by Azam A. Mirza

• The Active Platform

Learn about the strategy behind the Active Platform and the underlying technologies that bring the power of client/server computing to the World Wide Web.

• Active Server Pages

Learn about the features that make ASP such a powerful and flexible mechanism for creating dynamic, feature-rich Web sites.

• Active Server objects

Gain an understanding of the built-in Active Server objects that provide powerful functionality as part of ASP. A detailed discussion of their usage and purpose is provided.

• Active Server scripting

Learn about the Active Server scripting mechanisms. See how to build powerful web sites by harnessing the power of server-side scripting intermixed with HTML.

The basic software component that brings together the power of I-nets is the World Wide Web server software. Web server software gives clients access to corporate information and data by facilitating information publishing, application execution, and data retrieval.

Most web server software packages--such as Microsoft Internet Information Server (IIS), various Netscape server products, and WebSite--provide a comprehensive set of setup, management, and administration facilities. In most cases, a basic and functional web server can be installed, set up, and made operational within an hour. Also, all server packages include sophisticated system administration utilities, such as the Server Manager utility included with IIS.

Until recently, most web servers stored static information for access by clients. With the introduction of technologies such as Java applets, ActiveX controls, and database-access tools, web servers have become more than just facilitators for publishing static information. Web servers now can provide powerful capabilities, such as user authentication, connectivity to database servers, dynamic page creation based on user actions or database queries, and data encryption. The list isn't exhaustive, but is intended to provide a measure of advances that have been made in the last year or so in terms of the capabilities of web server software.

Microsoft's Internet Information Server deserves special mention due to its tight and robust integration with Windows NT Server and the security subsystem in particular. This tight integration allows IIS to use the built-in Windows NT Server security model for user authentication and password validation. User access to the web can be controlled by authenticating users against the Windows NT domain user lists. Files and directory access from the web can be controlled by setting permissions for user groups through the Windows NT security mechanisms. Traffic analysis and performance monitoring can be performed by using the Windows NT Performance Monitor utility, and logging can be performed by using the Windows NT event log.

Microsoft has also provided additional functionality to the core web server product through add-on products and tools. This chapter discusses these tools and technologies in further detail. n

The Active Platform

As part of its strategy to deliver components that enable Microsoft BackOffice as the backbone of Internet technologies, Microsoft has added a high-level component to IIS that delivers cross-platform support, open standards, and a tightly integrated set of tools for delivering dynamic web content to users.

Active Platform is an open architecture based on industry standards for creating web sites and web-enabled applications for I-nets. Active Platform provides a means for developers to create web content that can be used across hardware platforms and operating systems.

---

ON THE WEB:Microsoft's web site, http://www.microsoft.com, contains extensive information about Active Platform and other Internet technologies. Visit the site periodically for the latest information about Microsoft tools and products.

---

Active Platform leverages such technologies as HTML, scripting mechanisms (such as VBScript and JScript), Microsoft Component Object Model (COM), Java support, and the underlying operating system services to deliver dynamic, interactive, and customizable content to client desktops on the Internet and intranets.

By providing a high-level platform that sits atop IIS and the operating system, Microsoft has created a platform that frees you, the web developer, from worrying about underlying details and operating system idiosyncrasies. You can build web sites that conform to Active Platform specs and not worry about the hardware platform and operating system the site will run on.

Active Platform not only brings uniformity to the server side for web-enabled applications, it also encompasses the client side with the same open architecture to deliver a cohesive means of displaying content residing on Active Platform servers.

Three main parts to Active Platform make it possible to create, deploy, and use powerful web-enabled applications for the Internet and intranets:

• ActiveX technologies
  
  
• Active Desktop
  
  
• Active Server Pages

Figure 13.1 shows the relationship among the various Active Platform components, which are based on Microsoft's Active Platform technologies. The following sections describe these technologies and the other components in more detail.

FIG. 13.1
Active Platform technologies underlie the Microsoft Internet initiative that enables active connections between multiple platforms and servers.

ActiveX Technologies

The term ActiveX technologies refers to the tools and standards that work together to bring dynamic, interactive content to your web site. ActiveX technologies are software standards, components, and tools that work on various operating systems and heterogeneous networks to enable Active Platform. Some of the technologies included in the ActiveX standard are as follows:

• Dynamic HTML. This extension to HTML technology allows you to create dynamic, on-the-fly web pages. Dynamic HTML pages are created in response to the completion of an ActiveX application and display the results to users. For example, an ActiveX database access object might query a relational database, obtain the resultset, create a dynamic HTML page to display the resultset, and send the dynamic HTML page to the client browser for display to the user.

---

See Chapter 18, "Dynamic HTML," for more information about developing content with Dynamic HTML.

---

---

ON THE WEB:For more information about Dynamic HTML, refer to Microsoft's web site at http://www.microsoft.com/workshop/author/dhtml/default.htm.

---

• Language-independent scripting support. Full support is provided for scripting mechanisms, such as VBScript and JScript. ActiveX supports open scripting standards that provide scripting support in various languages and on all supported platforms. You can execute scripting on the client browser and on the web server components through the use of an ActiveX scripting engine.

---

NOTE: IIS 3.0 supports compilation-free execution of server-side scripts.

---

• System services. ActiveX provides access to operating system services through its com-ponent architecture model. Active Platform can access operating system services on sup-ported platforms, such as Windows, Macintosh, and the various UNIX flavors that will be supported through various third-party vendors in the near future.
  
  
• Development tools. Support for ActiveX is incorporated into all Microsoft development tools for creating ActiveX components. These include Microsoft's Visual InterDev, Visual C++, and Visual Basic. ActiveX components can be written in any language that supports the creation of such components.
  
  
• Java support. ActiveX technologies provide full support and interoperability for the Java technology and Java applets. The Microsoft Java virtual machine (JVM) and the Visual J++ development tool provide support for accessing ActiveX objects from Java applets. This provides support for building Java applets that can interface with operating system services through an ActiveX object. For example, the Java specification doesn't allow for applets to gain access to file system services. By building an ActiveX object that works as a bridge between the operating system and the Java applet, however, you can gain access to these resources from the Java world.

---

NOTE: Future versions of Visual Studio tools will provide support for the J/Direct interface, which makes the interaction between Java applets and Windows services very easy and seamless.

---

---

NOTE: Active Server Pages, discussed later in the "Active Server Pages" section, include the Microsoft Java virtual machine for running Java applets and applications.

---

• ActiveX Data Objects (ADO). ActiveX provides a new mechanism for accessing databases by using ODBC (Open DataBase Connectivity). ADO is similar to DAO (Data Access Objects) and RDO (Remote Data Objects) used by Visual C++ and Visual Basic, and provides developers with a means to access the data stored in corporate relational databases. Developers can create HTML pages with scripts that take advantage of ADO constructs to access databases or create data-aware ActiveX controls.

---

NOTE: Microsoft Visual Basic 5.0 and Visual C++ 5.0 are two of the Visual Studio products that you can use to create data-aware ADO controls.

---

These ActiveX technologies and tools encompass the entire Active Platform on the client and server sides. Some are implemented as standalone tools for enhancing the Active Platform environment, whereas others implement specific functions on the client and server sides.

Active Desktop

Active Desktop is the client component of the Active Platform environment. Active Desktop enables the creation of applications that run on the client systems under a multitude of operating systems and hardware platforms.

Active Desktop provides you with a means of writing applications to a common interface to ensure the capability to run on multiple operating systems and hardware platforms. It includes support for language-independent scripting, dynamic HTML, system services, and ActiveX component technology. Active Desktop provides the following advantages over proprietary solutions:

• A single delivery mechanism for providing user interface objects
  
  
• Support for language-independent, client-side scripting capabilities
  
  
• Support for the Dynamic HTML technology
  
  
• Support for client-side ActiveX components and controls created with such tools as Visual Basic 5.0
  
  
• Support for Java applets through the Java virtual machine, the Java runtime compiler, and the Java JIT (Just-In-Time) compiler

Active Desktop is fully integrated with Microsoft Windows 95 and Windows NT. It provides full support and access to the extensive set of APIs available for Windows. The main delivery mechanism for Active Desktop is Microsoft's Internet Explorer web browser.

---

NOTE: Internet Explorer 4.0 provides a look at the first steps of integration between the Windows GUI shell and the Internet Explorer browser through the use of Active Desktop.

---

Figure 13.2 shows an example of a web site that uses ActiveX components and which is being accessed through the Internet Explorer Active Desktop.

FIG. 13.2
The Microsoft Network web site provides an ActiveX-enabled web experience.

Active Server Pages

IIS 3.0 includes components for enabling your web site for Active Platform. The component that provides server-side ActiveX functionality is called Active Server Pages (ASP), which is nothing more than an HTML page with embedded server-side scripts written in VBScript or JScript. The script is executed on the web server. A pure HTML page is generated as a result of the script execution, and that page is sent to the browser. Figure 13.3 shows how ASP works on the web server.

FIG. 13.3
The web server parses the .asp file. Only the generated HTML is sent to the client browser.

---

NOTE: Active Server Pages denotes the product that was previously referred to as ActiveX Server and code-named Denali.

---

Because an ASP page is nothing more than an HTML page with an .asp extension, all HTML tags are allowed in the ASP file. ASP files also provide the capability to dynamically generate HTML tags on the server before the page is sent to the client browser.

ASP is a high-level component that takes advantage of the scalable, high-performance capabilities of Windows NT Server to provide you with a rich environment for creating server-side web applications. ASP includes full support for Windows NT Server system services, database access, transaction processing, and message queuing. In particular, ASP provides support for the following key functionality:

• Active Server Objects. ASP provides support for hosting component objects commonly referred to as ActiveX components. Development tools such as Visual C++, Visual Basic, Visual J++, and PowerBuilder provide support for building reusable components for use by ASP. Active Server Objects are different from ActiveX controls in one respect: They don't have any user interface elements because they run only on the server machine.
  
  
• Active Server Scripting. ASP provides support for executing scripts on the server. ASP can parse scripts written in VBScript, JScript, Perl, or any other supported scripting language.
  
  
• State Management. ASP adds support for state management to the World Wide Web. HTTP is a stateless protocol that provides no capabilities for tracking and managing application, user, and web-server states.
  
  
• Database Connectivity. ASP provides support for connecting your web site to a relational database system through the use of Active Data Objects (ADO) and server-side scripting.

The following sections provide information about installing ASP, as well as using and creating ASP components and applications.

Installing Active Server Pages

ASP is provided as an add-on component to IIS 2.0 or higher. To install ASP, you must have the following software components already in place:

• Windows NT Server 4.0 with Windows NT Server 4.0 Service Pack 1 or higher
  
  
• Support for TCP/IP installed as part of the Windows NT Server setup
  
  
• Internet Information Server 2.0 or higher

---

ON THE WEB:You can download ASP from Microsoft's web site at http://www.microsoft.com/iis/default.asp.

---

To install ASP, follow these steps:

1. Choose Start, Run from the menu.

2. In the Run dialog box, type path:\asp.exe, where path is where asp.exe resides. The Active Server Pages Setup Wizard launches to install the software.

3. Read the displayed license agreement and click I Agree to Continue. The welcome screen appears.

4. Click Next to continue.

5. If any IIS services are running, the Setup Wizard asks you to stop these services (see Figure 13.4). Click Yes to stop the running IIS services.

FIG. 13.4
IIS services must be stopped before Active Server Pages can be installed.

6. The Select Options dialog box appears (see Figure 13.5).

FIG. 13.5
The Select Options dialog box allows you to install additional Active Platform components, such as ODBC support.

By default, all options are selected:

• Active Server Pages Core. This option can't be cleared. It installs the core ASP component files needed to provide support for ASP.
  
  
• ODBC 3.0. This option installs support for ODBC 3.0, the driver for accessing Microsoft Access and Microsoft SQL Server databases for use with ODBC, and support for ADO (Active Data Objects) and OLE DB.

---

See "Universal Data Access and OLE DB," Chapter 23
See "Active Data Objects," Chapter 23

---

• Documentation and Samples. This option installs the online documentation and the examples used to illustrate ASP technology.

7. Select the components you want to install and click Next.

8. The Setup Wizard prompts for a location for the samples and documentation files (see Figure 13.6). Click Next to accept the default (or Browse to change the location) and install the samples and documentation files in the specified directory.

FIG. 13.6
You can install samples and documentation files on a different drive and directory than the server components.

9. The Setup Wizard installs the files necessary for ASP. After setup is complete, the wizard displays a dialog box showing the installed components (see Figure 13.7).

FIG. 13.7
A summary of installation results appears for your review.

10. Click OK to complete the setup of ASP.

---

TIP: As part of the installation process, additional entries are added to the Microsoft Internet Server program group. The Active Server Pages Roadmap entry is particularly useful--it provides a set of HTML documents, including samples for Active Server implementation and online documentation.

---

After ASP is installed, you're ready to develop content for your web site to take advantage of ASP functionality. The following sections describe how you can use this functionality to bring a new level of sophistication and performance to your web site.

ActiveX Server Objects

ASP provides support for five server objects. These objects are unusual because they're built in to ASP and don't need to be created before being used in Active Server scripts:

• Application
• Session
• Request
• Response
• Server

The Application Object

The Application object is used to store and share web-based application-specific information between users. The variables you define as part of the Application object are available to all instances of a particular web application and to all users accessing that application.

---

NOTE: In ASP parlance, an application is defined as a collection of .asp pages stored within the same virtual web directory and all its subdirectories. A virtual web directory is an alias for a physical location of a web site directory. For example, the virtual directory alias \MyWeb might be used to define a physical path such as \\MyServer\InetPub\wwwroot\MyWeb\Production.

---

The Application object supports the following methods:

• The Lock method prevents other users from accessing and modifying the Application object properties and variables while a particular user is accessing it.
  
  
• The Unlock method releases a locked Application object for use by other users. If Unlock isn't explicitly invoked on a locked object, the object is automatically unlocked when it times out or script execution ends.

You can use the Application object to create variables and store values available to all instances of the application. For example, the following code snipped provides a counter that's incremented every time users access the particular .asp page that includes the given script:

<%
Application.Lock
Application("Counter") = Application("Counter") + 1
Application.Unlock
%>

This code provides a sample mechanism for keeping track of the number of times a certain web page has been accessed. The Lock and Unlock methods ensure that two users don't access the same variable simultaneously.

---

NOTE: If an attempt is made to modify a locked object, the request will be queued until the object becomes available or the web page times out. A web page timeout can be set as part of the page definition, or a global timeout can be used that's set on the web server itself and applies to all web pages by default. For example, a page may have a timeout value of 300 seconds. If a user accessing the page does nothing for more than five minutes after the initial page load, the page will be reloaded from the server rather than the local cache when the user tries to refresh it.

---

All variables declared within the context of the Application object are discarded when the application ends. The data stored within the Application object variable must be saved to persistent storage if it's to be used later. The VBScript procedure code sample in Listing 13.1 provides an example of storing and tracking the number of page hits to a text file on the server.

Listing 13.1  Storing and Tracking Page Hits on the Server

<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub SavePageHits()
   SET f = Server.CreateObject("MS.TextStream")
   f.CreateTextFile
   Server.MapPath("/") + "\count.txt", 2, TRUE, FALSE
   f.WriteLine(Application("Counter"))
   f.CloseTextFile
End Sub
</SCRIPT>

---

NOTE: Application object variables must be saved to disk if they're to be used between different application sessions.

---

The Application object also provides support for two special events, OnStart and OnEnd, which are declared in the global.asa file and are executed when the application starts and ends. These events are used to initialize variables at application startup and to clean up when an application ends. Listing 13.2 provides usage examples for the two events.

---

See "The Global.asa File," Chapter 15

---

Listing 13.2  Using the Application_OnStart Event to Initialize Database Connectivity Options

<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub Application_OnStart
   Application("DataConn_ConnectionString") =
               "DBQ=C:\IntraGAS\ei3.mdb;DefaultDir=C:\IntraGAS; 
               Driver={Microsoft Access Driver (*.mdb)};  DriverId=25;
               FIL=MS Access; ImplicitCommitSync=Yes;MaxBufferSize=512; 
               MaxScanRows=8;PageTimeout=5; SafeTransactions=0;Threads=3;
               UID=admin;UserCommitSync=Yes;"
   Application("DataConn_ConnectionTimeout") = 15
   Application("DataConn_CommandTimeout") = 30
   Application("DataConn_RuntimeUserName") = "admin"
   Application("DataConn_RuntimePassword") = ""
End Sub
</SCRIPT>

The Session Object

Unlike the Application object, which holds information across multiple instances of the same application and across multiple users, the Session object stores state information about a single user. It provides scope for saving user variables. Despite its narrower scope, the Session object is very similar to the Application object in functionality and usage.

---

TIP: Session variables are similar to traditional application global variables. They're available to an application throughout; however, each instance of the application gets its own set of Session object variables.

---

The Session object supports the following method and properties:

• The Abandon method is used to destroy all Session object variables and release their memory. If Abandon isn't called explicitly, the variables are destroyed when the Session object times out. Calling Abandon within the context of a web page doesn't destroy the Session object until the page is processed fully and all scripts on the page are executed. The following code sample illustrates the use of the Abandon method:

<%
Session.Abandon
Session("Counter") = Session("Counter") + 1
Reponse.Write(Session("Counter"))
%>

• The SessionID property is a LONG data type that returns the unique identity assigned to the current user session. The server automatically generates the SessionID when a new session is started.

---

CAUTION: Don't use SessionIDs as unique keys. When a web server is restarted, the SessionID counter is also reinitialized.

---

• The Timeout property specifies the period in minutes before a Session object is destroyed. If users don't refresh or request a page within the timeout period, the session ends.

In addition to these properties and the Abandon method, the Session object supports the OnStart and OnEnd events. These events are identical in functionality to the Application object events, except their scope is limited to the current user session.

The Request Object

The Request object is used to query information from the client browser. The information is passed from the client to the server through an HTTP request. The server, to retrieve the information from the HTTP message, uses the Request object.

You can pass five types of variables to a server application from the client by using the Request object. Each variable has its own collection within the Request object. The Request object contains these collections:

• QueryString
• Form
• Cookies
• ServerVariables
• ClientCertificate

The syntax for accessing the variables stored within the Request object collections is very simple:

Request[.Collection](Variable)

The collection name is optional and may be omitted. If the collection isn't specified, all the collections within the Request object are searched in the order the collections are listed earlier. The following sections discuss the Request object collections in more detail.

The QueryString Collection  The QueryString collection provides a parsing mechanism for the QUERY_STRING HTTP tag. It provides access to the HTTP string contained after the question mark, as in the following example:

http://www.gasullivan.com/user.asp?id=azamm&name=azam

The HTTP string can be retrieved by using the Request object's QueryString collection:

ID = Request.QueryString("id")
Name = Request.QueryString("name")

If more than one value is assigned to the same variable, the variable is stored as an array. By using an optional index parameter, you can access the multiple values:

Request.[QueryString]("variable")[.index]

To determine the number of values stored within a variable array, use the optional count property:

Request.[QueryString]("variable")[.index | .Count]

The index parameter can have any value between 1 and Request.[QueryString] ("variable")[.index | .Count].

To access multiple values stored within the same collection variable, use a numeric index after specifying the variable:

Name1 = Request.QueryString("name").(1)
Name2 = Request.QueryString("name").(2)

Finally, if you need to access unparsed QueryString data, you can gain access to it by using Request.QueryString without any parameter values.

The Form Collection  The Form collection is used to retrieve values posted to an HTTP request by an HTML form, using the POST method. A form is a part of the HTML standard and supported by all browsers. Web sites use forms to collect user information by using text boxes, checkboxes, radio buttons, and list boxes. Usually, a form has a submit button, which is used to trigger the POST method (see Figure 13.8). The POST method passes the entered information back to the server in an HTTP Request object.

FIG. 13.8
The Login to Sample Web page is used to obtain the login ID and password, using the SUBMIT and POST methods.

---

TIP: The user registration page used by most web sites is an example of an HTML page that uses a Form collection along with the POST method to collect user data.

---

The Form collection has the following syntax:

Request.Form(parameter)[(index)|.Count]

The Request object allows access to the data from a form within the Active Server Page. The parameter value specifies the name of the form element from which the values are to be retrieved.

The optional index value allows access to multiple values within a parameter. It can have values between 1 and Request.Form(parameter).Count.

Consider the following form, which is used to collect user ID and password information from users logging on to a web site:

<FORM ACTION = "/scripts/login.asp" METHOD = "post">
<P>Your User ID: <INPUT NAME = "userID" SIZE = 30>
<P>Your Password: <INPUT NAME = "password" SIZE = 30>
<p><INPUT TYPE = SUBMIT>
</FORM>

This form will generate a request of the following type:

userID=azamm&password=pass

By using the Form collection, you can access the login information and validate the user. The validation routine can look something like

UserID = Request.Form("userID")
Password = Request.Form("password")

where the values are retrieved from the Form collection and assigned to local variables for validation.

The Cookies Collection  The Cookies collection is used to retrieve the cookies sent via the HTTP request. A cookie is synonymous to an .ini file or Registry entries in the sense that it's used to store preferences, user information, and other pertinent user data. Any information can be stored, passed, and accessed through a cookie. By definition, cookies are stored on the client machine for fast retrieval at a later time. For example, cookies are used to provide personalized web content to users. User preferences and tastes are stored in cookies on the client machine to customize the content being displayed to the users each time they log on to a web site.

The Cookies collection of the Request object is used only to read cookies from a client machine. The Response object mentioned later in this chapter is used to write cookie information to a client machine.

The syntax for requesting cookie information is

Request.Cookies(cookie)[(key)|.attribute]

where

• cookie specifies a cookie whose value should be read.
  
  
• key is an optional parameter used to retrieve subkey values from a cookie.
  
  
• attribute is a read-only parameter that specifies information about the cookie itself. The attribute parameter can have the following values:

Value	Description
Expires	This write-only value specifies the date on which the cookie expires.
Domain	If specified, this write-only value is used to send cookies only to requests within this domain.
Path	The cookie is sent only to requests to this path. If this write-only attribute isn't set, the application path is used.
Secure	This write-only parameter specifies whether the cookie is secure.
HasKeys	This read-only parameter specifies whether the cookie con- tains keys.

To determine if a cookie is a cookie dictionary (whether the cookie has keys), use the following script:

<%= Request.Cookies("myCookie").HasKeys %>

If myCookie is a cookie dictionary, the preceding value evaluates to True. Otherwise, it evaluates to False.

You can use a loop to cycle through all the cookies in the Cookie collection, or all the keys in a cookie as shown in Listing 13.3. Iterating through keys on a cookie that doesn't have keys won't produce any output.

Listing 13.3  Iterating Through Keys on a Cookie Without Keys

<%
For Each cookie in Request.Cookies
  If Not cookie.HasKeys Then
%>
   <%= cookie %> = <%= Request.Cookies(cookie)%>
<%
  Else
        For Each key in Request.Cookies(cookie)
%>
   <%= cookie %> (<%= key %>) = <%= Request.Cookies(cookie)(key)%>
<%
   Next
  End If
Next
%>

The ServerVariables Collection  The ServerVariables collection is a set of predefined server variables used to read information about the server, the operating environment, and the client browsers. Generally, most ServerVariables collection items are read-only. The syntax for the ServerVariables collection is

Request.ServerVariables(variable)

The following environment variables are accessible through the ServerVariables collection:

• AUTH_TYPE. The authentication method used by the web server to validate users when they try to access a protected web page. The three methods allowed include the clear-text password validation, encrypted password validation, and the Windows NT domain validation.
  
  
• CONTENT_LENGTH. The length of the content provided by the client.
  
  
• CONTENT_TYPE. The data type of the content provided by the client, used by HTTP requests that have information attached to them, such as the POST method.
  
  
• GATEWAY_INTERFACE. The revision of the CGI specification used by the server. The format is CGI/revision.
  
  
• HTTP_HeaderName. The value stored in the header HeaderName. Any header other than those listed must be prefixed by HTTP_ for the ServerVariables collection to retrieve their value. The server interprets any underscore (_) characters in HeaderName as dashes in the actual header. For example, if you specify HTTP_MY_HEADER, the server searches for a header sent as MY-HEADER.
  
  
• LOGON_USER. The Windows NT domain login account name being used by the user.
  
  
• PATH_INFO. Extra path information provided by the client. Scripts residing on the server can be accessed by using their virtual path and the PATH_INFO variable. If the PATH_INFO information is obtained from an URL, the server decodes it before the variable is passed to scripts.
  
  
• PATH_TRANSLATED. A translated version of PATH_INFO that takes the path and performs any necessary virtual-to-physical path mapping.
  
  
• QUERY_STRING. Another method of accessing the query information stored in the string following the question mark (?) in the HTTP request.
  
  
• REMOTE_ADDR. The IP address of the remote host making the HTTP request.
  
  
• REMOTE_HOST. The IP hostname of the remote host making the HTTP request. If the remote host doesn't have an IP hostname defined, the server leaves this field empty.
  
  
• REQUEST_METHOD. The method used to make the HTTP request. Examples include GET, POST, and PUT.
  
  
• SCRIPT_MAP. Provides the base portion of the URL.
  
  
• SCRIPT_NAME. A virtual path to the script being executed. This is used for self-referencing URLs.
  
  
• SERVER_NAME. The server's hostname, DNS alias, or IP address as it would appear in self-referencing URLs.
  
  
• SERVER_PORT. The server port number the HTTP request was sent to.
  
  
• SERVER_PORT_SECURE. A string that provides information about the port handling the HTTP request. This variable can have a value of 0 or 1. If the port handling the request is a secure port, the value is set to 1; otherwise, it's set to 0.
  
  
• SERVER_PROTOCOL. The name and revision number of the request information protocol. The format is protocol/revision.
  
  
• SERVER_SOFTWARE. The name and revision number of the server software honoring the request and running the gateway. The format is name/revision.
  
  
• URL. The base portion of the URL.

The following code uses a loop to cycle through the ServerVariables collection:

<TABLE>
<TR><TD><B>Server Variables</B></TD><TD><B>Value</B></TD></TR>
<% For Each name In Request.ServerVariables %>
<TR><TD> <%= name %> </TD><TD> <%= Request.ServerVariables(name) %> </TD></TR>
</TABLE>
<% Next %>

The ClientCertificate Collection  The ClientCertificate collection is used with the SSL (Secure Sockets Layer) protocol to provide certification information to the web server from the client browser.

---

TIP: To determine whether you're connecting to a web browser that uses SSL, examine the prefix of an URL. Instead of an http:// tag, an SSL web site URL starts with https://. Secure Sockets Layer (SSL) is an industry standard, first introduced by Netscape, that allows web sites to create, store, and display secure, encrypted information to users. Content stored on SSL-enabled web sites is encrypted before being transmitted to the client browser, and vice-versa. Your browser must support SSL for enabling a secure connection to the web server.

---

When a user connects to a secure server, the server requests certification, and the browser responds by sending the certification fields. If no certificate is sent, the ClientCertificate collection returns EMPTY.

The syntax for retrieving client certificate information is

Request.ClientCertificate(Key[SubField])

where

• Key specifies the name of the certification field to retrieve.
  
  
• SubField is an optional parameter you can use to a retrieve an individual field in the Subject or Issuer key. This parameter is added to the Key parameter as a suffix.

The Key field can have the following possible values:

• Subject. A list of values that contains information about the subject of the certificate. Subkeys extract the individual pieces of information from the Subject key.
  
  
• Issuer. A list of values that contains information about the issuer of the certificate. Subkeys extract the individual pieces of information from the Subject key.
  
  
• ValidFrom. A valid VBScript date that indicates when the certificate becomes active.
  
  
• ValidUntil. A valid VBScript date that indicates when the certificate expires.
  
  
• SerialNumber. A string that represents the serial number in a series of hexadecimal bytes separated by hyphens.
  
  
• Certificate. A string containing the entire certificate in binary format.
  
  
• Flags. A set of flags that provides additional client certificate information. The following flags may be set:

Flag	Description
ceCertPresent	A client certificate is present.
CeUnrecognizedIssuer	The last certification in this chain is from an unknown issuer.

---

NOTE: To use these flags, you must include the client-certificate include file on your ASP page. If you're using VBScript, include Cervbs.inc; if you're using JScript, include Cerjavas.inc. These files are in the \Inetpub\ASPSamp\Samples directory on your web server.

---

The SubField parameter can have the following values:

• C specifies the name of the country of origin.
  
  
• O specifies the company or organization name.
  
  
• OU specifies the name of the organizational unit.
  
  
• CN specifies the user's common name. This SubField is used with the Subject key.
• L specifies a locality.
  
  
• S specifies a state or province.
  
  
• T specifies the title of the person or organization.
  
  
• GN specifies a given name.
  
  
• I specifies a set of initials.

The following code illustrates a loop that cycles through ClientCertificate collection values:

<%
For Each key in Request.ClientCertificate
  Response.Write( key & ": " & Request.ClientCertificate(key) & "<BR>")
Next
%>

The Response Object

The Response object sends HTML output to the client browser from an Active Server Page. For example,

<% Response.Write("Hello World!"%>

results in a display of the text on a web page on the client browser.

The Response object has the following syntax:

Response.collection|property|method

The collection parameter contains only a single collection, Cookies (defined earlier in the Request object section).

The Response object supports the following properties:

• Buffer indicates whether page output is buffered. When buffered output is specified, the server doesn't send any output to the client until all the scripts on the page are processed or the Flush or End method is called. The call to Response.Buffer should be the first line of the .asp file.
  
  
• ContentType specifies the HTTP content type for the response. The default content type is text/HTML.
  
  
• Expires specifies the length of time before a page cached on a browser expires. The time is given in minutes. A value of 0 means immediate expiration of the cached page.
  
  
• ExpiresAbsolute specifies the date and time on which a page cached on a browser expires. The default value for date is the day the script is run; the default value for time is midnight.
  
  
• Status is the value of the status line returned by the server. Status values, defined in the HTTP specification, consist of a three-digit number and a textual description.

The Response object also supports the following methods:

• AddHeader sets the HTML header name to value.
  
  
• AppendToLog adds a string to the end of the web server log entry for this request. The string must not contain any commas and must not be more than 80 characters. Multiple calls to this method append the strings to the existing entry.
  
  
• BinaryWrite writes the given information to the current HTTP output without any character-set conversion. This method is most useful for writing binary information required by a custom application.
  
  
• Clear erases any buffered HTML output.
  
  
• End stops processing the .asp file and returns the current result.
  
  
• Flush sends buffered output immediately.
  
  
• Redirect sends a redirect message to the browser, causing it to attempt to connect to an alternative URL.
  
  
• Write writes a variable to the current HTTP output as a string. The variable can be data of any type as defined by the VBScript variant data type.

The Server Object

The Server object provides methods and properties that allow interaction with the web server. The methods and properties provided by the Server object serve very useful purposes. The Server object gives you access to the OLE automation mechanism through the use of Active Server Components.

---

See "Server-Side ActiveX Components," Chapter 14

---

The Server object supports the ScriptTimeout property, which sets the amount of time a script can run before it times out. The property has a default value of 90 seconds.

The Server object also supports the following methods:

• CreateObject creates an instance of a server component and provides the capability to create OLE server objects in the web application. These objects can be written in any language, such as Visual Basic or Visual C++.

---

See "ActiveX Server Components Included with Visual InterDev," Chapter 14

---

• HTMLEncode applies HTML encoding to the specified string.
  
  
• MapPath maps the specified virtual path--the absolute path on the current server or the path relative to the current page--into a physical path.

---

NOTE: A virtual path defines an alias to a physical path on the web server. For example, the absolute physical path c:\myweb\data\images\ may be defined as a virtual path with an alias of \images. Virtual paths can be defined by using the Internet Service Manager included with Internet Information Server.

---

• URLEncode applies URL encoding rules, including escape characters, to the string.

Active Server Scripting

Server-side scripting can be used to create dynamic web content. You can use scripting languages such as VBScript or JScript to write applications that can respond to user-supplied information, user queries, or conditional logic. Server-side scripting allows you to customize the content of a web page to different scenarios and display a different version of a web page every time a client browser accesses it.

Server-side scripting also allows you to customize your web pages based on the capabilities of the client browser being used. For example, certain browsers might not support ActiveX controls. In such scenarios, you can develop a page that displays without using the controls.

Until recently, most web content was static in nature, with a small amount of interactivity and dynamism provided by CGI scripts. CGI scripts are complex and inflexible by nature. By using Active Server Pages and VBScript or JScript, you can produce dynamic web content more easily and quickly.

---

NOTE: In addition to VBScript or JScript, which are supplied with ASP, third-party scripting engines can also be developed and plugged into ASP to provide support for other scripting languages.

---

As evidenced by the installation process for ASP, Internet Information Server provides the hosting environment for the Active Server Scripting Engine. An ASP scripting engine is nothing more than an ISAPI (Internet Server Application Programming Interface) application loaded by IIS at startup.

---

NOTE: ASP isn't a scripting language, but merely an environment for parsing script commands based on the scripting engine being used.

---

When IIS encounters a request for an ASP file, it compiles and executes the scripts in the file on-the-fly. The output produced is an HTML page sent to the client browser. This compile-free environment is one of ASP's greatest advantages.

---

TIP: The default scripting language for ASP is VBScript, but you can switch freely among various scripting languages. To switch easily among installed scripting engines, use the following script:

<SCRIPT LANGUAGE=VBScript RUNAT=Server>

or

<SCRIPT LANGUAGE=JScript RUNAT=Server>

---

As should be obvious, scripts are programming languages. As such, you must use a specific syntax and follow certain requirements when producing applications with them. The following sections discuss some of the constructs and syntax requirements enforced by the ASP scripting engine.

Delimiters

Delimiters differentiate HTML tags from plain text and mark the beginning and end of a script unit. HTML uses the < and > characters to mark HTML text. ASP uses <% and %> as a variation on the HTML delimiters to designate sections of ASP scripts. For example,

<% name = "John Smith"%>

assigns the value John Smith to the variable name. ASP uses the delimiters <%= and %> to enclose output expressions. For example,

<%= name %>

sends the value John Smith to the browser in the preceding example.

Statements

A statement is a complete scripting unit that expresses an action, declaration, or assignment. The For...Next loop construct and the If...Then...Else conditional construct are examples of statements. Statements can also contain HTML code. For example, in Listing 13.4, HTML code is freely mixed with VBScript, because ASP supports the mixing of different scripting languages and HTML code.

Listing 13.4  Mixing Different Scripting Languages and HTML

<%
Loop
If tRangeType = "Table" Then Response.Write "</TABLE>"
If tPageSize > 0 Then
  If Not fHideRule Then Response.Write "<HR>"
  If Not fHideNavBar Then
    %>
    <TABLE WIDTH=100% >
    <TR>
      <TD WIDTH=100% >
        <P ALIGN=<%= tBarAlignment %> >
        <FORM <%= "ACTION=""" & Request.ServerVariables("PATH_INFO") & stQueryString & """" %> METHOD="POST">
          <INPUT TYPE="Submit" NAME="<%= tHeaderName & "_PagingMove" %>" VALUE="  &lt;&lt;  ">
          <INPUT TYPE="Submit" NAME="<%= tHeaderName & "_PagingMove" %>" VALUE="  &lt;  ">
          <INPUT TYPE="Submit" NAME="<%= tHeaderName & "_PagingMove" %>" VALUE="  &gt;  ">
          <% If fSupportsBookmarks Then %>
            <INPUT TYPE="Submit" NAME="<%= tHeaderName & "_PagingMove" %>"VALUE="  &gt;&gt;  ">
          <% End If %>
          <% If Not fHideRequery Then %>
            <INPUT TYPE="Submit" NAME="<% =tHeaderName & "_PagingMove" %>"VALUE=" Requery ">
          <% End If %>
        </FORM>
        </P>
      </TD>
      <TD VALIGN=MIDDLE ALIGN=RIGHT>
        <FONT SIZE=2>
        <%
        If Not fHideNumber Then
          If tPageSize > 1 Then
            Response.Write "<NOBR>Page: " & Session(tHeaderName & "_AbsolutePage") & "</NOBR>"
          Else
            Response.Write "<NOBR>Record: " & Session(tHeaderName & "_AbsolutePage") & "</NOBR>"
          End If
        End If
        %>
        </FONT>
      </TD>
    </TR>
    </TABLE>
  <%
  End If
End If
%>

Script Tags

ASP supports VBScript as the default scripting language. The expressions, commands, and procedures used within script delimiters must be valid for VBScript; however, other scripts can be used freely within ASP through the use of the <SCRIPT> and </SCRIPT> tags. By using the RUNAT and LANGUAGE attributes within these tags, you can change the scripting language and use any other script commands freely. The following code switches to JScript by using script tags:

<SCRIPT RUNAT=SERVER LANGUAGE=JSCRIPT>
 function MyFunction ()
 {
   Response.Write("MyFunction Called")
 }
</SCRIPT>

Procedures

A procedure is a collection of script commands organized and executed together. Primary scripting language procedures can be defined freely within an ASP file. You can even mix and match different scripting language procedures by using the <SCRIPT> and </SCRIPT> tags.

---

TIP: Visual InterDev and IIS use VBScript as the primary scripting language, as defined by the ASP DLL supplied by Microsoft. However, you can change to a different scripting language as your primary scripting language by using the syntax

<SCRIPT LANGUAGE=JScript RUNAT=Server>

at the beginning of your ASP page.

---

Procedures can be defined within the scripting delimiters <% and %>, as long as they're written in the primary scripting language. Procedures can be contained within the same file they're called from, or they can be placed in a separate ASP file and included within the calling file by using the server-side <!--#INCLUDE FILE=...> construct.

To call procedures, include the name of the procedure in a command. For VBScript, you can also use the Call keyword when calling a procedure. If the procedure you're calling requires arguments, however, the argument list must be enclosed in parentheses. If you omit the Call keyword, you must also omit the parentheses around the argument list. If you use Call syntax to call any built-in or user-defined function, the function's return value is discarded. If you're calling JScript procedures from VBScript, you must use parentheses after the procedure name; if the procedure has no arguments, use empty parentheses.

Procedures can be invoked by using various methods based on the scripting language being used. Listing 13.5 illustrates creating and calling procedures by using two different scripting languages (VBScript and JScript).

Listing 13.5  Creating and Calling Procedure in Two Different Scripting Languages

<HTML>
<BODY>
<TABLE>
<% Call Echo %>
</TABLE>
<% Call PrintDate %>
</BODY>
</HTML>
<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub Echo
 Response.Write _
 "<TR><TD>Name</TD><TD>Value</TD></TR>"
 Set Params = Request.QueryString
 For Each p in Params
 Response.Write "<TR><TD>" & p & "</TD><TD>" & _
 Params(p) & "</TD></TR>"
 Next
End Sub
</SCRIPT>
<SCRIPT LANGUAGE=JScript RUNAT=Server>
function PrintDate()
{
 var x
 x = new Date()
 Response.Write(x.toString())
}
</SCRIPT>

From Here...

In this chapter, you learned about Internet Information Server and Active Server Pages. You learned about Microsoft's Active Platform strategy and how ActiveX controls, ActiveX server objects, and ActiveX scripting mechanisms work together to provide an environment for developing rich and powerful web-enabled applications. Refer to the following chapters for information related to building web sites and web-based applications with ASP and IIS:

• To learn about the Visual Studio development environment, see Chapter 2, "Using Visual Studio to Create Applications."
  
  
• To learn about the database features and tools included with Visual Studio, see Chapter 3, "Creating Database-Aware Applications with Visual Studio."
  
  
• To learn about creating components with Visual Basic, see Chapter 5, "Creating ActiveX Components with Visual Basic."
  
  
• To learn about creating components with Visual C++, see Chapter 6, "Creating Components with Visual C++."
  
  
• To learn about creating components with Visual J++, see Chapter 7, "Creating Components with Visual J++."
  
  
• To learn about concepts associated with web-based application development, see Chapter 11, "An Inside Look at Web-Based Applications."
  
  
• To learn about getting started with Visual InterDev, see Chapter 14, "Developing Active Content with Visual InterDev."
  
  
• To learn about using design-time controls, see Chapter 16, "Visual InterDev Design-Time Controls."
  
  
• To learn about server-side programming with Active Server Pages, see Chapter 17, "Server-Side Programming in an I-net Environment."
  
  
• To learn about Dynamic HTML and its advantages, see Chapter 18, "Dynamic HTML."
  
  
• To learn more about using Visual SourceSafe with Visual InterDev, see Chapter 26, "Using Visual SourceSafe."

---

© Copyright, Macmillan Computer Publishing. All rights reserved.