Can perform task from a .vbs file but not from an .asp file! Why?

L

Leo

Hi

I had asekd previously a question qith regards to running a DLL file from
ASP. It was not running for me. Bo error returned, nothing, Just an empty
string (when it should have not been empty). I created a .vbs file and put
it in the same directory as the .asp file on the web. The same exact code.
It runs fine. Soon as I call the asp file, it still does nothing. Would
anyone have an idea as to why the .asp has no ability to run this dll?

The dll in question will create a folder within the same directory as the
calling file. I thought it could be a permissions thing, but after creating
a new dll file to test creating folders, it had no problem doing so

I am stuck as I am not sure what else I could do to make this run from asp

Thanks

Leo
 
L

Leo

I should crlarify this a bit maybe

'----------------------Code for the VB DLL called from the ASP and VBS
files -----------------------


Private Declare Function DmfDemoEncrypt Lib "C:\Program
Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
String) As String

Public strEmails As String
Public strEncryptThisString As String
Public strEncryptedData As String



Public Function EncryptData(ByVal emailaddresses As String, ByVal
DataToEncrypt As String) As String



strEncryptThisString = DataToEncrypt
strEmails = emailaddresses
strEncryptedData = (DmfDemoEncrypt(strEmails,
strEncryptThisString))




EncryptData = strEncryptedData






End Function
'---------------------------- END VB
CODE--------------------------------------------


Code for the vbs file

'------------------ VBS CODE (works) -----------------------

Option Explicit




Dim WshShell,fso,cd,objRSServer,strEmails,strAll

Set WshShell = WScript.CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")


Set objRSServer = CreateObject("Encrypt.clsEncryptData")

strEmails = "(e-mail address removed),[email protected]"

cd = "this is encrypted email test"



strAll = objRSServer.EncryptData(strEmails, cd)

If strAll <> "" then

Msgbox strAll
Else

msgbox "Nothing returned"
End if




'Cleanup.
Set WshShell = Nothing
Set fso = Nothing

'---------------------------------- END -----------------------


code for the ASP file (doesn't work )

'------------ ASP CODE ------------------------

<%



Set objServer = Server.CreateObject("Encrypt.clsEncryptData")


strEmails = "(e-mail address removed),[email protected]"
cd = "this is a test" 'Request("Body") '"this is encrypted email
test"


strAll = objServer.EncryptData(strEmails,cd)

response.write strAll

%>

I even tried to manually specify a <!-- #include file="Encrypt.dll" --> to
no avail

The C++ dll which the VB wrapper calls to actually encrypt the data sits
somewhere in the Windows directory. Once it is called it creates a folder in
the same directory as the calling file (ASP, or VBS in this case) called
store, where it stores some encryption keys , certificates etc....


So my question would be: why can I run this VB DLL from VB or VBS files, but
not ASP?

Could it have anything to do with permissions?
 
R

Roland Hall

:I should crlarify this a bit maybe
:
: '----------------------Code for the VB DLL called from the ASP and VBS
: files -----------------------
:
:
: Private Declare Function DmfDemoEncrypt Lib "C:\Program
: Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
: String) As String
:
: Public strEmails As String
: Public strEncryptThisString As String
: Public strEncryptedData As String
:
:
:
: Public Function EncryptData(ByVal emailaddresses As String, ByVal
: DataToEncrypt As String) As String
:
:
:
: strEncryptThisString = DataToEncrypt
: strEmails = emailaddresses
: strEncryptedData = (DmfDemoEncrypt(strEmails,
: strEncryptThisString))
:
:
:
:
: EncryptData = strEncryptedData
:
:
:
:
:
:
: End Function
: '---------------------------- END VB
: CODE--------------------------------------------
:
:
: Code for the vbs file
:
: '------------------ VBS CODE (works) -----------------------
:
: Option Explicit
:
:
:
:
: Dim WshShell,fso,cd,objRSServer,strEmails,strAll
:
: Set WshShell = WScript.CreateObject("WScript.Shell")
: Set fso = CreateObject("Scripting.FileSystemObject")
:
:
: Set objRSServer = CreateObject("Encrypt.clsEncryptData")
:
: strEmails = "(e-mail address removed),[email protected]"
:
: cd = "this is encrypted email test"
:
:
:
: strAll = objRSServer.EncryptData(strEmails, cd)
:
: If strAll <> "" then
:
: Msgbox strAll
: Else
:
: msgbox "Nothing returned"
: End if
:
:
:
:
: 'Cleanup.
: Set WshShell = Nothing
: Set fso = Nothing
:
: '---------------------------------- END -----------------------
:
:
: code for the ASP file (doesn't work )
:
: '------------ ASP CODE ------------------------
:
: <%
:
:
:
: Set objServer = Server.CreateObject("Encrypt.clsEncryptData")
:
:
: strEmails = "(e-mail address removed),[email protected]"
: cd = "this is a test" 'Request("Body") '"this is encrypted email
: test"
:
:
: strAll = objServer.EncryptData(strEmails,cd)
:
: response.write strAll
:
: %>
:
: I even tried to manually specify a <!-- #include file="Encrypt.dll" --> to
: no avail
:
: The C++ dll which the VB wrapper calls to actually encrypt the data sits
: somewhere in the Windows directory. Once it is called it creates a folder
in
: the same directory as the calling file (ASP, or VBS in this case) called
: store, where it stores some encryption keys , certificates etc....
:
:
: So my question would be: why can I run this VB DLL from VB or VBS files,
but
: not ASP?
:
: Could it have anything to do with permissions?
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
: : > Hi
: >
: > I had asekd previously a question qith regards to running a DLL file
from
: > ASP. It was not running for me. Bo error returned, nothing, Just an
empty
: > string (when it should have not been empty). I created a .vbs file and
put
: > it in the same directory as the .asp file on the web. The same exact
code.
: > It runs fine. Soon as I call the asp file, it still does nothing. Would
: > anyone have an idea as to why the .asp has no ability to run this dll?
: >
: > The dll in question will create a folder within the same directory as
the
: > calling file. I thought it could be a permissions thing, but after
: creating
: > a new dll file to test creating folders, it had no problem doing so
: >
: > I am stuck as I am not sure what else I could do to make this run from
asp

The file is probably not exposed to the account being used. If you're
supporting anonymous users then the IUSR_COMPUTERNAME needs RX rights.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
 
L

Leo

I have been messing around with the permissions. I gave the IUSR full
permissions on the machine...nothing
 
R

Roland Hall

in message :I have been messing around with the permissions. I gave the IUSR full
: permissions on the machine...nothing

Please post after my responses, not before them.

It's a really bad idea to give everyone on the planet full rights to your
system. This .dll is in the %systemroot%\system32 folder. Have you checked
the effective rights of the IUSR_COMPUTERNAME in that folder and have you
verified this is the user being used to access the .dll file? Is there a
reason this file needs to be in this folder?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
 
L

Leo

This is my personal development machine Roland, so I do not care about the
permissions. It will be a different story when it gets deployed. Plus it was
for troubleshooting purposes

The IUSR has access to that folder. What I managed to do so far was to run
the VB app from IDE. Then run my ASP page. It works great. But when I
compile the App into a DLL and run my ASP page, it still returns
nothing....!?!?!
 
R

Roland Hall

in message : This is my personal development machine Roland, so I do not care about the
: permissions.

I won't debate the security issue anymore other than to say if you're on the
internet and anyone can access your web server and the anonymous user has
full access, you're immediately at risk. Enough said.

: It will be a different story when it gets deployed. Plus it was
: for troubleshooting purposes

Noted.

: The IUSR has access to that folder. What I managed to do so far was to run
: the VB app from IDE. Then run my ASP page. It works great. But when I
: compile the App into a DLL and run my ASP page, it still returns
: nothing....!?!?!

Have you tried using FileMon from SysInternals to see what's really
happening and are you getting anything in your logs?

What does the ASP page do if it's not calling the .dll file? I don't see
the apples-apples comparison. What am I missing?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
 
R

Roland Hall

in message : What the asp page does is:
:
: passes two strings to the DLL function and the DLL returns an encrypted
: string that looks like this:
:
: MIIHxgYJKoZIhvcNAQcDoIIHtzCCB7MCAQAxggJqMIIBMQIBADCBtDCBrjGBqzCB
: qAYDVQQpE4GgTUhZd0RBWUtZSVpJQVliOUhnSUJBUXdnWkdWMlpXeHZjR1Z5TG5a
: dmJIUmhaMlV1WTI5dEl6RXdPRFEwTURBMk5qUXdSREFhREFsdWIzUkNaV1p2Y21V
: RURUQTFNRGt5T0RBd01EQXdNRm93Smd3Q2FXUUVJR1J0Wm5OMWNIQnZjblJBWkdW
: MlpXeHZjR1Z5TG5admJIUmhaMlV1WTI5dAIBATAPBgtghkgBhv0eAQECAQUABGSG
: amqBJbkwyp11m/uzAghdUz2wJyvg8CgPTaIW+rFd+BraqpLuBXd3pOWRxRmO+YiG
: KkvZu8WIXOO/tUBL/isWp7t27LAGEa62TcQooqd9cIEWe3usqh9DndjogpnMRQiw
: MGSNMIIBMQIBADCBtDCBrjGBqzCBqAYDVQQpE4GgTUhRd0RBWUtZSVpJQVliOUhn
: SUJBUXdnWkdWMlpXeHZjR1Z5TG5admJIUmhaMlV1WTI5dEl6RXdPRFEwTURBMk5q
: UXdRakFhREFsdWIzUkNaV1p2Y21VRURUQTFNRGt5TlRBd01EQXdNRm93SkF3Q2FX
: UUVIbU4xYzNSdmJXVnlRR1JsZG1Wc2IzQmxjaTUyYjJ4MFlXZGxMbU52YlE9PQIB
: ATAPBgtghkgBhv0eAQECAQUABGQGtVLM2jPFyyTbPhctVJstniLUl0G2MONK8TMy
: pJ+EU48CQjMXy9q63UlbmdpoSrl/RLGiiVPaeuPLPT+3mJX183270afmqofXiiCb
: I2U8lEeoBgiInPCku6ocZYbxuiOCJ+XfMIIFPgYJKoZIhvcNAQcBMB0GCWCGSAFl
: AwQBAgQQebMQjWsqfmvLMIUQJvn9/oCCBRAl6xTc/osR/Fn2emiI/zNXz+VTAKUv
: kKfJdFSdakgwoq8E0Z37rZFEcjjt2hy14293jEgLWKEdOc0/Fshrx3hLry/0Ohyq
: /Tnd3Hksirms9k6DOCevDE0J9cROPIaFwz/39byZlHOfrGxZHcCOAx5jgBx2WQmc
: sJSrz/DeqRIrHSfcOl+V6724mx3jUl8FAIGJ8rZ4L6hPb2Ezih3rVMecB65SZwtP
: 3RPgDxFQfMu7nw0eElMJHorDmQMImBPfECNzPxrdDYX5rmZLAWTLbP6OVOzBYVIg
: bwGerfIR2N0FXXJz/grLsRkDsB1XwlOrv8iQLNUVJbNi6QFyUkefylWhT52CQTIU
: redmhYIWjQzS4LZwoApe/Ksgq4/BCC2+HaDSaq8Aw1wlj/I3TnFXhpVqU5Vnpec0
: pkKsVXLPgJIOMKPtAXSUVuKKNk9ylNUR+Xet3n4ljPxBj0E5jM4DcFdl5UPOMTG+
: Cj56Q80EPUfxl7jpchoiMQV2IiqtiTd7eIitX3txd2dSxu6TDGLx2qCuJnbNKtsA
: zI7Gy8f2OR55EOwhwmDBl0P7EDAp+a78A2Fa5u4Luuq7XGLXHrnulioX6ywjd3oA
: VYon9w9KhiCuPQ0Mv2OXF/cx+Zv2fylslFvsPdPVsu0KxKUePUWv1TMbYpSFwjjx
: RU4CMP6O38WtA1m7U91TizGxttngTSaX62Ha7WrqGNX9dDxp
:
: I used the Filemon tool but it's not giving me anything weird I can
: troubleshoot

It's not supposed to give you anything weird. We're looking for the calls
to access the files. I'm concerned with the C++ dll being accessed when
called from the wrapper while running from ASP.

What are the rights to this folder? C:\Program Files\Samples\Simple\
Have you tried removing the anonymous user access and running this at
http://localhost/ to eliminate the anonymous user permissions being the
issue?
You said the C++ dll resides somewhere under the windows directory. Isn't
this the C++ dll?
Private Declare Function DmfDemoEncrypt Lib "C:\Program
Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
String) As String

BTW... rights only apply when they are inherited, if not specifically set.
Adding a user to a group requires that group having access to be effective.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
 
L

Leo

It is proprietary, from a company called Voltage. Their whole encryption
algorithms are based on Identity-Based Encryption (IBE).

What they have is a API documentation, but it was geared more towards
integration with applications than with the web. It's actually written in C
(but they claim C++). They provided me with a sample of a program that
encrypts a document, but then I modified it to encrypt emails.
 
L

Leo

It's not supposed to give you anything weird. We're looking for the calls
to access the files. I'm concerned with the C++ dll being accessed when
called from the wrapper while running from ASP.
Click to expand...
You are right. I meant I cannot see any big diffeence when running the
wrapper from the VB IDE or the DLL as far as
accessing files. The only obvious difference is that when running from the
VB IDE it's VB6.exe that invokes the calls to the DLL, and when running as
a compiled DLL, it's DLLHOST.exe that is doing the loading of the files. I
ran Process Viewer from Microsoft, and it shows both files loaded when I
call
the DLL (both my wrapper dll and the encryption DLL). I just am not sure if
permissions are still the issue.
What are the rights to this folder? C:\Program Files\Samples\Simple\
Have you tried removing the anonymous user access and running this at
http://localhost/ to eliminate the anonymous user permissions being the
issue?
Click to expand...
There is no anonymous user for that folder or virtual directory. What it is
there's an IUSR with full control (again for testing purposes), then users
and administrators and everyone groups

You said the C++ dll resides somewhere under the windows directory. Isn't
this the C++ dll?
Click to expand...
I put it under C:\Windows\System32, just to exclude the path from my wrapper
dll

Private Declare Function DmfDemoEncrypt Lib "C:\Program
Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
String) As String

BTW... rights only apply when they are inherited, if not specifically set.
Adding a user to a group requires that group having access to be
Click to expand...
effective.
I added IUSR to the adminnistrators group. I guess that should give it
enough rights (lol). I mean this is on my development machine and I have
broken every security rule with regards to user rights so far
but I do not care, since it's not going beyond my machine at this point.
 
P

Patrice

Don't you have any syntax error ? AFAIK Declare Function is not supported in
VBSCript... IMO you'll have to expose this DLL function through a COM
object...
 
L

Leo

Which is why I am using the wrapper. What the VB DLL does should be
irrelevant to the ASP request, as long as ASP gets a string back. So in this
case I have the VB DLL doing the work.

The DLL function you suggest should be exposed, are you saying the C++
encryption function should be exposed (if you have been reading the posts
that is). The VB DLL is a com object
 
R

Roland Hall

in message :
: > What are the rights to this folder? C:\Program Files\Samples\Simple\
: > Have you tried removing the anonymous user access and running this at
: > http://localhost/ to eliminate the anonymous user permissions being the
: > issue?
: There is no anonymous user for that folder or virtual directory. What it
is
: there's an IUSR with full control (again for testing purposes), then users
: and administrators and everyone groups

IUSR is the anonymous user. You have to disable it for the web site to test
effectively unless you can prove the user being used is not the anonymous
user.

: > You said the C++ dll resides somewhere under the windows directory.
Isn't
: > this the C++ dll?
: I put it under C:\Windows\System32, just to exclude the path from my
wrapper
: dll

And putting it [the dll file] under the %systemroot%\system32 won't help if
the code still tells it to look elsewhere.

: > Private Declare Function DmfDemoEncrypt Lib "C:\Program
: > Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s
As
: > String) As String
: >
: > BTW... rights only apply when they are inherited, if not specifically
set.
: > Adding a user to a group requires that group having access to be
: effective.
: I added IUSR to the adminnistrators group. I guess that should give it
: enough rights (lol).

No, it doesn't. That is not how file system security works. NO ACCESS
overrides all other rights. And, if a user is part of any group, INCLUDING,
Admin/Domain Admin, THAT group has to have rights to that folder. The Admin
group is just a name, like any other, but has full rights IF and ONLY IF,
that group is present for a particular folder/file or inherited rights,
meaning listed, in the file system security. What you should ALWAYS do, is
verify the groups the user has access to and then look at the effective
rights. That tells you if the user really has access, no matter which group
they're in.

Ex. If you break inherited rights, which is usually what I do for one-off
folders, and you set MYSECRET group as having full access, and THEN put the
anonymous user in the Administrator's group, the anonymous user will not
have access rights to that folder or anything beneath it. You would have to
add the anonymous user to the MYSECRET group or give the Administrator's
group full rights to that folder, explicitly.

I mean this is on my development machine and I have
: broken every security rule with regards to user rights so far
: but I do not care, since it's not going beyond my machine at this point.

I would disagree with that assessment if you have any accounts that have
rights to other systems and in the very least is could be compromised and
used to attack others but that's not our main focus here now.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

.vbs to ASP page 11
How can I view / open / render / display a pdf file with c code? 0
Executing a VBS file from an ASP page 4
I need some help on a format issue that should be simple for someone here (but not me!) 0
How do I save information from an GUI into a XML-file? 0
How can I upload a tar.bz2 file to OpenStack swift object storage container using the Python swift client? 1
wscript.shell does not execute .vbs 1
How do I set the default content page) on a Classic ASP file? 0

Members online

No members online now.
Total: 34 (members: 0, guests: 34)
Robots: 389

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,013
Latest member
KatriceSwa

Latest Threads

Top