HEAD and GET requests

A

Agoston Bejo

Hello,
I have to write some asp pages that react to HEAD and GET requests.
The scenario is this: This is going to be a WAP site. When someone goes to
the main page, it is redirected to a payment server.
The payment server then issues a HEAD request for which the IIS Server has
to return some specific header fields. After this, the payment server takes
care of how the client pays, etc. When everything is fine, it issues a GET
request, for which the actual content must be returned.
According to the documentation that I have, this can be quite simply
achieved:

pay_main.asp
<%Response.AddHeader "Header1", "Value1"%>
....
<wml>
.... <!-- content -->
</wml>


This way for HEAD requests the server will send the appropriate header
information and for GET requests it will return the whole content.
Now what I want to do is set up a session variable that indicates if the
payment already took place. I could do this in VBScript after adding the
header fields to Response. But I don't know whether the server-side VBScript
(apart from the Response.AddHeader... statements) gets executed when the
server replies to HEAD requests, or only when it replies to GET requests.
If it does, then I'll have to find some way to somehow determine whether the
server is currently replying to a GET or a HEAD request (in the first case
the payment has already taken place). Is there any way to do this?
 
D

David Wang [Msft]

What you want to do is very possible with ASP -- part of what it was
designed to do. Remember, ASP is just as powerful as PHP and ASP.Net -- what
distinguishes them is mainly available class libraries and design paradigm.
In terms of raw functionality, they are pretty much equivalent.

For example, it is ASP that popularized the notion of having server-side
script execute to generate the response, which itself can contain
client-side script. Of course, in the ASP file both client and server sid
script looks like the same script, hence some obvious confusion (unless you
follow a good design paradigm -- something ASP.Net later fixed).

So, for all practical purposes, you should consider the server-side script
executed to generate the response. It is ASP's job to figure out how to
handle GET/HEAD correctly. Consider the following ASP page:

<%
Response.AddHeader "Header1", "Value1"
Response.Write "Hello World"
Response.AddHeader "Header2", "Value 2"
%>


If ASP works the way you are hypothesizing, how would ASP be able to execute
statements sequentially, yet not send entity body but send both response
headers for a HEAD request?

Thus, you will need to use Request.ServerVariables("REQUEST_METHOD") to
distinguish between HEAD/GET.


FYI: Your payment/authorization model seems quite weird to me. Authorization
is purely based on a property of the request (i.e. GET vs. HEAD). There is
no verification on the WAP generation on IIS -- so why bother authorizing?

You are going to have to prove that your custom scheme is able to deal with
replay, spoofing, and man-in-the-middle security attacks if you ever plan to
charge for services -- and the responsibility is squarely on you since it is
your custom scheme.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
Hello,
I have to write some asp pages that react to HEAD and GET requests.
The scenario is this: This is going to be a WAP site. When someone goes to
the main page, it is redirected to a payment server.
The payment server then issues a HEAD request for which the IIS Server has
to return some specific header fields. After this, the payment server takes
care of how the client pays, etc. When everything is fine, it issues a GET
request, for which the actual content must be returned.
According to the documentation that I have, this can be quite simply
achieved:

pay_main.asp
<%Response.AddHeader "Header1", "Value1"%>
....
<wml>
.... <!-- content -->
</wml>


This way for HEAD requests the server will send the appropriate header
information and for GET requests it will return the whole content.
Now what I want to do is set up a session variable that indicates if the
payment already took place. I could do this in VBScript after adding the
header fields to Response. But I don't know whether the server-side VBScript
(apart from the Response.AddHeader... statements) gets executed when the
server replies to HEAD requests, or only when it replies to GET requests.
If it does, then I'll have to find some way to somehow determine whether the
server is currently replying to a GET or a HEAD request (in the first case
the payment has already taken place). Is there any way to do this?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top