Can perform task from a .vbs file but not from an .asp file! Why?

Discussion in 'ASP General' started by Leo, Oct 14, 2005.

  1. Leo

    Leo Guest

    Hi

    I had asekd previously a question qith regards to running a DLL file from
    ASP. It was not running for me. Bo error returned, nothing, Just an empty
    string (when it should have not been empty). I created a .vbs file and put
    it in the same directory as the .asp file on the web. The same exact code.
    It runs fine. Soon as I call the asp file, it still does nothing. Would
    anyone have an idea as to why the .asp has no ability to run this dll?

    The dll in question will create a folder within the same directory as the
    calling file. I thought it could be a permissions thing, but after creating
    a new dll file to test creating folders, it had no problem doing so

    I am stuck as I am not sure what else I could do to make this run from asp

    Thanks

    Leo
     
    Leo, Oct 14, 2005
    #1
    1. Advertising

  2. Leo

    Leo Guest

    I should crlarify this a bit maybe

    '----------------------Code for the VB DLL called from the ASP and VBS
    files -----------------------


    Private Declare Function DmfDemoEncrypt Lib "C:\Program
    Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
    String) As String

    Public strEmails As String
    Public strEncryptThisString As String
    Public strEncryptedData As String



    Public Function EncryptData(ByVal emailaddresses As String, ByVal
    DataToEncrypt As String) As String



    strEncryptThisString = DataToEncrypt
    strEmails = emailaddresses
    strEncryptedData = (DmfDemoEncrypt(strEmails,
    strEncryptThisString))




    EncryptData = strEncryptedData






    End Function
    '---------------------------- END VB
    CODE--------------------------------------------


    Code for the vbs file

    '------------------ VBS CODE (works) -----------------------

    Option Explicit




    Dim WshShell,fso,cd,objRSServer,strEmails,strAll

    Set WshShell = WScript.CreateObject("WScript.Shell")
    Set fso = CreateObject("Scripting.FileSystemObject")


    Set objRSServer = CreateObject("Encrypt.clsEncryptData")

    strEmails = ","

    cd = "this is encrypted email test"



    strAll = objRSServer.EncryptData(strEmails, cd)

    If strAll <> "" then

    Msgbox strAll
    Else

    msgbox "Nothing returned"
    End if




    'Cleanup.
    Set WshShell = Nothing
    Set fso = Nothing

    '---------------------------------- END -----------------------


    code for the ASP file (doesn't work )

    '------------ ASP CODE ------------------------

    <%



    Set objServer = Server.CreateObject("Encrypt.clsEncryptData")


    strEmails = ","
    cd = "this is a test" 'Request("Body") '"this is encrypted email
    test"


    strAll = objServer.EncryptData(strEmails,cd)

    response.write strAll

    %>

    I even tried to manually specify a <!-- #include file="Encrypt.dll" --> to
    no avail

    The C++ dll which the VB wrapper calls to actually encrypt the data sits
    somewhere in the Windows directory. Once it is called it creates a folder in
    the same directory as the calling file (ASP, or VBS in this case) called
    store, where it stores some encryption keys , certificates etc....


    So my question would be: why can I run this VB DLL from VB or VBS files, but
    not ASP?

    Could it have anything to do with permissions?




















    "Leo" <> wrote in message
    news:ei%...
    > Hi
    >
    > I had asekd previously a question qith regards to running a DLL file from
    > ASP. It was not running for me. Bo error returned, nothing, Just an empty
    > string (when it should have not been empty). I created a .vbs file and put
    > it in the same directory as the .asp file on the web. The same exact code.
    > It runs fine. Soon as I call the asp file, it still does nothing. Would
    > anyone have an idea as to why the .asp has no ability to run this dll?
    >
    > The dll in question will create a folder within the same directory as the
    > calling file. I thought it could be a permissions thing, but after

    creating
    > a new dll file to test creating folders, it had no problem doing so
    >
    > I am stuck as I am not sure what else I could do to make this run from asp
    >
    > Thanks
    >
    > Leo
    >
    >
     
    Leo, Oct 14, 2005
    #2
    1. Advertising

  3. Leo

    Roland Hall Guest

    "Leo" <> wrote in message
    news:%...
    :I should crlarify this a bit maybe
    :
    : '----------------------Code for the VB DLL called from the ASP and VBS
    : files -----------------------
    :
    :
    : Private Declare Function DmfDemoEncrypt Lib "C:\Program
    : Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
    : String) As String
    :
    : Public strEmails As String
    : Public strEncryptThisString As String
    : Public strEncryptedData As String
    :
    :
    :
    : Public Function EncryptData(ByVal emailaddresses As String, ByVal
    : DataToEncrypt As String) As String
    :
    :
    :
    : strEncryptThisString = DataToEncrypt
    : strEmails = emailaddresses
    : strEncryptedData = (DmfDemoEncrypt(strEmails,
    : strEncryptThisString))
    :
    :
    :
    :
    : EncryptData = strEncryptedData
    :
    :
    :
    :
    :
    :
    : End Function
    : '---------------------------- END VB
    : CODE--------------------------------------------
    :
    :
    : Code for the vbs file
    :
    : '------------------ VBS CODE (works) -----------------------
    :
    : Option Explicit
    :
    :
    :
    :
    : Dim WshShell,fso,cd,objRSServer,strEmails,strAll
    :
    : Set WshShell = WScript.CreateObject("WScript.Shell")
    : Set fso = CreateObject("Scripting.FileSystemObject")
    :
    :
    : Set objRSServer = CreateObject("Encrypt.clsEncryptData")
    :
    : strEmails = ","
    :
    : cd = "this is encrypted email test"
    :
    :
    :
    : strAll = objRSServer.EncryptData(strEmails, cd)
    :
    : If strAll <> "" then
    :
    : Msgbox strAll
    : Else
    :
    : msgbox "Nothing returned"
    : End if
    :
    :
    :
    :
    : 'Cleanup.
    : Set WshShell = Nothing
    : Set fso = Nothing
    :
    : '---------------------------------- END -----------------------
    :
    :
    : code for the ASP file (doesn't work )
    :
    : '------------ ASP CODE ------------------------
    :
    : <%
    :
    :
    :
    : Set objServer = Server.CreateObject("Encrypt.clsEncryptData")
    :
    :
    : strEmails = ","
    : cd = "this is a test" 'Request("Body") '"this is encrypted email
    : test"
    :
    :
    : strAll = objServer.EncryptData(strEmails,cd)
    :
    : response.write strAll
    :
    : %>
    :
    : I even tried to manually specify a <!-- #include file="Encrypt.dll" --> to
    : no avail
    :
    : The C++ dll which the VB wrapper calls to actually encrypt the data sits
    : somewhere in the Windows directory. Once it is called it creates a folder
    in
    : the same directory as the calling file (ASP, or VBS in this case) called
    : store, where it stores some encryption keys , certificates etc....
    :
    :
    : So my question would be: why can I run this VB DLL from VB or VBS files,
    but
    : not ASP?
    :
    : Could it have anything to do with permissions?
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    : "Leo" <> wrote in message
    : news:ei%...
    : > Hi
    : >
    : > I had asekd previously a question qith regards to running a DLL file
    from
    : > ASP. It was not running for me. Bo error returned, nothing, Just an
    empty
    : > string (when it should have not been empty). I created a .vbs file and
    put
    : > it in the same directory as the .asp file on the web. The same exact
    code.
    : > It runs fine. Soon as I call the asp file, it still does nothing. Would
    : > anyone have an idea as to why the .asp has no ability to run this dll?
    : >
    : > The dll in question will create a folder within the same directory as
    the
    : > calling file. I thought it could be a permissions thing, but after
    : creating
    : > a new dll file to test creating folders, it had no problem doing so
    : >
    : > I am stuck as I am not sure what else I could do to make this run from
    asp

    The file is probably not exposed to the account being used. If you're
    supporting anonymous users then the IUSR_COMPUTERNAME needs RX rights.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, Oct 17, 2005
    #3
  4. Leo

    Leo Guest

    I have been messing around with the permissions. I gave the IUSR full
    permissions on the machine...nothing


    "Roland Hall" <nobody@nowhere> wrote in message
    news:uix%...
    > "Leo" <> wrote in message
    > news:%...
    > :I should crlarify this a bit maybe
    > :
    > : '----------------------Code for the VB DLL called from the ASP and VBS
    > : files -----------------------
    > :
    > :
    > : Private Declare Function DmfDemoEncrypt Lib "C:\Program
    > : Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s

    As
    > : String) As String
    > :
    > : Public strEmails As String
    > : Public strEncryptThisString As String
    > : Public strEncryptedData As String
    > :
    > :
    > :
    > : Public Function EncryptData(ByVal emailaddresses As String, ByVal
    > : DataToEncrypt As String) As String
    > :
    > :
    > :
    > : strEncryptThisString = DataToEncrypt
    > : strEmails = emailaddresses
    > : strEncryptedData = (DmfDemoEncrypt(strEmails,
    > : strEncryptThisString))
    > :
    > :
    > :
    > :
    > : EncryptData = strEncryptedData
    > :
    > :
    > :
    > :
    > :
    > :
    > : End Function
    > : '---------------------------- END VB
    > : CODE--------------------------------------------
    > :
    > :
    > : Code for the vbs file
    > :
    > : '------------------ VBS CODE (works) -----------------------
    > :
    > : Option Explicit
    > :
    > :
    > :
    > :
    > : Dim WshShell,fso,cd,objRSServer,strEmails,strAll
    > :
    > : Set WshShell = WScript.CreateObject("WScript.Shell")
    > : Set fso = CreateObject("Scripting.FileSystemObject")
    > :
    > :
    > : Set objRSServer = CreateObject("Encrypt.clsEncryptData")
    > :
    > : strEmails = ","
    > :
    > : cd = "this is encrypted email test"
    > :
    > :
    > :
    > : strAll = objRSServer.EncryptData(strEmails, cd)
    > :
    > : If strAll <> "" then
    > :
    > : Msgbox strAll
    > : Else
    > :
    > : msgbox "Nothing returned"
    > : End if
    > :
    > :
    > :
    > :
    > : 'Cleanup.
    > : Set WshShell = Nothing
    > : Set fso = Nothing
    > :
    > : '---------------------------------- END -----------------------
    > :
    > :
    > : code for the ASP file (doesn't work )
    > :
    > : '------------ ASP CODE ------------------------
    > :
    > : <%
    > :
    > :
    > :
    > : Set objServer = Server.CreateObject("Encrypt.clsEncryptData")
    > :
    > :
    > : strEmails = ","
    > : cd = "this is a test" 'Request("Body") '"this is encrypted email
    > : test"
    > :
    > :
    > : strAll = objServer.EncryptData(strEmails,cd)
    > :
    > : response.write strAll
    > :
    > : %>
    > :
    > : I even tried to manually specify a <!-- #include file="Encrypt.dll" -->

    to
    > : no avail
    > :
    > : The C++ dll which the VB wrapper calls to actually encrypt the data sits
    > : somewhere in the Windows directory. Once it is called it creates a

    folder
    > in
    > : the same directory as the calling file (ASP, or VBS in this case) called
    > : store, where it stores some encryption keys , certificates etc....
    > :
    > :
    > : So my question would be: why can I run this VB DLL from VB or VBS files,
    > but
    > : not ASP?
    > :
    > : Could it have anything to do with permissions?
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > :
    > : "Leo" <> wrote in message
    > : news:ei%...
    > : > Hi
    > : >
    > : > I had asekd previously a question qith regards to running a DLL file
    > from
    > : > ASP. It was not running for me. Bo error returned, nothing, Just an
    > empty
    > : > string (when it should have not been empty). I created a .vbs file and
    > put
    > : > it in the same directory as the .asp file on the web. The same exact
    > code.
    > : > It runs fine. Soon as I call the asp file, it still does nothing.

    Would
    > : > anyone have an idea as to why the .asp has no ability to run this dll?
    > : >
    > : > The dll in question will create a folder within the same directory as
    > the
    > : > calling file. I thought it could be a permissions thing, but after
    > : creating
    > : > a new dll file to test creating folders, it had no problem doing so
    > : >
    > : > I am stuck as I am not sure what else I could do to make this run from
    > asp
    >
    > The file is probably not exposed to the account being used. If you're
    > supporting anonymous users then the IUSR_COMPUTERNAME needs RX rights.
    >
    > --
    > Roland Hall
    > /* This information is distributed in the hope that it will be useful, but
    > without any warranty; without even the implied warranty of merchantability
    > or fitness for a particular purpose. */
    > Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    > WSH 5.6 Documentation -

    http://msdn.microsoft.com/downloads/list/webdev.asp
    > MSDN Library - http://msdn.microsoft.com/library/default.asp
    >
    >
     
    Leo, Oct 17, 2005
    #4
  5. Leo

    Roland Hall Guest

    "Leo" wrote in message news:%...
    :I have been messing around with the permissions. I gave the IUSR full
    : permissions on the machine...nothing

    Please post after my responses, not before them.

    It's a really bad idea to give everyone on the planet full rights to your
    system. This .dll is in the %systemroot%\system32 folder. Have you checked
    the effective rights of the IUSR_COMPUTERNAME in that folder and have you
    verified this is the user being used to access the .dll file? Is there a
    reason this file needs to be in this folder?

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, Oct 17, 2005
    #5
  6. Leo

    Leo Guest

    This is my personal development machine Roland, so I do not care about the
    permissions. It will be a different story when it gets deployed. Plus it was
    for troubleshooting purposes

    The IUSR has access to that folder. What I managed to do so far was to run
    the VB app from IDE. Then run my ASP page. It works great. But when I
    compile the App into a DLL and run my ASP page, it still returns
    nothing....!?!?!



    "Roland Hall" <nobody@nowhere> wrote in message
    news:...
    > "Leo" wrote in message news:%...
    > :I have been messing around with the permissions. I gave the IUSR full
    > : permissions on the machine...nothing
    >
    > Please post after my responses, not before them.
    >
    > It's a really bad idea to give everyone on the planet full rights to your
    > system. This .dll is in the %systemroot%\system32 folder. Have you

    checked
    > the effective rights of the IUSR_COMPUTERNAME in that folder and have you
    > verified this is the user being used to access the .dll file? Is there a
    > reason this file needs to be in this folder?
    >
    > --
    > Roland Hall
    > /* This information is distributed in the hope that it will be useful, but
    > without any warranty; without even the implied warranty of merchantability
    > or fitness for a particular purpose. */
    > Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    > WSH 5.6 Documentation -

    http://msdn.microsoft.com/downloads/list/webdev.asp
    > MSDN Library - http://msdn.microsoft.com/library/default.asp
    >
    >
     
    Leo, Oct 17, 2005
    #6
  7. Leo

    Roland Hall Guest

    "Leo" wrote in message news:...
    : This is my personal development machine Roland, so I do not care about the
    : permissions.

    I won't debate the security issue anymore other than to say if you're on the
    internet and anyone can access your web server and the anonymous user has
    full access, you're immediately at risk. Enough said.

    : It will be a different story when it gets deployed. Plus it was
    : for troubleshooting purposes

    Noted.

    : The IUSR has access to that folder. What I managed to do so far was to run
    : the VB app from IDE. Then run my ASP page. It works great. But when I
    : compile the App into a DLL and run my ASP page, it still returns
    : nothing....!?!?!

    Have you tried using FileMon from SysInternals to see what's really
    happening and are you getting anything in your logs?

    What does the ASP page do if it's not calling the .dll file? I don't see
    the apples-apples comparison. What am I missing?

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, Oct 17, 2005
    #7
  8. Leo

    Roland Hall Guest

    "Leo" wrote in message news:uBuFR%23%...
    : What the asp page does is:
    :
    : passes two strings to the DLL function and the DLL returns an encrypted
    : string that looks like this:
    :
    : MIIHxgYJKoZIhvcNAQcDoIIHtzCCB7MCAQAxggJqMIIBMQIBADCBtDCBrjGBqzCB
    : qAYDVQQpE4GgTUhZd0RBWUtZSVpJQVliOUhnSUJBUXdnWkdWMlpXeHZjR1Z5TG5a
    : dmJIUmhaMlV1WTI5dEl6RXdPRFEwTURBMk5qUXdSREFhREFsdWIzUkNaV1p2Y21V
    : RURUQTFNRGt5T0RBd01EQXdNRm93Smd3Q2FXUUVJR1J0Wm5OMWNIQnZjblJBWkdW
    : MlpXeHZjR1Z5TG5admJIUmhaMlV1WTI5dAIBATAPBgtghkgBhv0eAQECAQUABGSG
    : amqBJbkwyp11m/uzAghdUz2wJyvg8CgPTaIW+rFd+BraqpLuBXd3pOWRxRmO+YiG
    : KkvZu8WIXOO/tUBL/isWp7t27LAGEa62TcQooqd9cIEWe3usqh9DndjogpnMRQiw
    : MGSNMIIBMQIBADCBtDCBrjGBqzCBqAYDVQQpE4GgTUhRd0RBWUtZSVpJQVliOUhn
    : SUJBUXdnWkdWMlpXeHZjR1Z5TG5admJIUmhaMlV1WTI5dEl6RXdPRFEwTURBMk5q
    : UXdRakFhREFsdWIzUkNaV1p2Y21VRURUQTFNRGt5TlRBd01EQXdNRm93SkF3Q2FX
    : UUVIbU4xYzNSdmJXVnlRR1JsZG1Wc2IzQmxjaTUyYjJ4MFlXZGxMbU52YlE9PQIB
    : ATAPBgtghkgBhv0eAQECAQUABGQGtVLM2jPFyyTbPhctVJstniLUl0G2MONK8TMy
    : pJ+EU48CQjMXy9q63UlbmdpoSrl/RLGiiVPaeuPLPT+3mJX183270afmqofXiiCb
    : I2U8lEeoBgiInPCku6ocZYbxuiOCJ+XfMIIFPgYJKoZIhvcNAQcBMB0GCWCGSAFl
    : AwQBAgQQebMQjWsqfmvLMIUQJvn9/oCCBRAl6xTc/osR/Fn2emiI/zNXz+VTAKUv
    : kKfJdFSdakgwoq8E0Z37rZFEcjjt2hy14293jEgLWKEdOc0/Fshrx3hLry/0Ohyq
    : /Tnd3Hksirms9k6DOCevDE0J9cROPIaFwz/39byZlHOfrGxZHcCOAx5jgBx2WQmc
    : sJSrz/DeqRIrHSfcOl+V6724mx3jUl8FAIGJ8rZ4L6hPb2Ezih3rVMecB65SZwtP
    : 3RPgDxFQfMu7nw0eElMJHorDmQMImBPfECNzPxrdDYX5rmZLAWTLbP6OVOzBYVIg
    : bwGerfIR2N0FXXJz/grLsRkDsB1XwlOrv8iQLNUVJbNi6QFyUkefylWhT52CQTIU
    : redmhYIWjQzS4LZwoApe/Ksgq4/BCC2+HaDSaq8Aw1wlj/I3TnFXhpVqU5Vnpec0
    : pkKsVXLPgJIOMKPtAXSUVuKKNk9ylNUR+Xet3n4ljPxBj0E5jM4DcFdl5UPOMTG+
    : Cj56Q80EPUfxl7jpchoiMQV2IiqtiTd7eIitX3txd2dSxu6TDGLx2qCuJnbNKtsA
    : zI7Gy8f2OR55EOwhwmDBl0P7EDAp+a78A2Fa5u4Luuq7XGLXHrnulioX6ywjd3oA
    : VYon9w9KhiCuPQ0Mv2OXF/cx+Zv2fylslFvsPdPVsu0KxKUePUWv1TMbYpSFwjjx
    : RU4CMP6O38WtA1m7U91TizGxttngTSaX62Ha7WrqGNX9dDxp
    :
    : I used the Filemon tool but it's not giving me anything weird I can
    : troubleshoot

    It's not supposed to give you anything weird. We're looking for the calls
    to access the files. I'm concerned with the C++ dll being accessed when
    called from the wrapper while running from ASP.

    What are the rights to this folder? C:\Program Files\Samples\Simple\
    Have you tried removing the anonymous user access and running this at
    http://localhost/ to eliminate the anonymous user permissions being the
    issue?
    You said the C++ dll resides somewhere under the windows directory. Isn't
    this the C++ dll?
    Private Declare Function DmfDemoEncrypt Lib "C:\Program
    Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
    String) As String

    BTW... rights only apply when they are inherited, if not specifically set.
    Adding a user to a group requires that group having access to be effective.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, Oct 19, 2005
    #8
  9. Leo

    Roland Hall Guest

    Roland Hall, Oct 19, 2005
    #9
  10. Leo

    Leo Guest

    It is proprietary, from a company called Voltage. Their whole encryption
    algorithms are based on Identity-Based Encryption (IBE).

    What they have is a API documentation, but it was geared more towards
    integration with applications than with the web. It's actually written in C
    (but they claim C++). They provided me with a sample of a program that
    encrypts a document, but then I modified it to encrypt emails.




    "Roland Hall" <nobody@nowhere> wrote in message
    news:%...
    > What encryption method is being used?
    >
    > --
    > Roland Hall
    > /* This information is distributed in the hope that it will be useful, but
    > without any warranty; without even the implied warranty of merchantability
    > or fitness for a particular purpose. */
    > Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    > WSH 5.6 Documentation -

    http://msdn.microsoft.com/downloads/list/webdev.asp
    > MSDN Library - http://msdn.microsoft.com/library/default.asp
    >
    >
     
    Leo, Oct 19, 2005
    #10
  11. Leo

    Leo Guest


    > It's not supposed to give you anything weird. We're looking for the calls
    > to access the files. I'm concerned with the C++ dll being accessed when
    > called from the wrapper while running from ASP.

    You are right. I meant I cannot see any big diffeence when running the
    wrapper from the VB IDE or the DLL as far as
    accessing files. The only obvious difference is that when running from the
    VB IDE it's VB6.exe that invokes the calls to the DLL, and when running as
    a compiled DLL, it's DLLHOST.exe that is doing the loading of the files. I
    ran Process Viewer from Microsoft, and it shows both files loaded when I
    call
    the DLL (both my wrapper dll and the encryption DLL). I just am not sure if
    permissions are still the issue.

    >
    > What are the rights to this folder? C:\Program Files\Samples\Simple\
    > Have you tried removing the anonymous user access and running this at
    > http://localhost/ to eliminate the anonymous user permissions being the
    > issue?

    There is no anonymous user for that folder or virtual directory. What it is
    there's an IUSR with full control (again for testing purposes), then users
    and administrators and everyone groups


    > You said the C++ dll resides somewhere under the windows directory. Isn't
    > this the C++ dll?

    I put it under C:\Windows\System32, just to exclude the path from my wrapper
    dll


    > Private Declare Function DmfDemoEncrypt Lib "C:\Program
    > Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
    > String) As String
    >
    > BTW... rights only apply when they are inherited, if not specifically set.
    > Adding a user to a group requires that group having access to be

    effective.
    I added IUSR to the adminnistrators group. I guess that should give it
    enough rights (lol). I mean this is on my development machine and I have
    broken every security rule with regards to user rights so far
    but I do not care, since it's not going beyond my machine at this point.




    "Roland Hall" <nobody@nowhere> wrote in message news:uyci7cI1FHA.700@TK2MSFT
    NGP10.phx.gbl...
    > "Leo" wrote in message news:uBuFR%23%...
    > : What the asp page does is:
    > :
    > : passes two strings to the DLL function and the DLL returns an encrypted
    > : string that looks like this:
    > :
    > : MIIHxgYJKoZIhvcNAQcDoIIHtzCCB7MCAQAxggJqMIIBMQIBADCBtDCBrjGBqzCB
    > : qAYDVQQpE4GgTUhZd0RBWUtZSVpJQVliOUhnSUJBUXdnWkdWMlpXeHZjR1Z5TG5a
    > : dmJIUmhaMlV1WTI5dEl6RXdPRFEwTURBMk5qUXdSREFhREFsdWIzUkNaV1p2Y21V
    > : RURUQTFNRGt5T0RBd01EQXdNRm93Smd3Q2FXUUVJR1J0Wm5OMWNIQnZjblJBWkdW
    > : MlpXeHZjR1Z5TG5admJIUmhaMlV1WTI5dAIBATAPBgtghkgBhv0eAQECAQUABGSG
    > : amqBJbkwyp11m/uzAghdUz2wJyvg8CgPTaIW+rFd+BraqpLuBXd3pOWRxRmO+YiG
    > : KkvZu8WIXOO/tUBL/isWp7t27LAGEa62TcQooqd9cIEWe3usqh9DndjogpnMRQiw
    > : MGSNMIIBMQIBADCBtDCBrjGBqzCBqAYDVQQpE4GgTUhRd0RBWUtZSVpJQVliOUhn
    > : SUJBUXdnWkdWMlpXeHZjR1Z5TG5admJIUmhaMlV1WTI5dEl6RXdPRFEwTURBMk5q
    > : UXdRakFhREFsdWIzUkNaV1p2Y21VRURUQTFNRGt5TlRBd01EQXdNRm93SkF3Q2FX
    > : UUVIbU4xYzNSdmJXVnlRR1JsZG1Wc2IzQmxjaTUyYjJ4MFlXZGxMbU52YlE9PQIB
    > : ATAPBgtghkgBhv0eAQECAQUABGQGtVLM2jPFyyTbPhctVJstniLUl0G2MONK8TMy
    > : pJ+EU48CQjMXy9q63UlbmdpoSrl/RLGiiVPaeuPLPT+3mJX183270afmqofXiiCb
    > : I2U8lEeoBgiInPCku6ocZYbxuiOCJ+XfMIIFPgYJKoZIhvcNAQcBMB0GCWCGSAFl
    > : AwQBAgQQebMQjWsqfmvLMIUQJvn9/oCCBRAl6xTc/osR/Fn2emiI/zNXz+VTAKUv
    > : kKfJdFSdakgwoq8E0Z37rZFEcjjt2hy14293jEgLWKEdOc0/Fshrx3hLry/0Ohyq
    > : /Tnd3Hksirms9k6DOCevDE0J9cROPIaFwz/39byZlHOfrGxZHcCOAx5jgBx2WQmc
    > : sJSrz/DeqRIrHSfcOl+V6724mx3jUl8FAIGJ8rZ4L6hPb2Ezih3rVMecB65SZwtP
    > : 3RPgDxFQfMu7nw0eElMJHorDmQMImBPfECNzPxrdDYX5rmZLAWTLbP6OVOzBYVIg
    > : bwGerfIR2N0FXXJz/grLsRkDsB1XwlOrv8iQLNUVJbNi6QFyUkefylWhT52CQTIU
    > : redmhYIWjQzS4LZwoApe/Ksgq4/BCC2+HaDSaq8Aw1wlj/I3TnFXhpVqU5Vnpec0
    > : pkKsVXLPgJIOMKPtAXSUVuKKNk9ylNUR+Xet3n4ljPxBj0E5jM4DcFdl5UPOMTG+
    > : Cj56Q80EPUfxl7jpchoiMQV2IiqtiTd7eIitX3txd2dSxu6TDGLx2qCuJnbNKtsA
    > : zI7Gy8f2OR55EOwhwmDBl0P7EDAp+a78A2Fa5u4Luuq7XGLXHrnulioX6ywjd3oA
    > : VYon9w9KhiCuPQ0Mv2OXF/cx+Zv2fylslFvsPdPVsu0KxKUePUWv1TMbYpSFwjjx
    > : RU4CMP6O38WtA1m7U91TizGxttngTSaX62Ha7WrqGNX9dDxp
    > :
    > : I used the Filemon tool but it's not giving me anything weird I can
    > : troubleshoot
    >
    > It's not supposed to give you anything weird. We're looking for the calls
    > to access the files. I'm concerned with the C++ dll being accessed when
    > called from the wrapper while running from ASP.
    >
    > What are the rights to this folder? C:\Program Files\Samples\Simple\
    > Have you tried removing the anonymous user access and running this at
    > http://localhost/ to eliminate the anonymous user permissions being the
    > issue?
    > You said the C++ dll resides somewhere under the windows directory. Isn't
    > this the C++ dll?
    > Private Declare Function DmfDemoEncrypt Lib "C:\Program
    > Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s As
    > String) As String
    >
    > BTW... rights only apply when they are inherited, if not specifically set.
    > Adding a user to a group requires that group having access to be

    effective.
    >
    > --
    > Roland Hall
    > /* This information is distributed in the hope that it will be useful, but
    > without any warranty; without even the implied warranty of merchantability
    > or fitness for a particular purpose. */
    > Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    > WSH 5.6 Documentation -

    http://msdn.microsoft.com/downloads/list/webdev.asp
    > MSDN Library - http://msdn.microsoft.com/library/default.asp
    >
    >
     
    Leo, Oct 19, 2005
    #11
  12. Leo

    Patrice Guest

    Don't you have any syntax error ? AFAIK Declare Function is not supported in
    VBSCript... IMO you'll have to expose this DLL function through a COM
    object...

    --
    Patrice

    "Leo" <> a écrit dans le message de
    news:...
    > This is my personal development machine Roland, so I do not care about the
    > permissions. It will be a different story when it gets deployed. Plus it

    was
    > for troubleshooting purposes
    >
    > The IUSR has access to that folder. What I managed to do so far was to run
    > the VB app from IDE. Then run my ASP page. It works great. But when I
    > compile the App into a DLL and run my ASP page, it still returns
    > nothing....!?!?!
    >
    >
    >
    > "Roland Hall" <nobody@nowhere> wrote in message
    > news:...
    > > "Leo" wrote in message news:%...
    > > :I have been messing around with the permissions. I gave the IUSR full
    > > : permissions on the machine...nothing
    > >
    > > Please post after my responses, not before them.
    > >
    > > It's a really bad idea to give everyone on the planet full rights to

    your
    > > system. This .dll is in the %systemroot%\system32 folder. Have you

    > checked
    > > the effective rights of the IUSR_COMPUTERNAME in that folder and have

    you
    > > verified this is the user being used to access the .dll file? Is there

    a
    > > reason this file needs to be in this folder?
    > >
    > > --
    > > Roland Hall
    > > /* This information is distributed in the hope that it will be useful,

    but
    > > without any warranty; without even the implied warranty of

    merchantability
    > > or fitness for a particular purpose. */
    > > Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    > > WSH 5.6 Documentation -

    > http://msdn.microsoft.com/downloads/list/webdev.asp
    > > MSDN Library - http://msdn.microsoft.com/library/default.asp
    > >
    > >

    >
    >
     
    Patrice, Oct 19, 2005
    #12
  13. Leo

    Leo Guest

    Which is why I am using the wrapper. What the VB DLL does should be
    irrelevant to the ASP request, as long as ASP gets a string back. So in this
    case I have the VB DLL doing the work.

    The DLL function you suggest should be exposed, are you saying the C++
    encryption function should be exposed (if you have been reading the posts
    that is). The VB DLL is a com object





    "Patrice" <> wrote in message
    news:...
    > Don't you have any syntax error ? AFAIK Declare Function is not supported

    in
    > VBSCript... IMO you'll have to expose this DLL function through a COM
    > object...
    >
    > --
    > Patrice
    >
    > "Leo" <> a écrit dans le message de
    > news:...
    > > This is my personal development machine Roland, so I do not care about

    the
    > > permissions. It will be a different story when it gets deployed. Plus it

    > was
    > > for troubleshooting purposes
    > >
    > > The IUSR has access to that folder. What I managed to do so far was to

    run
    > > the VB app from IDE. Then run my ASP page. It works great. But when I
    > > compile the App into a DLL and run my ASP page, it still returns
    > > nothing....!?!?!
    > >
    > >
    > >
    > > "Roland Hall" <nobody@nowhere> wrote in message
    > > news:...
    > > > "Leo" wrote in message news:%...
    > > > :I have been messing around with the permissions. I gave the IUSR full
    > > > : permissions on the machine...nothing
    > > >
    > > > Please post after my responses, not before them.
    > > >
    > > > It's a really bad idea to give everyone on the planet full rights to

    > your
    > > > system. This .dll is in the %systemroot%\system32 folder. Have you

    > > checked
    > > > the effective rights of the IUSR_COMPUTERNAME in that folder and have

    > you
    > > > verified this is the user being used to access the .dll file? Is

    there
    > a
    > > > reason this file needs to be in this folder?
    > > >
    > > > --
    > > > Roland Hall
    > > > /* This information is distributed in the hope that it will be useful,

    > but
    > > > without any warranty; without even the implied warranty of

    > merchantability
    > > > or fitness for a particular purpose. */
    > > > Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    > > > WSH 5.6 Documentation -

    > > http://msdn.microsoft.com/downloads/list/webdev.asp
    > > > MSDN Library - http://msdn.microsoft.com/library/default.asp
    > > >
    > > >

    > >
    > >

    >
    >
     
    Leo, Oct 19, 2005
    #13
  14. Leo

    Roland Hall Guest

    "Leo" wrote in message news:%...
    :
    : > What are the rights to this folder? C:\Program Files\Samples\Simple\
    : > Have you tried removing the anonymous user access and running this at
    : > http://localhost/ to eliminate the anonymous user permissions being the
    : > issue?
    : There is no anonymous user for that folder or virtual directory. What it
    is
    : there's an IUSR with full control (again for testing purposes), then users
    : and administrators and everyone groups

    IUSR is the anonymous user. You have to disable it for the web site to test
    effectively unless you can prove the user being used is not the anonymous
    user.

    : > You said the C++ dll resides somewhere under the windows directory.
    Isn't
    : > this the C++ dll?
    : I put it under C:\Windows\System32, just to exclude the path from my
    wrapper
    : dll

    And putting it [the dll file] under the %systemroot%\system32 won't help if
    the code still tells it to look elsewhere.

    : > Private Declare Function DmfDemoEncrypt Lib "C:\Program
    : > Files\Samples\Simple\email_encrypt.dll" (ByVal email As String, ByVal s
    As
    : > String) As String
    : >
    : > BTW... rights only apply when they are inherited, if not specifically
    set.
    : > Adding a user to a group requires that group having access to be
    : effective.
    : I added IUSR to the adminnistrators group. I guess that should give it
    : enough rights (lol).

    No, it doesn't. That is not how file system security works. NO ACCESS
    overrides all other rights. And, if a user is part of any group, INCLUDING,
    Admin/Domain Admin, THAT group has to have rights to that folder. The Admin
    group is just a name, like any other, but has full rights IF and ONLY IF,
    that group is present for a particular folder/file or inherited rights,
    meaning listed, in the file system security. What you should ALWAYS do, is
    verify the groups the user has access to and then look at the effective
    rights. That tells you if the user really has access, no matter which group
    they're in.

    Ex. If you break inherited rights, which is usually what I do for one-off
    folders, and you set MYSECRET group as having full access, and THEN put the
    anonymous user in the Administrator's group, the anonymous user will not
    have access rights to that folder or anything beneath it. You would have to
    add the anonymous user to the MYSECRET group or give the Administrator's
    group full rights to that folder, explicitly.

    I mean this is on my development machine and I have
    : broken every security rule with regards to user rights so far
    : but I do not care, since it's not going beyond my machine at this point.

    I would disagree with that assessment if you have any accounts that have
    rights to other systems and in the very least is could be compromised and
    used to attack others but that's not our main focus here now.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, Oct 22, 2005
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul D
    Replies:
    0
    Views:
    620
    Paul D
    Jun 22, 2005
  2. Sea Squid
    Replies:
    3
    Views:
    572
    Sea Squid
    Mar 17, 2005
  3. CTBFalcon
    Replies:
    0
    Views:
    404
    CTBFalcon
    Sep 6, 2006
  4. Mr. SweatyFinger
    Replies:
    2
    Views:
    2,249
    Smokey Grindel
    Dec 2, 2006
  5. San Diego Guy

    ASP not working, but same code in VBS works

    San Diego Guy, Jan 22, 2006, in forum: ASP General
    Replies:
    0
    Views:
    178
    San Diego Guy
    Jan 22, 2006
Loading...

Share This Page