HEAD and GET requests

Discussion in 'ASP General' started by Agoston Bejo, Mar 19, 2005.

  1. Agoston Bejo

    Agoston Bejo Guest

    Hello,
    I have to write some asp pages that react to HEAD and GET requests.
    The scenario is this: This is going to be a WAP site. When someone goes to
    the main page, it is redirected to a payment server.
    The payment server then issues a HEAD request for which the IIS Server has
    to return some specific header fields. After this, the payment server takes
    care of how the client pays, etc. When everything is fine, it issues a GET
    request, for which the actual content must be returned.
    According to the documentation that I have, this can be quite simply
    achieved:

    pay_main.asp
    <%Response.AddHeader "Header1", "Value1"%>
    ....
    <wml>
    .... <!-- content -->
    </wml>


    This way for HEAD requests the server will send the appropriate header
    information and for GET requests it will return the whole content.
    Now what I want to do is set up a session variable that indicates if the
    payment already took place. I could do this in VBScript after adding the
    header fields to Response. But I don't know whether the server-side VBScript
    (apart from the Response.AddHeader... statements) gets executed when the
    server replies to HEAD requests, or only when it replies to GET requests.
    If it does, then I'll have to find some way to somehow determine whether the
    server is currently replying to a GET or a HEAD request (in the first case
    the payment has already taken place). Is there any way to do this?
     
    Agoston Bejo, Mar 19, 2005
    #1
    1. Advertising

  2. What you want to do is very possible with ASP -- part of what it was
    designed to do. Remember, ASP is just as powerful as PHP and ASP.Net -- what
    distinguishes them is mainly available class libraries and design paradigm.
    In terms of raw functionality, they are pretty much equivalent.

    For example, it is ASP that popularized the notion of having server-side
    script execute to generate the response, which itself can contain
    client-side script. Of course, in the ASP file both client and server sid
    script looks like the same script, hence some obvious confusion (unless you
    follow a good design paradigm -- something ASP.Net later fixed).

    So, for all practical purposes, you should consider the server-side script
    executed to generate the response. It is ASP's job to figure out how to
    handle GET/HEAD correctly. Consider the following ASP page:

    <%
    Response.AddHeader "Header1", "Value1"
    Response.Write "Hello World"
    Response.AddHeader "Header2", "Value 2"
    %>


    If ASP works the way you are hypothesizing, how would ASP be able to execute
    statements sequentially, yet not send entity body but send both response
    headers for a HEAD request?

    Thus, you will need to use Request.ServerVariables("REQUEST_METHOD") to
    distinguish between HEAD/GET.


    FYI: Your payment/authorization model seems quite weird to me. Authorization
    is purely based on a property of the request (i.e. GET vs. HEAD). There is
    no verification on the WAP generation on IIS -- so why bother authorizing?

    You are going to have to prove that your custom scheme is able to deal with
    replay, spoofing, and man-in-the-middle security attacks if you ever plan to
    charge for services -- and the responsibility is squarely on you since it is
    your custom scheme.

    --
    //David
    IIS
    http://blogs.msdn.com/David.Wang
    This posting is provided "AS IS" with no warranties, and confers no rights.
    //
    "Agoston Bejo" <> wrote in message
    news:...
    Hello,
    I have to write some asp pages that react to HEAD and GET requests.
    The scenario is this: This is going to be a WAP site. When someone goes to
    the main page, it is redirected to a payment server.
    The payment server then issues a HEAD request for which the IIS Server has
    to return some specific header fields. After this, the payment server takes
    care of how the client pays, etc. When everything is fine, it issues a GET
    request, for which the actual content must be returned.
    According to the documentation that I have, this can be quite simply
    achieved:

    pay_main.asp
    <%Response.AddHeader "Header1", "Value1"%>
    ....
    <wml>
    .... <!-- content -->
    </wml>


    This way for HEAD requests the server will send the appropriate header
    information and for GET requests it will return the whole content.
    Now what I want to do is set up a session variable that indicates if the
    payment already took place. I could do this in VBScript after adding the
    header fields to Response. But I don't know whether the server-side VBScript
    (apart from the Response.AddHeader... statements) gets executed when the
    server replies to HEAD requests, or only when it replies to GET requests.
    If it does, then I'll have to find some way to somehow determine whether the
    server is currently replying to a GET or a HEAD request (in the first case
    the payment has already taken place). Is there any way to do this?
     
    David Wang [Msft], Mar 20, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian W
    Replies:
    10
    Views:
    791
    Brian W
    Jul 2, 2003
  2. showme

    PHP and ASP.NET go HEAD to HEAD

    showme, Jul 8, 2004, in forum: ASP .Net
    Replies:
    13
    Views:
    747
    Sherif ElMetainy
    Jul 10, 2004
  3. Karl
    Replies:
    0
    Views:
    410
  4. Håkan
    Replies:
    0
    Views:
    403
    Håkan
    Feb 14, 2007
  5. Jiho Han

    Write into <HEAD></HEAD> section?

    Jiho Han, Jan 14, 2004, in forum: ASP .Net Building Controls
    Replies:
    6
    Views:
    242
    Sam Fields
    Jan 16, 2004
Loading...

Share This Page