Active Server Pages

From Wikipedia, the free encyclopedia
  (Redirected from Classic ASP)
Jump to: navigation, search
Active Server pages
Developer(s) Microsoft
Last release 3.0 / February 17, 2000; 15 years ago (2000-02-17)
Development status No further versions planned
Type Web application framework
License Proprietary
Active Server Pages
Filename extension .asp
Developed by Microsoft

Active Server Pages (ASP), later known as Classic ASP or ASP Classic, was Microsoft's first server-side script engine for dynamically generated web pages. Initially released as an add-on to Internet Information Services (IIS) via the Windows NT 4.0 Option Pack (ca. 1996), it was subsequently included as a free component of Windows Server (since the initial release of Windows 2000 Server). ASP.NET, first released in January 2002, has superseded ASP.

ASP 2.0 provided six built-in objects: Application, ASPError, Request, Response, Server, and Session. Session, for example, represents a session that maintains the state of variables from page to page.[1] The Active Scripting engine's support of the Component Object Model (COM) enables ASP websites to access functionality in compiled libraries such as DLLs.

ASP 3.0 does not differ greatly from ASP 2.0 but it does offer some additional enhancements such as: Server.Transfer method, Server.Execute method, and an enhanced ASPError object. ASP 3.0 also enabled buffering by default and optimized the engine for better performance.

The use of ASP pages with Internet Information Services (IIS) is currently supported on all supported versions of IIS. The use of ASP pages will be supported on Windows 8 for a minimum of 10 years from the Windows 8 release date.[2]


Web pages with the .asp file extension use ASP, although some web sites disguise their choice of scripting language for security purposes (e.g. still using the more common .htm or .html extension). Pages with the .aspx extension use compiled ASP.NET (based on Microsoft's .NET Framework), which makes them faster and more robust than server-side scripting in ASP, which is interpreted at run-time; however, ASP.NET pages may still include some ASP scripting. The introduction of ASP.NET led to use of the term Classic ASP for the original technology.

Programmers write most ASP pages using VBScript, but any other Active Scripting engine can be selected instead with the @Language directive or the <script language="manu" runat="server"> syntax. JScript (Microsoft's implementation of ECMAScript) is the other language that is usually available. PerlScript (a derivative of Perl) and others are available as third-party installable Active Scripting engines.


There have been three versions of ASP, each introduced with different versions of IIS[3]

  • ASP 1.0 - released December 1996 as part of IIS 3.0
  • ASP 2.0 - released September 1997 as part of IIS 4.0
  • ASP 3.0 - released November 2000 as part of IIS 5.0

ASP remains supported at least until January 2020.[4]



Using VBScript in ASP pages is very simple. The interpreter replaces all the code in between the <% and %> tags. In the example below, Response.Write Now() is dynamically replaced by the current time of the server.

<title>The current time</title>
The server's current time:<br />
Response.Write Now()

The Request object[edit]

Allows data to be read that was sent by the client browser: Form, Querystring, and HTTP Cookie. It also provides information on the server, the client browser, and retrieve HTTP Cookie stored on the visitor's machine. Can retrieve data from a form using both methods HTTP:

Request.Form reads data sent by POST.

Request.QueryString reads data sent by GET.

'this script is vulnerable to XSS, the input has not been encoded (see below)
Response.Write("Welcome " & Request.QueryString("name") & "!")

The Response object[edit]

Can send information to the client, such as the writing of the text on a page or HTTP Cookie.

If (Len(Request.QueryString("name")) > 0) Then
     Response.Cookies("name") = Request.QueryString("name") 
End If

'this script is vulnerable to XSS, the input has not been encoded (see below)
Response.Write "Welcome " & Response.Cookies("name") & "!"

If (Len(Request.QueryString("name")) > 0) Then
     Response.Cookies("name") = Request.QueryString("name") 
End If

'this script is NOT vulnerable to XSS, the input has been encoded using HTML Encoding.
Response.Write "Welcome " & Server.HTMLEncode(Response.Cookies("name")) & "!"

The Server object[edit]

Allows connections to databases (ADO), filesystem, and use of components installed on the server.

Dim oAdoCon, oAdoRec, oAdoStm, oCdoCon, oCdoMsg, oSciDic, oSciFsm, oMswAdr

Set oAdoCon = Server.CreateObject("ADODB.Connection")
Set oAdoRec = Server.CreateObject("ADODB.Recordset")
Set oAdoStm = Server.CreateObject("ADODB.Stream")
Set oCdoCon = Server.CreateObject("CDO.Configuration")
Set oCdoMsg = Server.CreateObject("CDO.Message")
Set oSciDic = Server.CreateObject("Scripting.Dictionary")
Set oSciFsm = Server.CreateObject("Scripting.FileSystemObject")
Set oMswAdr = Server.CreateObject("MSWC.AdRotator")

The Application object[edit]

Stores global variables.

Application("Ali") = "My ASP Application"
Response.Write("Welcome to " & Application("Ali") & "!")

The Session object[edit]

Stores variables accessible only to a single visitor.

If (Len(Request.QueryString("name")) > 0) Then
     Session("name") = Request.QueryString("name") 
End If

'this script is NOT vulnerable to XSS, the input has been encoded using HTML Encoding
Response.Write("Welcome " & Server.HTMLEncode(Session("name")) & "!")

The Error object[edit]

Allows for the management of errors.

On Error Resume Next

Dim o_Error
Set o_Error = Server.GetLastError()

Response.Write("Asp Code: " & o_Error.AspCode & "<BR />")
Response.Write("Asp Description: " & o_Error.AspDescription & "<BR />")
Response.Write("Category: " & o_Error.Category & "<BR />")
Response.Write("Column: " & o_Error.Column & "<BR />")
Response.Write("Description: " & o_Error.Description & "<BR />")
Response.Write("File: " & o_Error.File & "<BR />")
Response.Write("Line: " & o_Error.Line & "<BR />")
Response.Write("Number: " & o_Error.Number & "<BR />")
Response.Write("Source: " & o_Error.Source & "")

If (Err.Number <> 0) Then 
End If 

ASP on non-Microsoft Operating Systems[edit]

Microsoft's ASP technology runs only on Windows platforms. A number of products emulate some of the functionality of Classic ASP on non-Microsoft web servers. Apache::ASP for example ports Classic ASP to the Apache Web Server, but does not interpret Visual Basic or other scripting languages supported by ASP.[5]

Sun Java System ASP (formerly ChiliSoft ASP) was a popular and reportedly complete emulator,[6] but it has been discontinued.

See also[edit]


  1. ^ The session data is kept server-side, the ID is saved as a HTTP Cookie. Source: ASP and Web Session Management, Microsoft
  2. ^ "Active Server Pages (ASP) support in Windows". 
  3. ^
  4. ^
  5. ^ "Apache::ASP". Retrieved 9 October 2013. 
  6. ^ Weissinger, Keyton (6 October 2009). ASP in a Nutshell: A Desktop Quick Reference. O'Reilly Media, Inc. ISBN 978-1-4493-7959-9. Retrieved 9 October 2013. 

External links[edit]