Active Server Pages Introduction & Object Model

Active Server PagesIntroduction & Object Model

Client-side vs. Server-side Scripting • Client-side scripting • Used for: • Validation • Interactivity • Enhancing Web page • Browser-dependent • Scripting language must be supported by browser or scripting host • Viewable on client • Protecting source code difficult

Client-side vs. Server-side Scripting (II) • Server-side scripting • Reside on server  more flexibility • Database access • Usually generate custom response for client • Access to ActiveX server components • Extend scripting language functionality • Run exclusively on server  cross-platform issues not a concern • Not visible to client • Only XHTML, DHTML, ActiveX controls, client-side scripts and Java applets sent to client

Active Server Pages (.asp) • ASP is Microsoft’s proprietary CGI (common gateway interface) technology • CGI is that part of the HTTP (Hyper-text Transfer Protocol) that specifies the operation of server-side programming • Recall that HTTP specifies how messages flow and are handled on the WWW

ASP is one of many ‘back end’ solutions • Restated, ASP is programming the ‘back-end’ of a web-based application - programs that run on the server • The primary competitor to ASP is Perl, a language that runs on UNIX servers. Most programs you see on the web with .cgi extensions are Perl scripts • 70+% of the e-commerce world uses Perl/UNIX (10/99)

Active Server Pages (ASP) Introduction • An active server page is a text file script with the extension .asp containing XHTML, client- and server-side script • Processed in response to client request • VBScript de facto language for ASP scripting • Other languages (e.g., JavaScript) can be used • Creates dynamic Web content • Supports interaction between page user and server • Allows web page access to databases and directory services

ASP requirements • ASP pages require an ASP engine (interpreter) on the server • Microsoft’s IIS and PWS include an ASP engine as do several other HTTP servers (there are over 30 in common use) • asp.dll • ActiveX component (server-side ActiveX control that usually does not have GUI) • Third party packages allow .asp pages to run on UNIX HTTP servers. These are increasingly common as .asp gains market share.

.asp execution • A client in a browser clicks on a link that specifies a .asp page on a server • The server retrieves the page and routes it to the .asp engine on the server • The .asp engine executes the script, performing db access, etc. • The server waits and expects the result of .asp execution to be an HTML page to be routed to the requestor.

File server HTML document Database 5 10 8 6 9 7 4 3 1 2 Server-side VBScriptWhere, What, Why, When and How Request is routed to server anywhere in the world ‘web server’ receives request for page Request for page HTTP Server User clicks on .asp link Retrieves page from file server Recognizes .asp as CGI script for VBScript engine User Client: browser Internet VBScript Interpreter (engine) Screen Generated document sent to HTTP server Interpreter may read and write to database Server sends generated document to source of the original request HTML interpreter in browser formats and displays HTML document. Interpreter generates HTML document Server

The .asp execution cycle • (1) The .asp document retrieves the values it needs from the Request Object (the server has its own object model) • (2) A Response Object (ResO) is automatically created, to contain the output of .asp execution • (3) HTML code in the .asp document is written unchanged to the ResO

The .asp execution cycle (2) • (4) Code is executed as encountered, usually resulting in ‘Writes’ of HTML to the ResO • (5) The Response Object is passed to the HTTP server which routes it back to the requesting client. • Not cached. Parsed each time requested

HTTP request methods • GET • Gets (retrieves) information from server • Retrieve HTML document or image • POST • Posts (sends) data to server • Send info from HTML form • Client-entered data • Info to search Internet • Query for a database • Authentication info

A Simple ASP Example • Block scripts • Use the runat attribute of the <script> tag:<script language=“VBScript” runat=“server”> . . . insert code here . . .</script> • Inline scripts • Use scripting delimiters • <% and %> • Indicate code is to be executed on server, not client • Run before block scripts • @LANGUAGE • Specify scripting language (default VBScript) • <% @LANGUAGE = “VBScript” %> • Each time page refreshed, server loads and interprets ASP

Scripting delimeter wraps around code executed on the server. Processing directive specifying scripting language Requires programmer explicitly define all variables Returns server date and time (Now) as a string formatted in vbLongDate format “<%=“ is short for Response.write 1<% @LANGUAGE = VBScript %> 2 3 <% 4 ' Fig. 25.2 : clock.asp 5 ' A simple ASP example 6OptionExplicit 7 %> 8 9 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 10 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 11 12 <html xmlns = "http://www.w3.org/1999/xhtml"> 13 14 <head> 15 <title>A Simple ASP Example</title> 16 17 <style type = "text/css"> 18 td { background-color:black; 19 color:yellow } 20 strong { font-family:arial, sans-serif; 21 font-size:14pt; color:blue } 22 p { font-size:14pt } 23 </style> 24 25 </head> 26 27 <body> 28 29 <p><strong>A Simple ASP Example</strong></p> 30 <table border = "6"> 31 <tr> 32 <td> 33<% =FormatDateTime( Now, vbLongDate ) %> 34 </td> 35 Clock.aspsends Web server’s date and time to the client as XHTML markup<% %> scripting delimeter@LANGUAGE processing directiveOption ExplicitFormatDateTimeNow vbLongDate formatResponse.writeTime

Statement is short for:<% Call Response.write( Time()) %> 36 <td> 37<% =Time() %> 38 </td> 39 </tr> 40 </table> 41 </body> 42 43 </html> Clock.aspTimeProgram Output

1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 4 <html xmlns = "http://www.w3.org/1999/xhtml"> 5 6 <head> 7 <title>A Simple ASP Example</title> 8 9 <style type = "text/css"> 10 td { background-color: black; 11 color:yellow } 12 strong { font-family:arial, sans-serif; 13 font-size:14pt; color:blue } 14 p { font-size:14pt } 15 </style> 16 17 </head> 18 19 <body> 20 21 <p><strong>A Simple ASP Example</strong></p> 22 <table border = "6"> 23 <tr> 24 <td> 25 Thursday, May 24, 2001 26 </td> 27 28 <td> 29 2:22:58 PM 30 </td> 31 </tr> 32 </table> 33 </body> 34 35 </html> Fig. 25.3XHTML generated by clock.asp.

25.5 Simple ASP Examples • ASP processes input • Form information sent by client • E-commerce Web site • Use to verify customer information • Server responds to process request • Form • Using post method • action attribute indicates the .asp file to which the form information is posted • request object retrieves form data

action set to ASP file where information is posted. 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 4  5  6 7 <html xmlns = "http://www.w3.org/1999/xhtml"> 8 9 <head> 10 <title>Name Request</title> 11 </head> 12 13 <body> 14 15 <p style = "font-family: arial, sans-serif"> 16 Enter your name: 17 </p> 18 19  20 <form action = "name.asp" method = "post"> 21 <input type = "text" name = "namebox" size = "20" /> 22 <input type = "submit" name = "submitButton" 23 value = "Enter" /> 24 </form> 25 26 </body> 27 28 </html> Name.htmlpasses information into an ASP document using the post method.

Name.html Program Output

Request object retrieves form data from textfield “namebox” 1 <% @LANGUAGE = VBScript %> 2 3 <% 4 ' Fig. 25.5 : name.asp 5 ' Another simple ASP example 6 Option Explicit 7 %> 8 9 <!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN" 10 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 11 12 <html xmlns ="http://www.w3.org/1999/xhtml"> 13 14 <head> 15 <title>Name Information</title> 16 17 <style type = "text/css"> 18 p { font-family:arial, sans-serif; 19 font-size:14pt; color:navy } 20 .special { font-size:20pt; color:green } 21 </style> 22 </head> 23 24 <body> 25 26  27 <p>Hi <% =Request( "namebox" ) %>, </p><br /> 28 <p class ="special">Welcome to ASP!</p> 29 30 </body> 31 32 </html> Name.aspUses the Request method to retrieve the data posted in Name.html. Places this data within XHTML tags for output.

Name.asp Program Output

Another Simple Example <html><head><title> ASP script</title></head><body> You are a <% for i=1 to 7 %><font size = <% = i %> > very,<% next %>very cool man. </font></body></html> • Output??

ASP Object Model • Each object contains properties, methods and collections - just as objects in OO languages do • These objects are always available when creating an ASP • ASP encapsulates the properties and methods of the following built-in objects: • Request • Response • Server • Application • Session • ASPError • ObjectContext • Users can build their own or use third-party objects - Microsoft provides several for use with active server pages. • ASP Objects Quick Reference Card

Built-in ASP Objects • Request Object • Provides information about the client environment and the client request • Used to get information from the user. • Captures submitted form data, cookies and server variables • Response Object • Provides a means to write data to client • Sends text, data and cookies to the browser and controls each stage of transmitting the page • Server Object • Basic utility functions that are essential to all ASP’s • Used to access properties and methods on the server

Built-in ASP Objects • Application Object • Maintains persistent data and handles events relating to the lifetime of the ‘application’ • Allows to manipulate global data in the script that will be visible to all users browsing the site (ASP application itself) and to all the scripts that are part of the application • Session Object • Allows to attach data to a specific user browsing the site that is isolated and invisible to other users (user session is identifiable by the cookie that is sent every time a user makes a request) • Stays active by default until 20 minutes after the user’s last request or until the session is explicitly abandoned through the code

Built-in ASP Objects • ObjectContext Object • Helps develop applications out of components • Allows the handling of transactions through access to Microsoft Transaction Server • ASPError Object • Contains details of any errors generated by an ASP script or by the asp.dll

Other Object Models • FileSystemObject (FSO) Object Model • For working (creating, modifying, moving, deleting) with folders and files • ADO Object Model • For working with databases

Request Object • Provides access to both the header and body of an HTTP request • Properties • TotalBytes (read only) • Collections • QueryString (by GET) • Form (by POST) • Cookies • ClientCertificate (SSL) • ServerVariables (HTTP header) • Methods • BinaryRead

GET vs. POST • GET and POST can be used to pass data to the object indicated by the URL • When POST is used, the data is passed to the server in the body of the request message • When GET is used, the data is included in the URL as argument string and needs to be parsed

REQUEST OBJECT- Form (POST) • User enters input into the fields of a form • When the form is submitted, the data in each field is transferred to the server, and then to ASP • Data is sent in the format • name = value • name (attribute of <input>)

HTTP Request (Form Submission) <html> <body> <form action = “x.asp” method = “post” > First Name: <input type = “text” name = “first_name” size = 60 > <br> Last Name: <input type = “text”name = “last_name” size = 60 > <br> <input type = “submit” value = “Submit”> </form> </body> </html>

HTTP Request Header POST /x.asp HTTP/1.0 Accept: image/gif, image/jpeg, */* User-Agent: Mozilla/2.0 N (Windows; I; 32 Bit) Content-Type: application/x-www-form-urlencoded Content-Length: 35 (mandatory blank line) first_name=Tony&last_name=Stylianou

Form Information Manipulation * Use the Form collection of the Request object to manipulate information <% strFirstName = Request.Form(“first_name”) strLastName = Request.Form(“last_name”) %> Optional

Sample Form <html> <body> <h2> Sample Order </h2> <form method=“post” action=“hello.asp”> <p> First Name: <input name = “fname” size=“48”> <p> Last Name: <input name = “lname” size=“48”> <p> Title: <input name=“title” type=radio value=“mr”> Mr. <input name=“title” type=radio value=“ms”> Ms. <p> <input type=submit> <input type=reset> </form> </body> </html>

hello.asp <% title = request.form(“title”) lastname = request.form(“lname”) If title= “mr” Then %> Mr. <% = lastname %> <% ElseIf title = “ms” Then %> Ms. <% = lastname %> <% End If %>

REQUEST OBJECT- QueryString (GET) • Retrieve information sent by the client using HTTP Get method • Data appended to the URL when the page is requested. • E.g., http://www.yahoo.com?data1=value1&data2=value2. . . • To retrieve the entire string: • getString = Request.Querystring • To retrieve a specific value from a name-value pair: • data1Value = Request.Querystring(“data1”) • <%ProductType = Request.QueryString("ProductType")If ProductType = "" Then Response.Redirect("/AdvWorks/Equipment/default.asp")End If%> • QueryString is less capable than the Form collection (limitation of about 2,000 characters) Optional

REQUEST OBJECT- ServerVariables • The ServerVariables collection contains all the HTTP message header variables and the query string variables. • Syntax: • Var = Request.ServerVariables (key) • Example: <% Dim strUserName strUserName=Request.ServerVariables(“LOGON_USER”) %>

REQUEST OBJECT- ServerVariables (2) • Keys: • ALL_HTTP: One long string containing all the HTTP headers send by the client’s browser. • REMOTE_ADDR: TCP/IP of the client • REQUEST_METHOD: Get, Post, etc. • SERVER_NAME: Web server’s TCP/IP • HTTPS: “ON” if the client’s request is using SSL. • REMOTE_HOST: The IP address from which the web server receives the request • LOGON_USER: Windows NT account with which the user has logged onto the system • URL: The base URL requested by the client in its HTTP request. • SERVER_PORT: The server port to which the client’s HTTP request is sent. • HTTP_USER_AGENT gives the client browser and allows customization of pages bases on browser capability

Cookie Basics • A cookie is a small text file placed on your computer by a server-based program • All browsers can be set to • refuse cookies • prompt before accepting cookies • Theoretically, cookies can only be read by the same domain (web-address) that wrote them.

Cookie Basics – Cont’d • Cookies can be used for: • communication between sequentially viewed pages on the browser – i.e., one page writes a COOKIE that pages loaded later can read. The cookie exists until the browser is closed. • communication over time - a persistent cookie is saved on the user’s hard disk and can be accessed until its expiration date.

REQUEST OBJECT - Cookies • To read a single valued cookie: value = Request.Cookies(“cookieName”) • To read multi-valued cookies: value = Request.Cookies(“cookieName”)(“keyname”)

REQUEST OBJECT- Client Certificate Provides access to the certification fields of the client’s digital certificate. Client certificates are sent to the web server when a client’s browser supports the Secure Sockets Layer and that browser is connected to a web server running the SSL (https://). Request.ClientCertificate(key[SubField])

REQUEST OBJECT- Client Certificate • Keys: • Certificate: A string value that contains the entire binary stream from the certificate content. • Subject: A list of comma-delimited strings that provide information about the owner of the digital certificate. • Issuer: Information about the issuer. • ValidFrom and ValidUntil: Validation dates • SerialNumber: An ASCII representation • E.g., 0A-B7-34-23 • Flags: Provide additional information such as presence of certificate.

REQUEST OBJECT- Client Certificate • Subfields: • C: country • O: organization • S: state or province • T: title • … Request.ClientCertificate (“IssuerC”) Retrieve the country of origin for the Issuer. Request.ClientCertificate (“SubjectO”) Retrieve the organization of the Subject.

REQUEST OBJECT- Client Certificate <% For Each key in Request.ClientCertificate Response.Write( key & “: “ & Request.ClientCertificate(key) & “<br>”) Next %>

REQUEST OBJECT-TotalBytes TotalBytes property is a read-only value that specifies the total number of bytes posted to the web server by the client in the HTTP request body. Var = Request.TotalBytes

REQUEST OBJECT- Examples

The RESPONSE object • Control over • Gives control over what data and data types are sent to the client in the headers of HTTP response • cookies, charset, contenttype • Gives control over what data and data types sent to the client in the body of HTTP response • write, binarywrite • Gives control over when and how data is sent • buffer, redirect • Purpose • Create a on-the-fly XHTML

The RESPONSE object (2) • Properties • Buffer • CacheControl • Charset • ContentType • Expires • ExpiresAbsolute • IsClientConnected • PICS • Status • Collections • Cookies

The RESPONSE object (3) • Methods • AddHeader • AppendToLog • BinaryWrite • Clear (only Buffer TRUE) • End • Flush (only Buffer TRUE) • Redirect • Write • Events • None

Active Server Pages Introduction & Object Model