Creating a COM Component that uses ASP Intrinsic Objects
If you already know the basics about creating simple components with Visual Basic 6, you can
continue with this study, otherwise, I recommend you read my article titled
Creating your First COM Component so you can get a remedial
concept of how to register, create, and use simple components.
We will be using the ScriptingContext object from the Microsoft Active Server Pages
Object Library component in Visual Basic 6 to access and use the five ASP Intrinsic
Objects (Response, Request, Server, Application, and Session).
As you may already know, the ScriptingContext is at the top of the ASP Object Model:
ScriptingContext
Request Object
Response Object
Application Object
Session Object
Server Object
ObjectContext Object
Using the ScriptingContext component in our Visual Basic 6 custom component, we can use the
intrinsic ASP components just as you would in your ASP pages. This type of approach to
using ASP components can be beneficial for several reasons.
One good reason for using ASP intrinsic objects from within our custom component is for the
checking and validatiion of sensitive data such as passwords.
Typically, an ASP logon page will take
a users name and/or password and validate it against constants or variables contained
within the processing ASP page. This validation will allow or disallow a user from
accessing certain content on the web site (such as personal account information).
Microsoft recommends using the ObjectContext component instead of the
ScriptingContext component. However, the ScriptingContext component is
backward compatible with IIS version 3 and later - not so with ObjectContext.
ObjectContext allows for functionality by incorporating MTS (Microsoft Transaction Server).
MTS acts as a Object Broker and Transaction Manager. However, we will not
discuss MTS as part of our COM Component tutorial until later.
We will be creating a component in Visual Basic 6 and use it to store and validate users
accessing an ASP page.
Before we continue, you will need to make sure you have a few things ready:
Visual Basic 6 (for creating your component)
PWS (Personal Web Server) or IIS4 (Internet Information Server v.4)
Notepad editor or Visual InterDev (for ASP editing)
I will be giving ASP examples in both VBScript and Javascript so don't worry about
what scripting language your most familiar with.
Please perform the following steps:
Start Microsoft Visual Basic 6.0
Click on then click on the OK
button.
Click on Project1(Project1) and change the (Name) property to
Password.
Click on Class1(Class1) and change the (Name) property to
Validator.
Click on the Add-Ins menu then click on Add-In Manager....
Double-Click on VB 6 Class Builder then click on the OK button.
In order to use the ScriptingContext component within our Visual Basic component,
we must create a reference to it: Click on the Project menu then click on
References.
Double-Click on Microsoft Active Server Pages Object Library then click on
the OK button.
We will be using the Class Builder Utility... to create properties for use
in our component: Click on Class Builder Utility....
Click once on the Validator class module in the left pane.
Click on the button to create a
new component property.
Set the Name: to Password and the Data Type: to String.
Click on the OK button.
Repeat step 11.
Set the Name: to Username and the Data Type: to String.
Click on the OK button.
Click on the File menu then click on Update Project.
Close the Class Builder Utility.
At the top of the [Validator(Code)] window, type the following code:
Dim objASP As ScriptingContext
At the end of the [Validator(Code)] window, type the following code:
Public Sub OnStartPage(obj As ScriptingContext)
Set objASP = obj 'Pass ASP objects to this object
objASP.Session("Authorized") = False 'Default to False
objASP.Session("Content") = Empty
End Sub
Public Function Authorized() As Boolean
If Password <> "" And Username <> "" Then
If Username = "michael" And Password = "mypassword" Then
Authorized = True
objASP.Session("Authorized") = True
objASP.Session("Content") = "This can be sensitive" & _
" information such as credit card numbers, Social " & _
"Security numbers, etc."
Else
Authorized = False
objASP.Session("Authorized") = False
End If
Else
Authorized = False
objASP.Session("Authorized") = False
End If
End Function
When a component is instantiated using ASP's Server.CreateObject method,
the component is checked for the existence of an OnStartPage method and passes the
ScriptingContext's objects
to it accordingly. In this case, the intrinsic objects are passed into the obj
arguement which is then assigned to the objASP object from with the function/
method itself. This is how we get access to the ASP objects!
The Authorized() method/function is used to validate the Username and Password
and set the ASP Session("Authorized") variable to either False or True.
I have used in this example, michael for the authorized Username and
mypassword for the authorized password.
As you can see, the Authorized method/function here does two things if both
the Username and Password properties contain 'michael' and 'mypassword' respectively:
sets the ASP Session("Authorized") variable to True and places sensitive information
in the ASP Session("Content") variable. No one can see readable material inside of a
component because it's compiled into binary form.
This method of concealing sensitive information is particularly important if you are
concerned that someone may have the capability of viewing ASP code, or otherwise, that
contains sensitive information such as Credit Card numbers, Social Security numbers, etc.
Save your project with whatever names you like.
We need to compile our component now so click on the File menu then click on
Make Password.dll....
You have now created the Password.Validator COM Server Password.dll -
save it somewhere but make sure you copy it in some directory on the IIS server so we
can register it.
We now have to register the COM Server you just compiled so we can use it in our ASP
page.
The COM Server must me registered on the PWS or IIS server on which you will instantiate it
from the ASP page. If you don't know already how to register a COM Server, read the section
called How Do I Use COM Components in my ASPs?.
Now we need to create the ASP page that is going to use the Password.Validator
component.
Create an ASP page for access by your PWS or IIS server called TEST.ASP.
Using an ASP editor (Notepad/V-InterDev), copy and paste the following code into the
TEST.ASP page:
HTML Section:
<form action="test.asp" method="post" id=form1 name=form1>
Username:<input type="text" size="30" name="Username"><br>
Password:<input type="password" size="30" name="Password"><br>
<input type="submit" value="Login" name="LO">
<input type="submit" value="Logout" name="LO"><hr>
</form>
ASP VBScript Section:
If Request.Form("LO") = "Logout" Then
Session("Authorized") = Empty
Session("Content") = Empty
Response.Write("You are now logged out. ")
End If
If Request.Form("LO") = "Login" Then
If Request.Form("Username") <> "" And Request.Form("Password") <> "" Then
Set objVal = Server.CreateObject("Password.Validator")
objVal.Username = Request.Form("Username")
objVal.Password = Request.Form("Password")
objVal.Authorized()
Set objVal = Nothing
Else
Response.Write("You did NOT enter a Username and/or Password. ")
End If
End If
Select Case Session("Authorized")
Case False
Response.Write("You are not authorized to view this page. ")
Case True
Response.Write(Session("Content"))
Case Else
Response.Write("You are not authorized to view this page. ")
End Select
ASP JScript Section:
if (Request.Form("LO") == "Logout") {
Session("Authorized") = null;
Session("Content") = null;
Response.write("You are now logged out. ");
}
if (Request.Form("LO") == "Login") {
if (Request.Form("Username") != "" && Request.Form("Password") != "") {
var objVal = Server.CreateObject("Password.Validator");
objVal.Username = Request.Form("Username");
objVal.Password = Request.Form("Password");
objVal.Authorized();
var objVal = null;
} else {
Response.write("You did NOT enter a Username and/or Password. ");
}
}
switch (Session("Authorized")) {
case false :
Response.write("You are not authorized to view this page. "); break;
case true :
Response.write(Session("Content")); break;
default :
Response.write("You are not authorized to view this page. "); break;
}
User either the JScript or VBScript ASP sections in this ASP page - not both!
Now run the TEST.ASP page from a browser. If you enter michael in
the Username text box and mypassword in the Password password
box, you should get the following message when clicking on the Login button:
This can be sensitive information such as credit card numbers,
Social Security numbers, etc.
The Password.Validator component is an introductory lesson on creating backward
compatible components that make use of ASP Intrinsic Objects such as the one use here -
Session. We use the Session Object to store the user's sensitive date (Session("Content"))
and to determine if the user alread has authorized access to this date
(Session("Authorized")).
Note: You can not create a new object variable for the ScriptContext object. For
example, you can't use Dim objSC As New ScriptingContext in your VB6 code.
The object is passed to the VB6 COM Component through the OnStartPage function.
How did we get access to the ASP Session object - through the objASP object. IIS
passes the ScriptingContext ASP objects to the OnStartPage method once the component has been
instantiated using the Server.CreateObject method. Note: The OnStartPage method
will only work with the Server.Createobject method - no other means is possible.
then click on the OK
button.
button to create a
new component property.