by David M. Williams

What does it do?

Here is a brief overview of Active Server Pages (ASP), an important technology made available by Internet Information Server (IIS).
May 17, 2000

Essentially, ASP is a server-side scripting technology. This means it allows for both HTML and a scripting language to be interspersed in a Web page. The scripting language might access the file system or registry or a database, and will generate HTML code 'on the fly' to make Web sites dynamic and user-specific.

Let's examine some of the features that help to bring all this together.

VBScript

Firstly, ASP is a scripting technology. This means you have the power of a programming language to make your sites as dynamic and featured as you wish. Note that ASP is actually language-independent. Two of the most common scripting languages are supported right out of the box - namely VBScript and Jscript (related to but not the same as JavaScript). Support for other scripting languages, such as Perl, is also available.

Whatever scripting language you use, you can simply enclose script statements in special delimiters for ASP. The starting delimiter is <%, and the closing delimiter is %>.

VBScript, however, is the more common language, partly because it has a simpler syntax to learn, but also because VB is just so ubiquitous in the Microsoft world. Using VBScript on the server in an ASP page really isn't very different from using VB in applications, or VBA in Microsoft Office, or VBScript on ordinary Web pages as a client-side technology.

Nearly all VBScript commands are available for use with ASP except for those that interact with the user. Imagine the dilemma caused by a VBScript command to display a message box on the server. This would require someone to notice and dismiss it on the server before the system could proceed. Instead, the scripting language must interact with the user through HTML and the http protocol.

Scripting languages are great for creating applications quickly. Server-side and client-side scripting can be combined to quickly make a dynamic application with the user interface (client-side) and business logic (server-side) partitioned.

Built-In and Installable Objects

Most of the functionality you can build into an ASP page comes from objects on the server. IIS 4.0 comes with six important built-in objects, as well as a number of installable objects. You can create your own objects by building new server-side ActiveX components.

The six built-in objects enable your pages to communicate effectively with the server, the application, the current session, and the user:

• Request object - gets information from the user. You can get FORM data, read cookies, and so forth.
• Response object - sends information to the user. You can send text to the page, redirect to another URL, and set cookies.
• Server object - interacts with the server. You can create objects, access a database, read files, and find out about the capabilities of the browser.
• Session object - enables you to manage information about the current session.
• Application object - will store information for all sessions.
• ObjectContext object - used for committing and aborting transactions (new in IIS 4.0)

The built-in objects are used just like any other object in a script; by accessing properties, methods, and events. For example, the general format for using the Request object looks like this:

Request[.Collection](variable)

Here is the Request object in action, being used to write a form field's value on a Web page:

<P>The value of 'strFirstName' is
<%= Request.Form("strFirstName") %></P>

This code requires that we first had a HTML form with an input field called strFirstName.

The collections that are available for the Request object are:

• ClientCertificate - the values of fields stored in the client certificate that is sent in the HTTP request
• Cookies - the values of cookies sent in the HTTP request
• Form - the values of form elements in the HTTP request body
• QueryString - the values of variables in the HTTP query string
• ServerVariables - the values of predetermined environment variables

IIS 4.0 comes with a variety of installable objects, and you can also use your own custom objects on the server side. The installable objects include:

• Ad Rotator - rotates advertisements displayed on a page using a schedule
• Database Access - provides access to databases using ADO (Active Data Objects)
• File Access - provides access to the file system
• Collaboration Data Objects - provides the ability to send and receive messages from your Web page

Databases

One of the most important features about ASP is that it allows you to easily access data and put it on a Web page. You can simply display data from an ODBC-compliant database, or you can use ASP to make decisions about what to display on a Web page. You can then format the results in any way that you please.

Using Active Data Objects (ADO), you can easily make a connection object that connects to a database. RecordSet objects may be created to open tables and give interactive access to data, or to execute queries using standard SQL syntax.

This allows you to make a Web-based interface to your database. Using Web forms, your users can perform queries, change data, and add records and the like.

You can use the database for so many useful tasks, such as to store information about your users, or to build an online catalogue for a shop-front.

Cookies

Another important ASP feature is the ability to use cookies to store and retrieve information. The Request object has a Cookie collection, and you can use this in your processing.

Note that cookies are actually stored on the user's computer, and not the server. This often gives cookies a bit of a bad name. Most Web browsers give a user the option of disabling cookies, so these can't always be relied upon.

Where cookies can be most useful is when they work in conjunction with a database. For example, you might make a site where you require people to register. You would store all the user's details in a database on your server. To make logging in easier every time the user visits, you might store a cookie on their computer containing just their username and password. If the cookie is accepted, you can read it each time the user goes to your site, and log them in automatically - getting all the rest of their details from your database. If the cookie is not accepted, then the user will need to log in manually each time they revisit your site.

Here's an example of how we might check a cookie's value:

<%
Dim strUsername as String
strUsername = Request.Cookies("Username")
%>
If the cookie does not exist, then the value returned will be an empty string, like so:
<%
If strUsername = "" Then
' Manual log in code goes here
Else
strPassword = Request.Cookies("Password")
' Automated log in code goes here
End If
%>

Sessions

Normally, Web page operations are single operations. You request a page, and a server delivers it. Whether you get your next page from that same server, or from another server, the next request you make through your Web browser will usually be a whole new operation, unrelated to the previous one.

ASP allows us to maintain the notion of 'state' whereby we can track user interactions across Web pages in our site. Using the Session object will do this. It has syntax very similar to that of cookies, but the data is stored on the server, and not the client machine. Also, the data expires once the user leaves the Web site and the session is abandoned (or, if the session times out due to inactivity).

So, the Session object lets us temporarily store information during the lifetime of a user's interaction with our site.

A good example of the Session object is to protect pages in a secure site - you want to force the user to log in, regardless of what URL they try to open in your site.

When they log in, you might set a session variable to represent this, like so:

<%
Session("Login") = true
%>

In all your other pages, you would test if this variable has been set. If not, redirect the user to your login page. This way, your pages cannot be accessed if the user has not successfully logged on.

<%
If not Session("Login") then
Response.Redirect ("login.html")
End if
%>

Something For Everybody

These are some of the important technologies that ASP offers above normal HTML. They all combine together to allow you to deliver quality Web-based applications.

Suddenly your corporate database is no longer restricted to specialized users of a specific server, but it can be made available (with varying restrictions) to your whole organization and maybe your customers. Your CEO - who could never operate Access in a million years, let alone SQL Server - can now generate reports using a Web browser.

Using ASP you are no longer restricted to static HTML pages, but you really are able to deliver tailored information on the fly to your users.

David Williams is a computer consultant in Newcastle, Australia. Recent projects include an ASP-based task logging system for a University help desk environment, and 'hack-proofing' an evaluation version of a package to manage mobile phone shops.