Link to home
Start Free TrialLog in
Avatar of Upasana Modi
Upasana Modi

asked on

I want to transer from asp.net application to asp application but my asp pages are not on the same server So how to achieve this?

Avatar of Manju
Manju
Flag of India image

when you say transfer, you mean sending some variables from your ASP.Net page to Classic ASP page right?
Avatar of Upasana Modi
Upasana Modi

ASKER

Yes Right
ok lets say, your ASP.NET site is as below:

http://aspnet/Default.aspx

if the above site needs to send productid to ASP site, you simply add a response.redirect in aspx page pointing to ASP page

Ex:
https://msdn.microsoft.com/en-us/library/a8wa7sdt(v=vs.110).aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1 to learn about redirect.

you'll simply put your ASP url with the productid.

http://classicasp/productID.asp?ID=ProductID

and inside classic asp productid page, you'll have to assign that variable to search.

<%

surl = request.querystring("ID")

response.write ID


%>

This will give you the productid that was sent from ASP.Net to ASP
Thanks for your feedback
In my case I want to send username and password to the destination URL and set those variable in asp site as username and password so it will not ask for login credentials again in destination asp site and redirect to the desired page.
Because some its pages are converted to asp.net and some are in classic
Technically you should not pass username & password as variables to another site as it is prone to data theft. However, below is what i'd do.

I'll redirect the below line from ASP.net page

http://classicasp/logon.asp?USR=username&PWD=password

in Classic asp, I need to create a Logon.asp page to absorb the username & password using "request.querystring("USR") & PWD & store that into session, so users are logged in the site.
Ex:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
' Set Username and Password
uname = request.querystring("USR")
pword = request.querystring("PWD")

%>
<% if request("username") = uname AND request("password") = pword then 
session("authuser") = "yes"
else
session("authuser") = "no"
end if
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<% if session("authuser") = "no" then %>
Please log in<br />
<% if request("check") <>"" then %>
Please check your details
<% end if%>
<form id="form1" name="form1" method="get" action="">
  <p>
    <input type="text" name="username" id="uname" />
  </p>
  <p>
    <input type="text" name="password" id="pword" />
  </p>
  <p><input name="check" type="hidden" value="check" />
    <label>
      <input type="submit" name="button" id="button" value="Login" />
    </label>
  </p>
</form>
<% else %>
You have successfully logged in
<% end if %>
</body>
</html>

Open in new window

Do not do this.
' Set Username and Password
uname = request.querystring("USR")
pword = request.querystring("PWD")

Open in new window


For a couple reasons. First, as Manju already said it opens you up to easy hacking. Imagine if somebody emails a url, "htttp://example.com?USR=manju&PWD=mydogsname".  Now anybody that gets a copy of the email can log in to your system and see that Manu uses his dog's name for his password, then goes to other known sites visited by manju and tries the same user/pass combo.  This is not a good situation.

This brings me to my next point, hopefully you are not storing passwords the plain text they are submitted on the form. This is another issue for another thread though. In short, you should be hashing your passwords in your db.

Here is an idea you can use where you can pass some type of id and create a log in for a user.

1) Create a link or form that will "Log in to the other page".

2) Create a processing page that will accept the data from the data.
If it is from a form, it will be the action. If you choose to use a link, then it will be the url to an ajax request.

3) Let your processing page test that the user is logged in.  If the log in is still valid, submit a silent post / xmlhttppost to the classic asp site with the following variables (via https), userid, current page sent from (somepage.aspx) and secret passcode that may be an sha hash of the userid, date and anything else you want.

4) On the classic asp side, create a new table in the database called transferred_logins with the fields userid, date_created (set to current datetime), date_expired (dateadd x amount of time from current date) and optional sending_page (data from  'current page sent from')  

I suggest setting your date_expired to only a few minutes.

5) On the classic asp side, create a page to process the submitted data.  Accept the user id, current page sent from, secret passcode.  Calculate the accepted passcode to make sure it is good. If it checks out, then add the data to your new table called transferred_logins. I suggest setting your date fields to be filled in automatically via the db, but if you want to do it via your classic asp code, that is fine too.

If you are using an ajax request from the .net page, be sure to send something back that the session is ready. I typically use a 1 or 0.

6) Now that the data is passed to the the classic asp page, you can redirect them to classicasp.asp?userid=123.  

7) On the classicasp.asp page, accept the userid, then check it against the table transferred_logins and make sure the current datetime is within the two dates. If it is out of range, then do not accept. If it is in range, then set the session.

By the way, I found sessions in classic asp not trustworthy as they can be easily reset such as the worker process dies and resets. A better solution is to use  cookies or your database to track log ins.  I have an article about classic asp log ins https://www.experts-exchange.com/articles/18259/User-Log-In-Using-A-Token.html
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.