Both the NET and Classic ASP versions of this application are designed for fine granularity protection of individual apsx extension files. ASPProtect.NET is not designed or intended to protect sub directories, or non aspx content such as Adobe Acrobat .pdf files etc etc.

I completely disagree with your statement that “most sites” have a login box on the left hand side of the page. I suspect you thinking of the ever popular php based forums and “Nuke” type CMS systems which are set up that way but if you look at any site written entirely using .NET that’s rarely if ever the case. (Granted I cant say for sure because I personally haven’t looked at >50% of the estimated 18 billion +  web pages on the internet) Just off the top of my head www.CafePress.com come to mind as a pure .NET site. If you take a look the login button it takes you to its own login page there is not global login form used throughout the site. Reason being that .NET introduced this thing called a “view state” which is used to store things like your session ID (and way more) and must be posted back to the server in order to keep track of visitors. This technology comes in especially handy when you have a web farm in place and your content is being spit out out by more than one server at the same time

I can think of loads of scenarios where the web servers need to know who you are even though you are never directly contacting them via http. This approach is a very smooth and actually very clever solution for enterprise level websites that simply can’t be handled with a single web server.

 On a practical level I know what you are saying but that application sets up all sorts of things when a protected page is accessed and the user is not yet authenticated. That’s the entire reason you need to put that snippet of code at the top of a page you want to protect. That code snippet calls the ASPProtect.NET class and runs through all the logic to see if you are able to access the page. If you are the subroutine exits and the server continues to process the remaining logic on the page. AKA you are able to access its content. If you are NOT authenticated ASPProtect will setup all the proper session and viewstate info and redirect you to the login page for authentication. You may have also noticed a parameter on the login page called ReturnURL. The application looks for that info and if you do have a user ID and password the application automatically redirects you to the page you were trying to access in the first place.

Really I have no idea what you are trying to do, but there is a world of difference in how something looks verses how it works. Lets just say there was a simple way to do what your thinking, what are you going to do with that login form after the person logs in? Just keep displaying it on the entire site so people get confused and don’t know if they are logged in or not? Just that little part of the equation will require making some changes to either ASPProtect.NET or your application will have to have some logic built into it to stop displaying the login forum.

It sounds to me like your basically looking for a super simple 101 type deal that allows people to sign up for an event and you the admin can see that information? I’m guessing they can also log in again and check out their details and see what event they signed up for?

If that’s the case you’re trying to take a very sophisticated protection application and downgrade it into something that would be one heck of a lot easier to write all from scratch in about an hour.

Your not going to be able to “plug and play” a simple form into a page and turn that application as a magic universal login solution for a website, while its 100% possible to use the application that way if you choose, you need to check out the source code and plan your custom integration accordingly.

Yup everything looks ok - but why no error?

This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...

What would cause it to 'think' it is doing the task yet still fail?

The company that hosts our business web site has been impossible to deal with in assisting me in getting asp protect to work. Getting the rights set correctly took 6 days and then getting parent paths enabled has been impossible. There last response was simply this:

The includes were changed so that if your server does not support "parent paths"
' and the "../" that you could easily change a few files like this and make the
' includes virtual includes instead of file includes. We didnt make them virtual
' includes by default because depending on where in your site you put the application
' the virtual include path would be different. They are also much different on a local
' development server than they would be on your real server
'
' Here are some examples of what you might change these includes to
'
' If you put the aspprotect folder in the root of your domain at your server
' example: www.mydomain.com/aspprotect
' then you would probably use
'
' #INCLUDE VIRTUAL="/aspprotect/dataconn_inc.asp"
' #INCLUDE VIRTUAL="/aspprotect/config_inc.asp"
' #INCLUDE VIRTUAL="/aspprotect/scripts/emailing_subs_inc.asp"
'
' Or if you didnt use the aspprotect folder and just put the contents of it in the root
' of your domain
' then you would probably use
'
' #INCLUDE VIRTUAL="/dataconn_inc.asp"
' #INCLUDE VIRTUAL="/config_inc.asp"
' #INCLUDE VIRTUAL="/scripts/emailing_subs_inc.asp"
'
' It really all depends on what works for your situation
' If you want more information on server side includes read this article at PowerASP
'
' http://www.powerasp.com/content/code-snippets/includes.asp

I am assuming that they will not enable parent paths and I need to modify some code. I do not know asp. WHere do I modify the code for a server that will not enable parent paths?

Thanks,

D

far as I can tell it does... that session abandon thing called in the logoff page should be enough to cover everything

once thing to be careful about

If you log in.. then log off... then go back to a page and do a refresh... you  may in fact be reposting the username and password from before.. thus logging yourself right back in

Perhaps not.. all depends on what your doing... but it is something to be careful of when testing 

Wondering what might be causing a long delay to display the login screen?  This does seem to be intermittent.  Could be server/ISP related? Have experienced enough times to justify posting this question.

I can count up to 20 seconds after clicking on the link.  After login all other selections zip right along without problem.

http://gibsoncity.us/aspbanner/

Thanks, Lance

Version 8.1 can work with MySQL
http://www.aspbanner.com/aspbanunlimited_v8.asp
It is just not supported at all.

The standard version can not work with MySQL.
There were a lot of changes to make the new version work with it and I really only did ift because I have a couple friends with busy sites that could only use MySQL.

It sounds like your site is way too busy for using an access database as you mentioned.

I think you may be using old code where that was an issue... I am going to PM you the latest version..

to be safe upgrade all the ASP files except the dataconn_inc.asp files and your config_inc.asp files

"be real careful not to lose your current encryption keys in the "config_inc.asp" file or you will be in real trouble

You can use your existing database

After taking another look at this and trying your suggestions without success, it appears that in Windows 2003 server it is nearly impossible to remove the READ ONLY attribute from the _database folder.  I'm wonder if this could the cause?

Thanks 

that wont work the way you did it because groups are not stored like like.

groups are stored "*1*"
or "*1*,*9,*"

so if you test for them you must do so using the InStr function of vbscript

example:

If InStr(Session("Groups"),"*1*") Then
    ' do whatever
End If

also.. as for the session variable
it should be    Session("Groups")

And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved

Session("Groups") = CmdCheckUser("Groups")

If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value

I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.

Can't I simply delete the code that does encryption?

If not, how can I

take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,

export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks

Did you see this thread. It shows how to set up the project in Visual Studio in detail.

http://support.cjwsoft.com/code/moreinfo85-1.htm

Can you do a better price deal for that version in place of the one I've just purchased ie for a single licence rather than unlimited Christopher?

Or failing that can you give me an idea of how many changes you had to make to convert 7.3 to work with Mysql?

Regards,

Dave

1st off, what application is this in reference too?
This question should be under that application's area in the forum.

2nd, really need more information and details. There are many ways and methods to send emails and they can all effect what gets delivered and what does not. All on an email server side of things. (I always recommend using the CDOSYS option using SMTP authentication with a real external email that has valid MX records) see my article...
http://www.powerasp.com/content/new/sending_email_cdosys.asp

3rd, your not telling me how many users we are talking about. ASP is not a very efficient way to send emails and extremely large amounts of users should be sent emails in a different way then from an asp application. It is just the nature of the technology being used. Some of different emailing methods the application supports may or may not give you better results. It is really best to experiment though honestly the option I mentioned above is always the best in my experience.

4th, if you are not getting a timeout or a scripting error than the ASP part of things is making it through the amount of users. You have to remember that often time emails that get sent out from web sites end up in junk filters for whatever reason. That is just another fact and why it it is usually best to send out serious newletters using a stand alone application like WorldCast or something.

I am doing a lot of guessing here because you really did not tell me much. I also still am not sure what application this is in reference to as 3 of my apps have newsletter features of sorts.

After I approve someone's username and password, then go to send them the default e mail telling them of the approval, the e mail never goes through.  The e mailing used to work well for many months, but it stopped working.  Any thoughts?

Spider

Does ASPprotect support Paypal's Website Payments Pro option, where a user can use a credit card directly on a web site, without passing to paypal.com?

Nick

Good Morning, any suggestions on how to best "fake out the system" -- I would like to try to keep this clean so I can see the real errors?

My thought was to try to just move those .gif files to the directory that it thinks it should be in -- do you have any better suggestions? Or reasons why I really wouldnt want to do that?

If you are developing using Windows XP Pro and running the NTFS file system setting proper permissions on a folder in your website requires that you 1st disable simple file sharing.

To do so open up "my computer". At the top open up "tools/folder options"

Then the "view" tab.

Then at the bottom uncheck "use simple file sharing"

After that that is done... using "my computer" browse to the folder in your web that you need to set permissions on.

Right click on that folder and then choose the "security" tab.
(If simple file sharing is on that tab wont be there)

Give the "Internet Guest Account" Modify Permissions
This will check all the boxes under modify as well.

You can also give permissions to the everyone account and accomplish the same thing.



BTW:
If you are using ASP.NET you need to give permissions to an account called ASPNET. It wont show up in the user list. You'll need to click "add" and then type in "ASPNET"

Connecting user is dbo of database.

User_ID is primary key with auto increment identity.

SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
 [User_ID] [int] IDENTITY (1, 1) NOT NULL ,
 [First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Admin] [bit] NOT NULL ,
 [Active] [bit] NOT NULL ,
 [Expiration_Date] [smalldatetime] NULL ,
 [Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Counter] [int] NULL ,
 [Last_Access] [smalldatetime] NULL ,
 [Login_Limit] [int] NULL ,
 [Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Date_Created] [datetime] NULL ,
 [Validated] [bit] NOT NULL
) ON [PRIMARY]
GO

ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
 CONSTRAINT [PK_Security_Users] PRIMARY KEY  CLUSTERED
 (
  [User_ID]
 )  ON [PRIMARY]
GO

Just having the database with members does not protect the page.  You need to add the appropriate code to every page you want to restrict access to.

You need to click on the Groups tab in Admin. 
Click on Generate PW protection code. 
Click on the basic button if you don't want to include levels or groups or choose a level or group(s) and click the appropriate button. 
Paste the code that's generated  into the top of an ASP page in code view.

Is that what you're looking for? 

Michelle

sorry.. you just said above you were using XP SP2 so that is the article I referred you to as I just assumed you were talking about your local web server

here is my article on permissions regarding server 2003
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp

I can look at your installation monday if you like. In about an hour I leave for a wedding thingie and I wont be around again untill monday around noon

Try the uploading using VBSCRIPT method just for the heck of it. Perhaps there is an issue with the installation of the dundas component.

CJW

I did all that you sugessted and all failed, you  said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually?  below are the steps I performed......

1 - made sure the web is it's own application in IIS

2 - Reset IIS in command promt

3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.

I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?

Thank you!

Matt...

when I go to that url is seems fairly fast and somewhat normal.. even when I try to log in it pops right back up asking for login info again..

I would check to make sure you are not running anything that might be effecting your web browsing.. software firewalls.. ad blockers.. script blockers... norton internet security.. zone alarm... anything like that

they can all effect a lot of things regarding how web browsers act.

Thanks.

clark

For all you advanced users..

Here are two examples of ASP.NET code you can use on your ".aspx" pages to call banners from the ASP 3.0 version of ASPBaner Unlimited V8

This code is not supported... and you of course must change things accordingly like the variable names and zone numbers to match the zone you want to call banners from as well as the url.

2004-08-27_153832_asp.net_examples.zip

OK, thanks.

Nick

Hello,

If you see that when doing a view source then that code is not running.

I will need to go into your site and look as something is very wrong on a low level and I have no more ideas.

PM or email me the info and I will figure out what is going on.

I'll need ftp or frontpage access to the site.
I'll also need to know the urls for the asprotect system as well as the page you are trying to protect.

CJW

This is amazing. You replied to question within minutes. Thanks for showing such a professionalism.

Hello,

Sorry, I do not have any good ideas on this one...
Domain Name Masking can cause issues with quite a few things.

I am running Windows 2000 server. I do believe asp.net IS installed as I have the .NET 1.1 framework installed.

Funny about the bounce backs. I am at about 10% of my limit, which I control as I am the network admin. I'll check into that.

Our webhost changed converted all sites from c: to d:, and without us doing anything else, our customers now get the following error message when trying to access our Classifieds site:

***********

Microsoft][ODBC Microsoft Access Driver] Not a valid password.

This means there is most likely a problem with the "ConnectionString" info that you specified.

If you are using a DSN-Less Connection with MSACCESS.

Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.

ConnectionString = "DBQ=D:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"

If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.

If you are using a System DSN

It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.

************************************************************ *********************

We did everything the web host asked us to do, that is, changed all references to the C drive to new references to the D drive, but the error is still there.  We also never changed any passwords (as far as we can remember).  Can someone please tell us where to look (also which file might tell us what the correct password is in case it has in fact been changed.

Chris,

I understand.  I set it to a lower number that will hopefully be a good balance for the user.  I am simply AMAZED at what your software does and I thank you for all you have done.

Jess

as far as permissions are concerned I wrote two large articles about permissions that cover everything in detail on how to properly set them

http://support.cjwsoft.com/code/info11.htm

see the windows 2003 and windows xp permission threads

From things you are saying I assume this is your server. My comments about the path looking funny are because very few commercial hosts would use the "c:\inetpub\wwwroot\" directory. If you are using that and that is correct info then that is fine.

as for knowing whether or not the filesystem object is working the best thing to do is to try to write  a text file somewhere in your web and see if it works. Testing something under the most basic scenario is the key to troubleshooting asp issues.

http://www.devasp.com/samples/writetofile.asp

One is for paypal subscriptions (recurring billing) and the other is for single payments

http://support.cjwsoft.com/forum/forum_posts.asp?TID=185& ; ; ;PN=1

http://support.cjwsoft.com/forum/forum_posts.asp?TID=186& ; ; ;PN=1

You can delete any of the 3rd party payment directories you are not using including the the 2checkout one... (all those folders really are is a copy of the users folder specially modified to handle a certain payment processor)

Just Don't delete the "users" folder though as there are things you do there that you can not do anywhere else..  quite a few things..  editing existing account info, looking up passwords... etc etc