converting ASP.Net session type to an ASP one

Discussion in 'ASP .Net Security' started by genc_ymeri, Oct 28, 2005.

  1. genc_ymeri

    genc_ymeri Guest

    Hi,
    Well, I'm looking around for another opinion. We have two webservers, the
    legacy one writen in ASP and the new one in ASP.Net.

    Once a user logs in the ASP.Net web app, the session of the Login page gets
    stored in a DB (in a binary format). Meantime, if the user chooses to go and
    run the web legacy system, he doesn't want to log in again, so an "option"
    we are considering is to go and get the data from session of Login Page (of
    ASP.net web app) which stored in DB at the very first step.

    The issue we are facing is how can we convert the ASP.Net session into a old
    ASP one ? Is that possible or should we consider another option ?

    Any tips very much appreciated !!!!


    PS:
    1. Passing data through QueryString is not an option due to security
    reasons.
    2. Another way is to do this through webservices but we are going to parse
    all the session data rather than converting it as is from ASP.Net to ASP and
    vise versa.
     
    genc_ymeri, Oct 28, 2005
    #1
    1. Advertising

  2. When you say you store it in the database, what do you mean? I mean,
    are you storing values in the db? If this is the case, then you can fetch
    these values from the db and use them in a representation native to ASP.

    However, if you are serializing data types in the DB, you won't be able
    to restore them (at least, easily) in ASP. You would have to create a COM
    object in .NET which will perform the deserialization for you, and then make
    sure ALL types in the serialized object graph are available for COM interop.

    You still run into the problem of passing the session id from ASP.NET to
    ASP. You would have to use the query string for that, or issue a POST
    (which is the less feasable of the two). You would have to do this on top
    of any authentication you have as well (credentials should not be assumed
    because of the session id).

    Web services would be a better option here, IMO, since it would allow
    you to encapsulate the two systems better.

    Hope this helps.

    --
    - Nicholas Paldino [.NET/C# MVP]
    -

    "genc_ymeri" <> wrote in message
    news:...
    > Hi,
    > Well, I'm looking around for another opinion. We have two webservers, the
    > legacy one writen in ASP and the new one in ASP.Net.
    >
    > Once a user logs in the ASP.Net web app, the session of the Login page
    > gets stored in a DB (in a binary format). Meantime, if the user chooses to
    > go and run the web legacy system, he doesn't want to log in again, so an
    > "option" we are considering is to go and get the data from session of
    > Login Page (of ASP.net web app) which stored in DB at the very first step.
    >
    > The issue we are facing is how can we convert the ASP.Net session into a
    > old ASP one ? Is that possible or should we consider another option ?
    >
    > Any tips very much appreciated !!!!
    >
    >
    > PS:
    > 1. Passing data through QueryString is not an option due to security
    > reasons.
    > 2. Another way is to do this through webservices but we are going to parse
    > all the session data rather than converting it as is from ASP.Net to ASP
    > and vise versa.
    >
    >
    >
     
    Nicholas Paldino [.NET/C# MVP], Oct 28, 2005
    #2
    1. Advertising

  3. genc_ymeri

    genc_ymeri Guest

    >>if you are serializing data types in the DB,
    Yes.

    >You would have to create a COM object in .NET which will perform the
    >deserialization for you, and then make sure ALL types in the serialized
    >object graph are available for COM interop. You still run into the problem
    >of passing >the session id from ASP.NET to


    Yep, that's what my team thinks, to create a converter COM object but my
    argument is that we still facing the problem of passing at least one
    argument, making it possible to know who is requesting .....

    However, amzingly enough I found this idea later on implemented here too :
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/converttoaspnet.asp






    >>Web services would be a better option here, IMO, since it would allow

    > you to encapsulate the two systems better.


    I think the same and that's what I'm proposing to my team.

    Thanks a lot and greatly appreciated,

    Genc Ymeri,
    Sr. Software Engineer
    Bravera - Reston , VA












    "Nicholas Paldino [.NET/C# MVP]" <> wrote in
    message news:%234mjo%23$...
    > When you say you store it in the database, what do you mean? I mean,
    > are you storing values in the db? If this is the case, then you can fetch
    > these values from the db and use them in a representation native to ASP.
    >
    > However, if you are serializing data types in the DB, you won't be able
    > to restore them (at least, easily) in ASP. You would have to create a COM
    > object in .NET which will perform the deserialization for you, and then
    > make sure ALL types in the serialized object graph are available for COM
    > interop.
    >
    > You still run into the problem of passing the session id from ASP.NET
    > to ASP. You would have to use the query string for that, or issue a POST
    > (which is the less feasable of the two). You would have to do this on top
    > of any authentication you have as well (credentials should not be assumed
    > because of the session id).
    >
    > Web services would be a better option here, IMO, since it would allow
    > you to encapsulate the two systems better.
    >
    > Hope this helps.
    >
    > --
    > - Nicholas Paldino [.NET/C# MVP]
    > -
    >
    > "genc_ymeri" <> wrote in message
    > news:...
    >> Hi,
    >> Well, I'm looking around for another opinion. We have two webservers, the
    >> legacy one writen in ASP and the new one in ASP.Net.
    >>
    >> Once a user logs in the ASP.Net web app, the session of the Login page
    >> gets stored in a DB (in a binary format). Meantime, if the user chooses
    >> to go and run the web legacy system, he doesn't want to log in again, so
    >> an "option" we are considering is to go and get the data from session of
    >> Login Page (of ASP.net web app) which stored in DB at the very first
    >> step.
    >>
    >> The issue we are facing is how can we convert the ASP.Net session into a
    >> old ASP one ? Is that possible or should we consider another option ?
    >>
    >> Any tips very much appreciated !!!!
    >>
    >>
    >> PS:
    >> 1. Passing data through QueryString is not an option due to security
    >> reasons.
    >> 2. Another way is to do this through webservices but we are going to
    >> parse all the session data rather than converting it as is from ASP.Net
    >> to ASP and vise versa.
    >>
    >>
    >>

    >
    >
     
    genc_ymeri, Oct 28, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Toby
    Replies:
    3
    Views:
    3,117
    Mike Treseler
    Sep 7, 2005
  2. Jeff Smythe
    Replies:
    3
    Views:
    1,305
    Jeff Smythe
    Jan 2, 2004
  3. Keith Patrick
    Replies:
    1
    Views:
    363
    Joerg Jooss
    Feb 3, 2005
  4. genc_ymeri
    Replies:
    2
    Views:
    487
    genc_ymeri
    Oct 28, 2005
  5. jnickfl1
    Replies:
    0
    Views:
    620
    jnickfl1
    Sep 18, 2006
Loading...

Share This Page