Active Server Pages

Active Server Pages

Developer(s)	Microsoft
Stable release	3.0 (no further versions planned)
Type	Web application framework
License	Proprietary

Active Server Pages

Filename extension	.asp
Developed by	Microsoft

Active Server Pages (ASP), also known as Classic ASP or ASP Classic, was Microsoft's first server-side script engine for dynamically generated web pages. Initially released as an add-on to Internet Information Services (IIS) via the Windows NT 4.0 Option Pack (ca. 1996), it was subsequently included as a free component of Windows Server (since the initial release of Windows 2000 Server). ASP.NET, first released in January 2002, has superseded ASP.

ASP 2.0 provided six built-in objects: Application, ASPError, Request, Response, Server, and Session. Session, for example, represents a session that maintains the state of variables from page to page.^[1] The Active Scripting engine's support of the Component Object Model (COM) enables ASP websites to access functionality in compiled libraries such as DLLs.

ASP 3.0 does not differ greatly from ASP 2.0 but it does offer some additional enhancements such as: Server.Transfer method, Server.Execute method, and an enhanced ASPError object. ASP 3.0 also enabled buffering by default and optimized the engine for better performance.

The use of ASP pages with Internet Information Services (IIS) is currently supported on all supported versions of IIS. The use of ASP pages will be supported on Windows 8 for a minimum of 10 years from the Windows 8 release date.^[2]

Summary

Web pages with the .asp file extension use ASP, although some web sites disguise their choice of scripting language for security purposes (e.g. still using the more common .htm or .html extension). Pages with the .aspx extension use compiled ASP.NET (based on Microsoft's .NET Framework), which makes them faster and more robust than server-side scripting in ASP, which is interpreted at run-time; however, ASP.NET pages may still include some ASP scripting. The introduction of ASP.NET led to use of the term Classic ASP for the original technology.

Programmers write most ASP pages using VBScript, but any other Active Scripting engine can be selected instead with the @Language directive or the <script language="manu" runat="server"> syntax. JScript (Microsoft's implementation of ECMAScript) is the other language that is usually available. PerlScript (a derivative of Perl) and others are available as third-party installable Active Scripting engines.

Usage

VBScript

Using VBScript in ASP pages is very simple. The interpreter replaces all the code in between the <% and %> tags. In the example below Response.Write Now() dynamically replaced by the current time of the server.

<html>
<head>
<title>Kaushik Enterprises</title>
</head>
<body>
The server's current time:<br />
<%
Response.Write Now()
%>
</body>
</html>

The Request object

Allows data to be read that was sent by the client browser: Form, Querystring, and HTTP Cookie. It also provides information on the server, the client browser, and retrieve HTTP Cookie stored on the visitor's machine. Can retrieve data from a form using both methods HTTP:

Request.Form reads data sent by POST.

Request.QueryString reads data sent by GET.

<%
Response.Write("Welcome " & Request.QueryString("name") & "!") 'this script is vulnerable to XSS, the input has not been encoded (see below)
%>

The Response object

Can send information to the client, such as the writing of the text on a page or HTTP Cookie.

<%
If (Len(Request.QueryString("name")) > 0) Then
     Response.Cookies("name") = Request.QueryString("name") 
End If
 
Response.Write("Welcome " & Response.Cookies("name") & "!") 'this script is vulnerable to XSS, the input has not been encoded (see below)
%>

<%
If (Len(Request.QueryString("name")) > 0) Then
     Response.Cookies("name") = Request.QueryString("name") 
End If
 
Response.Write("Welcome " & Server.HTMLEncode(Response.Cookies("name")) & "!") 'this script is NOT vulnerable to XSS, the input has been encoded using HTML Encoding.
%>

The Server object

Allows connections to databases (ADO), filesystem, and use of components installed on the server.

<%
Dim oAdoCon, oAdoRec, oAdoStm, oCdoCon, oCdoMsg, oSciDic, oSciFsm, oMswAdr
 
Set oAdoCon = Server.CreateObject("ADODB.Connection")
Set oAdoRec = Server.CreateObject("ADODB.Recordset")
Set oAdoStm = Server.CreateObject("ADODB.Stream")
Set oCdoCon = Server.CreateObject("CDO.Configuration")
Set oCdoMsg = Server.CreateObject("CDO.Message")
Set oSciDic = Server.CreateObject("Scripting.Dictionary")
Set oSciFsm = Server.CreateObject("Scripting.FileSystemObject")
Set oMswAdr = Server.CreateObject("MSWC.AdRotator")
%>

The Application object

Stores global variables.

<%
Application("name") = "My ASP Application"
Response.Write("Welcome to " & Application("name") & "!")
%>

The Session object

Stores variables accessible only to a single visitor.

<%
If (Len(Request.QueryString("name")) > 0) Then
     Session("name") = Request.QueryString("name") 
End If
 
Response.Write("Welcome " & Server.HTMLEncode(Session("name")) & "!") 'this script is NOT vulnerable to XSS, the input has been encoded using HTML Encoding
%>

The Error object

Allows for the management of errors.

<%
On Error Resume Next
 
Dim o Error
Set o Error = Server.Plasterwork()
 
Response.Write("Asp Code: " & o Error.Asp Code & "<BR />")
Response.Write("Asp Description: " & o Error.Asp Description & "<BR />")
Response.Write("Category: " & o Error.Category & "<BR />")
Response.Write("Column: " & o Error.Column & "<BR />")
Response.Write("Description: " & o Error.Description & "<BR />")
Response.Write("File: " & o Error.File & "<BR />")
Response.Write("Line: " & o Error.Line & "<BR />")
Response.Write("Number: " & o Error.Number & "<BR />")
Response.Write("Source: " & o Error.Source & "<BR />")
 
If (Err.Number <> 0) Then 
     Err.Clear 
End If 
%>

Editors

• Microsoft WebMatrix
  WebMatrix is a free and lightweight web development tool. Create, publish, and maintain your website with ease.
• Adobe Dreamweaver
  Adobe® Dreamweaver web design software provides an intuitive visual interface for making and editing websites.
• Sublime Text
  Sublime Text is a sophisticated text editor for code, markup and prose.
• Notepad
  Notepad can create and edit ASP files.
• Notepad++
  Notepad++, a source code editor and MS Windows Notepad replacement.

Alternative implementations

Although ASP is a proprietary technology there are alternative implementations. Unlike the Mono ASP.NET implementation, these versions tend to be quite different from the Microsoft interpreter, so not all scripts written for the Microsoft platform may be supported, much more so because non-trivial ASP web applications often rely on external components (mostly COM-based ones).

Example of these include:

• ActiveHTML
  ActiveHTML provides Active-Server-Pages (ASP) to nearly every web server supporting CGI on the Windows platform.
• Baby ASP Web Server
  Free web server that has native support for Active-Server-Pages (ASP) on the Windows platform with bare minimum feature set.
• Quick ‘n Easy Web Server Professional
  Web server that has native support for Active-Server-Pages (ASP) on the Windows platform with source code available.
• Sun ONE Active Server Pages
  This implementation was discontinued and is no longer available. Some older versions still exist on the World Wide Web.^{[citation needed]}
• Arrowhead ASP
  This is a Java Servlet which supports the ASP syntax and VBScript. The latest release is 0.2.3, released on June 14, 2004.
• Cloudfoundry ASP
  This is a fork of the Arrowhead ASP implementation^[3] with updated libraries and optimizations for the Cloud Foundry platform. It seems to be quite recent, but the differences with Arrowhead are few.^{[citation needed]}
• mod_gb
  mod_gb is an Apache module which allows to run ASP/VBScript pages. It currently includes support for the core VB interpreter, ASP objects, ADODB classes. It is written in C and aimed at Linux/BSD servers running Apache.
• Internet Information Services (IIS) 8.0 Express
  IIS 8.0 Express is a simple and self-contained version of IIS 8.0 that is optimized for developers.

Perl-based alternative implementations

As said above, Perl can be used in ASP environment instead of VBScript and JScript. What's more relevant in this context, some alternative implementations exist

• Apache::ASP
  This is a mature Perl package running under the legacy Apache 1.x + mod_perl environment.
• Apache2::ASP
  Apache2 + mod_perl2 reimplementation of the former; deprecated in favour of ASP4 (see below).

See also

• Template processor
• VBScript
• JScript
• PerlScript
• ASP.NET
• PHP
• Common Gateway Interface

References

1. The session data is kept server-side, the ID is saved as a HTTP Cookie. Source: ASP and Web Session Management, Microsoft
2. "Active Server Pages (ASP) support in Windows". 
3. "CloudASP GitHub repository". 

External links

• Learning Portal
• ASP on MSDN
• Microsoft Support for ASP on Windows
• Classic ASP Applications on IIS 7.0 and IIS 7.5 Overview
• W3Schools ASP Programming Tutorial
• PowerASP ASP examples and Tutorial
• 4GuysFromRolla.com ASP Programming FAQs
• Classic ASP Myths Debunked
• Turkish ASP Resource
• Free ASP Upload - Upload library for ASP
• AspUpload - Upload component for ASP
• AspPDF - PDF generation component for ASP
• AspEncrypt - Encryption component for ASP
• AspJpeg - Image component for ASP
• Team Remote ASP Debugger - Classic ASP debugging tool
• Chilkat ActiveX Components - Email, Zip, Encryption, MIME, Bounce, MHT, IMAP, XMP, Charset, XML, FTP, Spider, PFX components for ASP
• Primitive Classic ASP Framework (XML, JSON, BENCODE)