can set my machine up to send 'bobs-site' to that page and access his (or her) settings.

You also have issues where someone could do some clever cross site scripting (Goolge "XSS") and inject commands into your server using this.

A better idea would be to rethink the whole process and call the data up either directly (or by calling it from that page) but on the server side - not on the client side with iFrames.

Hope this helps
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
I disagree with some of the reasons given for using an iframe and in this case there is nothing to do with seo so you are good there.  However, I 100% agree to rethink what you are doing.  

" Basically they won't need to know HTML, but simply enter their contact info into my database and the .asp page within the iFrame will connect to their database to display "

Read that again, and explain the connection from your database to their database?

It sounds like you want to allow users to update a database on the web without knowing html.   Is that correct?  

Assuming you are using ms sql server 20xx.  Your workflow could be something like:

1) User signs up on your site with their name, contact, select username and password etc.

2) Once signed up, your site runs a stored procedure that creates a  new database assigned to the new user.

3) Your site now sends them to a log in page where they will go each time they want access to the database.

4) Each time they log in, a database look up is done on your database to determine which database they need to access by a unique username you have assigned.

5)  Load up the connection string for their database in comment pages that allow CRUD.

Alternatively, you can  have just one database and create a field with the unique username so if you have 100 users each with 100 contacts, the contacts table will have 10,000 rows.  

A last alternative is you sell the code that does this and let them run it on their server.  But be prepared for a lot of support tickets.  It is getting harder to support all the nuances of asp or any server side language for that matter.  I would suggest using a platform as service like Microsoft Azure, or Parse, Google App Engine, Amazon cloud.  These will force you to a learning curve but the end result will be better all the way around.

If I have this wrong, post the high level goal of what you are trying to do.
0
OverthereAuthor Commented:
I want to basically have a "Template" website that will have a way to connect to the database using the subdomain as the identifier.  The subdomain is unique to that user so when it connects to the database it can "retrieve" specific info such as the user business name, address, email, phone, logo, picture, etc.  

I don't want to have to create hardcoded pages for the users everytime.  This way when they update the info within their database, the website will automatically reflect those changes (new logo, new photo, new phone number, etc.)

Does that explain it better?  The websites and database reside on separate domains/servers.  Believe me, I am most certainly open to suggestions - that's simply what I want to do... and it does not have to be iframes - that's just what I have used before to make changes to ONE page that is used in several different sites.  This time I just want to get actual data from a SQL server.
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
You can get the subdomain with Request.ServerVariables("SERVER_NAME")

If your subdomains are all in the same actual folder, you could create an include file for the connections like below
dim server_name
server_name = Request.ServerVariables("SERVER_NAME") 

SELECT CASE server_name
      CASE "sub1.domain.com"
            connect_string = "Server=myServerAddress;Database_1=myDataBase;User Id=myUsername;
Password=myPassword;"

      CASE "sub2.domain.com"
           connect_string = "Server=myServerAddress;Database_2=myDataBase;User Id=myUsername;
Password=myPassword;"

     CASE "sub2.domain.com"
          connect_string = "Server=myServerAddress;Database_3=myDataBase;User Id=myUsername;
Password=myPassword;"
    CASE ELSE

END SELECT

Dim Connection    

Set Connection=Server.CreateObject("ADODB.Connection")
 

Open in new window


Then

Connection.Open connect_string
'declare the variable that will hold our new object
Dim Recordset   
'create an ADO recordset object
Set Recordset=Server.CreateObject("ADODB.Recordset") 
Dim SQL    
SQL="SELECT field1,field2,field3 FROM myTable" 
Recordset.Open SQL, Connection 

Open in new window


You could also store the connection strings (and encrypt them) in your db thus eliminating a long manual CASE and instead, "SELECT connection_string FROM MyCustomers WHERE sub_doman='sub1.mydomain.com'"
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OverthereAuthor Commented:
Thanks for your input.  I will be incorporating info from both responses.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.