ASP and DLLs

[Skull2003]

Hi,

I have coded an application totally in ASP. However, I would like to encode some of my codes in DLL for increased security. As such, I have chosen to encode pivotal files (eg files holding global variables and procedures) into DLL. Thus, I have a few questions seeking enlightenment :

1) Can I just create an ActiveX dll, copy the ASP functions inside, compile and register the dll and use it across the other pages by Server.CreateObject(..) ? If not, what should I do?

2) Are there any other ways to increase security on Server side to hide my ASP codes?

Thanks and regards,
John

 

[Chopstik]

Skull,

Not sure if I can answer your question adequately, but let me try. You can essentially do what you proposed in your first question, but there might also be a better way to code it in a VB dll file that might not be available in VBScript, so you might want to look into that possibility. Also, for an application that I am working on that sounds similar to what you are doing, I have put most of my code calling the database into my dll file so that others cannot see this for security purposes. I have also put in there functions that I might call across multiple pages. I believe that is what you are asking so thought I would pass this onto you. Hope this helps.

As for your second question, I cannot really provide an answer. Sorry. :-(
Everything is absolute. Everything else is relative.

 

[Skull2003]

Hi Chopstik,

I have already tried coding a dll in VB6. I am also trying to do what you are doing, hiding the connection string to an oracle database. However, I am not sure if VB code in DLL and ASP can mix. For that matter, I am trying to code other ASP procedures.

However, when I tried to do a Server.CreateObject in my ASP code, I am getting several errors.

For more info, I am working in Visual Interdev. In local mode, my calling ASP file is getting "Object Required" error.

In Master (Web) mode, it is getting "The call to Server.CreateObject failed while checking permissions. Access is denied to this object" error.

The dll I am testing is a simple one and the codes are as follows :

(VB6 ActiveX Dll) -

Function TestPrint2()
Response.Write (&quot;<script language='javascript'>&quot
Response.Write (&quot;window.alert('Another test');&quot
Response.Write (&quot;</script>&quot
TestPrint2 = &quot;&quot;
End Function

Function TestPrint(theText)
Response.Write (&quot;<script language='javascript'>&quot
Response.Write (&quot;window.alert('&quot; & theText & &quot;');&quot
Response.Write (&quot;</script>&quot
TestPrint = &quot;&quot;
End Function

(ASP page calling the DLL)
<%
Set objConn = Server.CreateObject(&quot;TESTER_DLL.TEST&quot
objConn.TestPrint(&quot;this message&quot
%>

Would appreciate if you or anyone can post an example code and roughly explain the permissions settings (where and how) for me.

Really appreciate it.

Thanks and regards,
Skull

 

[ShihabAhmad]

The only way to increase security is to hide your code by using DLLs, Stored Procedures and other middle-tier functions. You may also use separate function files and call the functions from your visible ASP page. This way codes inside the functions may be hidden.

I am facing a similar problem using VB6 DLL from ASP. I created a DLL file to check Windows NT authentication. When I call the function as:

Set TestObj=Server.CreateObject(&quot;Test.Validation&quot
Status=TestObj.ValidateUser(&quot;username&quot;,&quot;password&quot;,&quot;Domain&quot

it is working fine. This means when i am giving the username, password and domain hard-coding into the function, the fuction is accepting the values.

When I am using form variables like:

Username=Request.Form(&quot;User&quot

and then calling the function like

Status=TestObj.ValidateUser(Username,...) It is giving me &quot;Type Mismatch&quot; Error on the line where the function is called.

Note that the ValidateUser function is expected to get Strings and I am sending strings ... Any idea why there is a type mismatch when I am using Request.Form?

I need urgent help... Thanks in Advance.

 

[Chopstik]

Skull,

Again, not really sure that I can help very much here, but I'll give it a try. Are you compiling your dll file on your local machine or on remote server? If is on a remote server, do you have permissions to that machine? That is my most immediate thought about this because to be honest, I have not run across this problem as yet. However, I am also developing both my dll file and asp application on my local machine/server so figure this may be why I am having no similar problems. In some twisted way (though admittedly I am very tired due to an overactive 3 yr old from the night before), I am thinking that when you are running in local mode, it cannot find the dll file when you try to call it, hence the &quot;Object Required&quot; error, but when running in Master mode, you are then running into the permissions problem due to it possibly being on a remote machine that you may not have adequate or correct permissions for. (This could also be completely illogical, in which case, please ignore. )

Shihab,

For some reason, I am drawing a blank at the moment, though something keeps tickling the edge of my sleep-reduced brain. Have you tried debugging the dll file while running the asp application (all locally) in order to determine what values are being passed back from the called function in ASP? You might also try Response.Write the values to make sure they are what you think they should be.

HTH Everything is absolute. Everything else is relative.

 

[Skull2003]

Hi all,

It seems we were all wrong. Apparently VB DLL cannot access ASP objects like Server, Response, etc. As such, we should write it as HTML string concatenation in the DLL and do Response.write in the ASP caller file. Like ->

DLL

Function Testing()
strhtml = &quot;<Script language=Javascript>&quot;
strhtml = strhtml + &quot;windows.alert('Testing 123');&quot;
strhtml = strhtml + &quot;</script>
End Function

ASP
<%
dim test
test = Server.CreateObject(&quot;TestDLL.Tester&quot
response.write test.Testing()
%>

Thanks anyways for all your help.

Regards,
Skull

 

[Chopstik]

Skull,

Very embarrassed, but just realised that is what you were doing in the dll file. Sorry for not catching that earlier. Just a curious question, though. Are you referencing the ASP dll in your VB application? Not sure if this would necessarily make a difference, but it is a thought. I've not tried it myself, so cannot say one way or another. If you wouldn't mind posting whether you are or not, I'd be very interested. (Of course, may just try that later myself, but be nice to hear if others use it.)

Thanks. Everything is absolute. Everything else is relative.

 

[Skull2003]

Chopstik,
Actually no. What I have done is ASP calling ASP dll. However, since DLL is essentially VB in nature, I had my pitfalls.

Hope that helps.

Regards,
Skull

 

[Chopstik]

Sorry, not sure I fully understand (or more likely I'm way too tired at the moment to try to think - or drive, for that matter). If I understand correctly, you are calling the dll file in your ASP application. But there is no way to reference any of the ASP commands in the dll file you created in VB. However, in VB, you can reference the asp.dll file (Project/References - then choose Microsoft Active Server Pages) in your VB application and then you should be able to use the ASP Response command in your dll. At least, I think you can. Like I mentioned earlier, hadn't actually tested it myself. But it doesn't sound like you're doing this anyway, so no problem... Please correct me if I'm wrong.

Can slowly feel myself drifting... off... to.... sleep... Good luck with your application. Everything is absolute. Everything else is relative.