Upasana Modi
asked on
I want to transer from asp.net application to asp application but my asp pages are not on the same server So how to achieve this?
I had this question after viewing Transfer Session Variables from Classic ASP to ASP.NET: Populate form.
when you say transfer, you mean sending some variables from your ASP.Net page to Classic ASP page right?
ASKER
Yes Right
ok lets say, your ASP.NET site is as below:
http://aspnet/Default.aspx
if the above site needs to send productid to ASP site, you simply add a response.redirect in aspx page pointing to ASP page
Ex:
https://msdn.microsoft.com/en-us/library/a8wa7sdt(v=vs.110).aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1 to learn about redirect.
you'll simply put your ASP url with the productid.
http://classicasp/productID.asp?ID=ProductID
and inside classic asp productid page, you'll have to assign that variable to search.
<%
surl = request.querystring("ID")
response.write ID
%>
This will give you the productid that was sent from ASP.Net to ASP
http://aspnet/Default.aspx
if the above site needs to send productid to ASP site, you simply add a response.redirect in aspx page pointing to ASP page
Ex:
https://msdn.microsoft.com/en-us/library/a8wa7sdt(v=vs.110).aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1 to learn about redirect.
you'll simply put your ASP url with the productid.
http://classicasp/productID.asp?ID=ProductID
and inside classic asp productid page, you'll have to assign that variable to search.
<%
surl = request.querystring("ID")
response.write ID
%>
This will give you the productid that was sent from ASP.Net to ASP
ASKER
Thanks for your feedback
In my case I want to send username and password to the destination URL and set those variable in asp site as username and password so it will not ask for login credentials again in destination asp site and redirect to the desired page.
Because some its pages are converted to asp.net and some are in classic
In my case I want to send username and password to the destination URL and set those variable in asp site as username and password so it will not ask for login credentials again in destination asp site and redirect to the desired page.
Because some its pages are converted to asp.net and some are in classic
Technically you should not pass username & password as variables to another site as it is prone to data theft. However, below is what i'd do.
I'll redirect the below line from ASP.net page
http://classicasp/logon.asp?USR=username&PWD=password
in Classic asp, I need to create a Logon.asp page to absorb the username & password using "request.querystring("USR" ) & PWD & store that into session, so users are logged in the site.
I'll redirect the below line from ASP.net page
http://classicasp/logon.asp?USR=username&PWD=password
in Classic asp, I need to create a Logon.asp page to absorb the username & password using "request.querystring("USR"
Ex:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
' Set Username and Password
uname = request.querystring("USR")
pword = request.querystring("PWD")
%>
<% if request("username") = uname AND request("password") = pword then
session("authuser") = "yes"
else
session("authuser") = "no"
end if
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<% if session("authuser") = "no" then %>
Please log in<br />
<% if request("check") <>"" then %>
Please check your details
<% end if%>
<form id="form1" name="form1" method="get" action="">
<p>
<input type="text" name="username" id="uname" />
</p>
<p>
<input type="text" name="password" id="pword" />
</p>
<p><input name="check" type="hidden" value="check" />
<label>
<input type="submit" name="button" id="button" value="Login" />
</label>
</p>
</form>
<% else %>
You have successfully logged in
<% end if %>
</body>
</html>
Do not do this.
For a couple reasons. First, as Manju already said it opens you up to easy hacking. Imagine if somebody emails a url, "htttp://example.com?USR=m anju&PWD=m ydogsname" . Now anybody that gets a copy of the email can log in to your system and see that Manu uses his dog's name for his password, then goes to other known sites visited by manju and tries the same user/pass combo. This is not a good situation.
This brings me to my next point, hopefully you are not storing passwords the plain text they are submitted on the form. This is another issue for another thread though. In short, you should be hashing your passwords in your db.
Here is an idea you can use where you can pass some type of id and create a log in for a user.
1) Create a link or form that will "Log in to the other page".
2) Create a processing page that will accept the data from the data.
If it is from a form, it will be the action. If you choose to use a link, then it will be the url to an ajax request.
3) Let your processing page test that the user is logged in. If the log in is still valid, submit a silent post / xmlhttppost to the classic asp site with the following variables (via https), userid, current page sent from (somepage.aspx) and secret passcode that may be an sha hash of the userid, date and anything else you want.
4) On the classic asp side, create a new table in the database called transferred_logins with the fields userid, date_created (set to current datetime), date_expired (dateadd x amount of time from current date) and optional sending_page (data from 'current page sent from')
I suggest setting your date_expired to only a few minutes.
5) On the classic asp side, create a page to process the submitted data. Accept the user id, current page sent from, secret passcode. Calculate the accepted passcode to make sure it is good. If it checks out, then add the data to your new table called transferred_logins. I suggest setting your date fields to be filled in automatically via the db, but if you want to do it via your classic asp code, that is fine too.
If you are using an ajax request from the .net page, be sure to send something back that the session is ready. I typically use a 1 or 0.
6) Now that the data is passed to the the classic asp page, you can redirect them to classicasp.asp?userid=123.
7) On the classicasp.asp page, accept the userid, then check it against the table transferred_logins and make sure the current datetime is within the two dates. If it is out of range, then do not accept. If it is in range, then set the session.
By the way, I found sessions in classic asp not trustworthy as they can be easily reset such as the worker process dies and resets. A better solution is to use cookies or your database to track log ins. I have an article about classic asp log ins https://www.experts-exchange.com/articles/18259/User-Log-In-Using-A-Token.html
' Set Username and Password
uname = request.querystring("USR")
pword = request.querystring("PWD")
For a couple reasons. First, as Manju already said it opens you up to easy hacking. Imagine if somebody emails a url, "htttp://example.com?USR=m
This brings me to my next point, hopefully you are not storing passwords the plain text they are submitted on the form. This is another issue for another thread though. In short, you should be hashing your passwords in your db.
Here is an idea you can use where you can pass some type of id and create a log in for a user.
1) Create a link or form that will "Log in to the other page".
2) Create a processing page that will accept the data from the data.
If it is from a form, it will be the action. If you choose to use a link, then it will be the url to an ajax request.
3) Let your processing page test that the user is logged in. If the log in is still valid, submit a silent post / xmlhttppost to the classic asp site with the following variables (via https), userid, current page sent from (somepage.aspx) and secret passcode that may be an sha hash of the userid, date and anything else you want.
4) On the classic asp side, create a new table in the database called transferred_logins with the fields userid, date_created (set to current datetime), date_expired (dateadd x amount of time from current date) and optional sending_page (data from 'current page sent from')
I suggest setting your date_expired to only a few minutes.
5) On the classic asp side, create a page to process the submitted data. Accept the user id, current page sent from, secret passcode. Calculate the accepted passcode to make sure it is good. If it checks out, then add the data to your new table called transferred_logins. I suggest setting your date fields to be filled in automatically via the db, but if you want to do it via your classic asp code, that is fine too.
If you are using an ajax request from the .net page, be sure to send something back that the session is ready. I typically use a 1 or 0.
6) Now that the data is passed to the the classic asp page, you can redirect them to classicasp.asp?userid=123.
7) On the classicasp.asp page, accept the userid, then check it against the table transferred_logins and make sure the current datetime is within the two dates. If it is out of range, then do not accept. If it is in range, then set the session.
By the way, I found sessions in classic asp not trustworthy as they can be easily reset such as the worker process dies and resets. A better solution is to use cookies or your database to track log ins. I have an article about classic asp log ins https://www.experts-exchange.com/articles/18259/User-Log-In-Using-A-Token.html
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.