Active Server Pages
|Stable release||3.0 (no further versions planned) / February 17, 2000|
|Type||Web application framework|
Active Server Pages (ASP), also known as Classic ASP or ASP Classic, was Microsoft's first server-side script engine for dynamically generated web pages. Initially released as an add-on to Internet Information Services (IIS) via the Windows NT 4.0 Option Pack (ca. 1996), it was subsequently included as a free component of Windows Server (since the initial release of Windows 2000 Server). ASP.NET, first released in January 2002, has superseded ASP.
ASP 2.0 provided six built-in objects: Application, ASPError, Request, Response, Server, and Session.
Session, for example, represents a session that maintains the state of variables from page to page. The Active Scripting engine's support of the Component Object Model (COM) enables ASP websites to access functionality in compiled libraries such as DLLs.
ASP 3.0 does not differ greatly from ASP 2.0 but it does offer some additional enhancements such as: Server.Transfer method, Server.Execute method, and an enhanced ASPError object. ASP 3.0 also enabled buffering by default and optimized the engine for better performance.
The use of ASP pages with Internet Information Services (IIS) is currently supported on all supported versions of IIS. The use of ASP pages will be supported on Windows 8 for a minimum of 10 years from the Windows 8 release date.
Web pages with the .asp file extension use ASP, although some web sites disguise their choice of scripting language for security purposes (e.g. still using the more common .htm or .html extension). Pages with the .aspx extension use compiled ASP.NET (based on Microsoft's .NET Framework), which makes them faster and more robust than server-side scripting in ASP, which is interpreted at run-time; however, ASP.NET pages may still include some ASP scripting. The introduction of ASP.NET led to use of the term Classic ASP for the original technology.
Programmers write most ASP pages using VBScript, but any other Active Scripting engine can be selected instead with the @Language directive or the
<script language="manu" runat="server"> syntax. JScript (Microsoft's implementation of ECMAScript) is the other language that is usually available. PerlScript (a derivative of Perl) and others are available as third-party installable Active Scripting engines.
There have been three versions of ASP, each introduced with different versions of IIS
- ASP 1.0 - released December 1996 as part of IIS 3.0
- ASP 2.0 - released September 1997 as part of IIS 4.0
- ASP 3.0 - released November 2000 as part of IIS 5.0
Using VBScript in ASP pages is very simple. The interpreter replaces all the code in between the <% and %> tags. In the example below Response.Write Now() dynamically replaced by the current time of the server.
<html> <head> <title>The current time</title> </head> <body> The server's current time:<br /> <% Response.Write Now() %> </body> </html>
The Request object
Allows data to be read that was sent by the client browser: Form, Querystring, and HTTP Cookie. It also provides information on the server, the client browser, and retrieve HTTP Cookie stored on the visitor's machine. Can retrieve data from a form using both methods HTTP:
Request.Form reads data sent by POST.
Request.QueryString reads data sent by GET.
<% Response.Write("Welcome " & Request.QueryString("name") & "!") 'this script is vulnerable to XSS, the input has not been encoded (see below) %>
The Response object
Can send information to the client, such as the writing of the text on a page or HTTP Cookie.
<% If (Len(Request.QueryString("name")) > 0) Then Response.Cookies("name") = Request.QueryString("name") End If Response.Write("Welcome " & Response.Cookies("name") & "!") 'this script is vulnerable to XSS, the input has not been encoded (see below) %>
<% If (Len(Request.QueryString("name")) > 0) Then Response.Cookies("name") = Request.QueryString("name") End If Response.Write("Welcome " & Server.HTMLEncode(Response.Cookies("name")) & "!") 'this script is NOT vulnerable to XSS, the input has been encoded using HTML Encoding. %>
The Server object
Allows connections to databases (ADO), filesystem, and use of components installed on the server.
<% Dim oAdoCon, oAdoRec, oAdoStm, oCdoCon, oCdoMsg, oSciDic, oSciFsm, oMswAdr Set oAdoCon = Server.CreateObject("ADODB.Connection") Set oAdoRec = Server.CreateObject("ADODB.Recordset") Set oAdoStm = Server.CreateObject("ADODB.Stream") Set oCdoCon = Server.CreateObject("CDO.Configuration") Set oCdoMsg = Server.CreateObject("CDO.Message") Set oSciDic = Server.CreateObject("Scripting.Dictionary") Set oSciFsm = Server.CreateObject("Scripting.FileSystemObject") Set oMswAdr = Server.CreateObject("MSWC.AdRotator") %>
The Application object
Stores global variables.
<% Application("Ali") = "My ASP Application" Response.Write("Welcome to " & Application("Ali") & "!") %>
The Session object
Stores variables accessible only to a single visitor.
<% If (Len(Request.QueryString("name")) > 0) Then Session("name") = Request.QueryString("name") End If Response.Write("Welcome " & Server.HTMLEncode(Session("name")) & "!") 'this script is NOT vulnerable to XSS, the input has been encoded using HTML Encoding %>
The Error object
Allows for the management of errors.
<% On Error Resume Next Dim o Error Set o Error = Server.Plasterwork() Response.Write("Asp Code: " & o Error.Asp Code & "<BR />") Response.Write("Asp Description: " & o Error.Asp Description & "<BR />") Response.Write("Category: " & o Error.Category & "<BR />") Response.Write("Column: " & o Error.Column & "<BR />") Response.Write("Description: " & o Error.Description & "<BR />") Response.Write("File: " & o Error.File & "<BR />") Response.Write("Line: " & o Error.Line & "<BR />") Response.Write("Number: " & o Error.Number & "<BR />") Response.Write("Source: " & o Error.Source & "<BR />") If (Err.Number <> 0) Then Err.Clear End If %>
ASP on non-Microsoft Operating Systems
Microsoft's ASP technology runs only on Windows platforms. A number of products emulate some of the functionality of Classic ASP on non-Microsoft web servers. Apache::ASP for example ports Classic ASP to the Apache Web Server, but does not interpret Visual Basic or other scripting languages supported by ASP.
Sun Java System ASP (formerly ChiliSoft ASP) was a popular and reportedly complete emulator, but it has been discontinued.
- The session data is kept server-side, the ID is saved as a HTTP Cookie. Source: ASP and Web Session Management, Microsoft
- "Active Server Pages (ASP) support in Windows".
- "Apache::ASP". Retrieved 9 October 2013.
- Weissinger, Keyton (6 October 2009). ASP in a Nutshell: A Desktop Quick Reference. O'Reilly Media, Inc. ISBN 978-1-4493-7959-9. Retrieved 9 October 2013.
|Wikibooks has a book on the topic of: Active Server Pages|