|
Yes and no. No, because the admin pages are not accessible to anonymous users, and yes because the rest of the site is (just a simple 'is admin' check at the top of the admin pages thrown in just to make sure).
Gerald Schwab wrote:
Your code will be executing under the IUSR_YOUR_MACHINE_NAME account which doesn't, and shouldn't, have access to write to the registry.
So, if I give the administrator's account proper privelages on the box it should work fine?
Thanks for the help.
cheers,
-Ben
|
|
|
|
|
So, if I give the administrator's account proper privelages on the box it should work fine? Well I'm not totally sure that this is the answer to your problem, but when I tried it on my machine I got the same error as you are getting. When I disallowed anonymous in IIS, it worked fine. So yes, basically you need to give the account that the ASP page is running under, permissions to access the registry. Or better yet, I would recommend that you disallow anonymous access and force ASP page to run under the individual users credentials. If your users are using IE, then this will be seemless by choosing "Integrated Windows Authentication" in IIS, otherwise your users will have to log in each time they access the ASP page using "Basic Authentication". Then give just add those users that you want to give rights, to a windows nt group that has access to the registry.
|
|
|
|
|
Beauty! I’ll give that a go. Thanks Gerald!
cheers,
-Ben
|
|
|
|
|
let me rephrase the original question
i set up a website on my network server running iis
i put an index.html file in the folder
i put a test.asp file in the same folder
a form thing in the html file references the asp file as its action
when i click the submit button i get "cant access requested file error 500"
grrrrrrrrr
do i have to chant some magic invcantations or put the damn asp file in some special folder or point a gun at the iis box or jump off a tall building or just give the f**k up????
please please please help
or you might see a grown woman cry
there too?"
|
|
|
|
|
I use IIS only for ASP.NET,So I'm not sure for your problem...Check properties of your project in iis in Directory tab,and also the properies of your html and asp files.Maybe you don't have some security access for that file or your project.
I hope you won't cry.
Mazy
"The path you tread is narrow and the drop is shear and very high,
The ravens all are watching from a vantage point near by,
Apprehension creeping like a choo-train uo your spine,
Will the tightrope reach the end;will the final cuplet rhyme?"Cymbaline-Pink Floyd
|
|
|
|
|
Well, IIS is not only for ASP.NET but for old ASP also.
The problem could be that your test.asp file generates some error, and if you are trying it on your hosting provider, it hides the error and tells you "error 500". So the question is: is the test.asp file just an empty file, or contains any code in it?
Also if you are trying on your own computer, remember that the folder/web should have right Execute permissions of this folder. To check this, open your computer management console (assuming you are in Win2k, dunno how to work with PWS), and open IIS, then find your directory under Web Server. Right click and on the first tab you will see "Execute permissions". Make sure it is not set to "None". Usually it is "Scripts only"
Philip Patrick
Web-site: www.stpworks.com
"Two beer or not two beer?" Shakesbeer
Need Web-based database administrator? You already have it!
|
|
|
|
|
As Phillip said, it is most likely an error in the code of the ASP page. In IE, make sure you have turned off friendly error messages, and in IIS, for the website you are using, choose properties, and find the error documents. Make sure you select error 500 and click the Set To Default button.
--
David Wengier
Sonork ID: 100.14177 - Ch00k
|
|
|
|
|
this is what i get in ie6 after turning off friendly error messages:
Server Application Error
The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance.
the event log warning message on the web server box says:
The server failed to load application '/LM/W3SVC/1/ROOT/8028test'. The error was 'No such interface supported'.
i also read that if your iis / pwc isnt installed right the online help doesnt show up ... mine doesnt ... wtf must i do to get the damn iis / pwc thing running??
pulease help
situations to avoid #37: "good morning ... how many sugars do you take in your coffee ... and what was your name again?"
coming soon: situations to avoid #38: "...and the dog was there too?"
|
|
|
|
|
just for completeness here are the two files in question ... i cant see where the error on the asp page is but i dont much about this stuff yet so maybe im missing something ???
index.html:
-----------
<HTML>
<HEAD>
<TITLE>login</TITLE>
</HEAD>
<body bgcolor="#FFFF80">
<form name="form1" action="test.asp" method="post">
Email: <input name="email" maxlength="100" size="50"><br>
Password: <input name="pw" maxlength="12" size="20"><P>
<input type="submit" value="Log In"> <input type="reset" value="Clear">
</form>
</BODY>
</HTML>
test.asp:
---------
<% @Language = "VBScript" %>
<%
Option Explicit
Response.Buffer = True
Response.Expires = -1000
dim stremail
dim strpw
strEmail=request("email")
strPw=request("pw")
Response.Write("hello " & stremail & ", how are you?")
Response.Write("<BR>your password is " & strpw)
%>
|
|
|
|
|
Try removing line by line a code from your test.asp. This way you will find out which code generates the error.
I believe it is Response.Buffer = True . I remember I had some problems with it too, but don't remember how I solved them
Philip Patrick
Web-site: www.stpworks.com
"Two beer or not two beer?" Shakesbeer
Need Web-based database administrator? You already have it!
|
|
|
|
|
lauren wrote:
i put an index.html file in the folder
Wow, someone out there is still using that .html file extension
Really, check the file settings to see if you have sharing on.
Nick Parker
|
|
|
|
|
To change the pointer cursor to a hand cursor in an onMouseOver event I use
id.style.cursor = "hand";
This works in IE but not Netscape.
Can someone tell me what I could write this for Netscape, or to make it work in both?
Thanks
Jeremy Davis
http://www.astad.org
|
|
|
|
|
|
note that "pointer" doesn't work on ie4 ( maybe 5 too, not sure ).
only "hand" does.
|
|
|
|
|
I have a simple database (mostly flat tables) which I need to throw an interface on so I can edit the data and do some simple validation checks upon submit.
I figure there should be a control that does that in ASP.NET but I haven't found it yet. Can anyone give me a pointer to such an example?
These are the controls I need in the interface
Label: [edit field]
Label: [drop down list]
Label: [month] [day] [year]
[Submit]
thanks
Todd Smith
|
|
|
|
|
|
I'm having difficulties with my user control used in a datalist.
I have a datalist with an 'itemtemplate' and an 'edittemplate' defined like this:
<ItemTemplate>
<b>Title:</b><%# DataBinder.Eval(Container.DataItem, "TITLE")%>
<asp:LinkButton CommandName="Edit" Runat="server" Text="Edit news"></asp:LinkButton>
</ItemTemplate>
<EditItemTemplate>
<b>Title:</b><%# DataBinder.Eval(Container.DataItem, "TITLE")%>
</EditItemTemplate>
The datalist is bound to a data source. When I render the page, the 'Title' is displayed correctly. When I click the edit link, the 'Title' is still displayed correctly.
Now, I have made a user control called TitleBar, which accepts a title, backcolor and so on, and then uses that information to display a nicely centered title on the page. I use it like this:
<CP:TitleBar id="MainTitle" title="News for today!" BackColor="darkgreen" runat="server" Padding="2" HorizontalAlignment="center" TextColor="white" FontSize="13"></CP:TitleBar>
In a normal page, my user control works fine.
Now, here's the problem. If I use my user control in the datalist, like this:
<ItemTemplate>
<CP:TitleBar id="MainTitle" title='<%# DataBinder.Eval(Container.DataItem, "TITLE")%>' BackColor="darkgreen" runat="server" Padding="2" HorizontalAlignment="center" TextColor="white" FontSize="13"></CP:TitleBar>
<asp:LinkButton CommandName="Edit" Runat="server" Text="Edit news"></asp:LinkButton>
</ItemTemplate>
<EditItemTemplate>
<CP:TitleBar id="MainTitle" title='<%# DataBinder.Eval(Container.DataItem, "TITLE")%>' BackColor="darkgreen" runat="server" Padding="2" HorizontalAlignment="center" TextColor="white" FontSize="13"></CP:TitleBar>
</EditItemTemplate>
... then the page is rendered fine too, but when I click the edit link, nothing is rendered. In fact, it seems that 'Title' is empty.
However if I directly use a string to pass to my user control (instead of the databinder), it does work fine, even if I click the edit button:
<ItemTemplate>
<CP:TitleBar id="MainTitle" title='TEST' BackColor="darkgreen" runat="server" Padding="2" HorizontalAlignment="center" TextColor="white" FontSize="13"></CP:TitleBar>
<asp:LinkButton CommandName="Edit" Runat="server" Text="Edit news"></asp:LinkButton>
</ItemTemplate>
<EditItemTemplate>
<CP:TitleBar id="MainTitle" title='TEST' BackColor="darkgreen" runat="server" Padding="2" HorizontalAlignment="center" TextColor="white" FontSize="13"></CP:TitleBar>
</EditItemTemplate>
I hope I explained the situation clearly. Any ideas why the combination of my user control, a datalist, passing a parameter with DataBinder.Eval and clicking the edit link does not work?
Ludwig
|
|
|
|
|
I just finished reading a few articles on site security using ASP and am not satisfied with some of what it taught me, so any opinions are appreciated.
Basic authentication I think is what it was called, seems pretty lame.
I'm not requiring SSL, because i'm not dealing with finances, but rather site admin. type stuff.
The method I read about suggested I use a session variable and set it to false by default and TRUE upon successful login. Now every ASP page that requires authetication checks this boolean variable for true/false and Response.Write accordingly. The author then says this isn't 100% fool proof and the would be hacker could possibly get by. I'm thinking somehow override the boolean value to always equal TRUE using the IWebBrowser component (Hijack it's JScript interpreter)...?
Anyways...this session variable has got me a little nervous and i'm thinking it would be better to just store username/password in seesion/cookies and check for it's availability inside the DB each ASP access, so long as nobody sees your database (which is another question i have after this) this method seems more sound...?
Of course now your SQL statement would execute each ASP access instead of just once during login, but...i'm really not fond of the session variable, i'm positive what I mentioned earlier would be possible.
Am I alone in thinking this way...? Am I missing something about ASP session cookies...? It just doesn't seem impossible to change a server cookie from a client script, thus making the session variable login useless.
Second question:
I have created a DB using Access and generate most of my site via the data inside the DB. It has come to my attention that Access is not the best solution for a website though and I am wondering if I can use a Access DB with SqlServer...? I don't have any other RDBMS(on my computer) other than Access, but I assume most IIS/ASP enabled servers on the net support SqlServer also...?
If this is the case...I would be able to design my DB on my computer get my ASP scripts working using PWS and simply upload my db and site to a server and switch the DSN to SqlServer instead of Access 97...?
Am I right...?
Anyone know of any links that might be of help...?
Explanations are always good too...thanx!
Cheers!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
The easy stuff first:
Hockey wrote:
I would be able to design my DB on my computer get my ASP scripts working using PWS and simply upload my db and site to a server and switch the DSN to SqlServer instead of Access 97...?
Almost. You can do this for some things, and for others you cant. For example, if you have any CREATE TABLE SQL then in Access, you use "Boolean" type and in SQL Server you use "BIT". Just an example. There are others that make it different
IMHO you would be better off obtaining MSDE (Microsoft Data Environment) and using that. It is SQL Server without the interface (ie, no Enterprise Manager) and is available free. Usually appears on Visual Studio CDs somewhere. That way, you are sure that it will work, and you can take advantage of stored procedures and other advanced SQL Server things (if you want).
Hockey wrote:
The author then says this isn't 100% fool proof and the would be hacker could possibly get by. I'm thinking somehow override the boolean value to always equal TRUE using the IWebBrowser component (Hijack it's JScript interpreter)...?
AFAIK that wouldnt work. The session variable (the boolean) is never sent to the client. All that is sent is a session ID, and ASP uses that to get its session variables. Thus, the only way to mislead it would be for the client to send back a false session ID, but it would require knowing what session ID would be valid, and already logged in.
I have always just used session variables and I havent come across any problems, but I am not an l337 h4x0r
--
David Wengier
Sonork ID: 100.14177 - Ch00k
|
|
|
|
|
with msde you can use access2k as a management console of a sorts ... it sux big time but its better than scripts imho
and where can i find out about these sessions thingies and all the other asp rhubarb ... am a beginner at it and need to know
situations to avoid #37: "good morning ... how many sugars do you take in your coffee ... and what was your name again?"
coming soon: situations to avoid #38: "...and the dog was there too?"
|
|
|
|
|
Do a search for login.
Paul Watson pointed me in a nice direction a while back...I'm just checking them out now, but they are pretty good resources for basic logins.
Cheers!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
I just read another aritcle that explains basic authentication, but using IP addy instead of session cookies. I like this idea better, the whole cookie thing makes me really nervous.
Where would I get this MSDE....is it RDBMS like access...?
I think you explained this already...saying it's like sqlServer minus a few bells and whistles. Sorry i'm a total newbie with database stuff. Although...using databases (re-learning is a bitch) i'm now seeing the potential and speed dev time drop 10 fold as compared to doing all this sh*t with generic file ops in Perl.
Long live DB and ADO...
Just one more question...An Access database is compatible w/ SqlServer...? Like the internal format and structure of thew tables is obviously the same...? Just the SQL statements differ slightly...?
Thanx!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
Well, again, it is almost the same. It also depends on what DB Provider do you use. For example, Jet Engine (also from MS ) gives you much more features then others. Even same data types, like mentioned, you will use BIT in both SQLServer and Access. But it seems to be quite problematic with a lot of requests to Access database. I actually suggest to use SQL Server if you can. Just some hostings will not include it in to your package, usually you need to add some money to get SQL server.
But what you mean by format and structure? Of course it is different, but you are not opening Access files in binary more and parse them manually. DB Providers do all work for you I remember when I wanted to move from Access to SQL Server, I had no problems with importing tables/queries. So I'd say it is ok
As for Session variables, yes it is not 100% proof solution, but where did you see any 100% solutions? Also it is the common way to make a users management/login on the site. On really critical pages you can request authorization from the database by querring for stored in Session Username and Password. It will be the best way I guess.
Philip Patrick
Web-site: www.stpworks.com
"Two beer or not two beer?" Shakesbeer
Need Web-based database administrator? You already have it!
|
|
|
|
|
Philip Patrick wrote:
But what you mean by format and structure? Of course it is different, but you are not opening Access files in binary more and parse them manually.
Thats what I meant yup...I was just curious if they shared similar file structures. Nothing important, just curious.
Cheers!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
Philip seems to have answered your questions quite nicely
Just about the IP address though, that seems to be more insecure. The IP address you get from ASP is only guaranteed to be as unique as the proxy server the person rode in on (so to speak). If its an intranet then you dont have that worry, but there is the issue of anybody being able to use that computer and get access, without logging in.
I'll assume there is more to it than you have written here
As for the database compatibility, as Philip said, internally what they are like is irrelevant. They are compatible enough, such that there will not be huge code changes, and Microsoft provide automatic importing tools in SQL Server to read access databases. Whether or not your ISP allows you access to this (its called DTS, which i thnk is Data Transformation Services) is another issue, but its not hard to import data anyway. You just open two connections, read from one, write to the other.
--
David Wengier
Sonork ID: 100.14177 - Ch00k
|
|
|
|
|