????? ??????? ????? ???????? ?????? ASP ?????? ASP ??????

?????? ????????? ?????? ?????????
???? ???????: 299987 - ??? ???????? ???? ????? ????? ??? ???????.
??????
???? ???? ????? ?????????? ??????? ??? Microsoft ????? ??????? ?????? (IIS) 6.0 ??????? ??? ??????? ??? ???? ??????? Windows Server 2003. ????? IIS 6.0 ???? ????? ??? ???? ?????? ???????. ????? ?? ????????? ??? ???????? ??? ????? ??????? IIS ?? ?????? ???? Microsoft ?????? ??? ?????:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
????? ???? | ?? ????

?? ??? ??????

??????

?????? ??? ??????? ???? ????? ??? ????? ????? ?????? ??????? ??? ??????? ????????? ????? ?????? ?????? (ASP). ????? ??????? ??? ?????? ????? ???? ??????? ????? ?? ??????? ???????? ???? ?????? ?? ????? ???? ?????? ?????????? ????????? ???. ????? ????? ??????? ??? ?????? ??? ?????????? ???? ????? ?? ???? ????? ? ??? ??????? ????????. ?????? ????? ?????? ?????? ??????? ?????????? ??? ??????? ??? ?? ?????? ?? ??? ?????????? ?? ????? ???????? ???.

????????? ????????

  • ???? ??? Microsoft Windows NT 4.0, Windows NT 4.0 ?????? Server ?? Microsoft Windows 2000 Professional Windows 2000 Server ?? Windows 2000 Server ?? Microsoft Windows Server 2003
  • Microsoft ???? ??????? ?????? (IIS) 4.0 ?????? ????????? ???? ???? ????? ??????? Windows NT 4.0 ? Microsoft ????? ??????? ?????? (IIS) 5.0 ?????? ????????? ???? ???? ????? ??????? Windows 2000 ?? Microsoft ????? ??????? ?????? (IIS) 6.0 ?????? ????????? ???? ???? ?????? Windows Server 2003
  • Microsoft SQL Server 6.5 ?? ????? ???? ?? SQL Server

????? ????? ??? ???????

???? ??? ????? ??????? ??????? ???????? ?????? ???????? ??? ??????? ?????? ?? ???? ????? ??? ????? ??? ASP ????? ??:
  1. ???? ????? ????? ???? ????????.
  2. ?????? ?? ??? ?????? ?????? ???????? ????? ??????? ???????? ???? ??? ??????? ?? ????? ?????? ???????? ????? ??.
  3. ????? ????? ???? ??? ?? ?? ?????? ?????? ?????? ?? ??? ???? ????????.
  4. ?????? ??? ?? ??? ??????? ???? ???????? ????? ???? ??? ??????? ???? ????? ??? ???? ?? ????? ????? ("") ?????? ?? ???????? ?? ??? ?????? ??????.
  5. ??? ??? ??????? ??????, ???????? ??? ?????? ???? ?? ???? ???????? ?????? ?? ???? ???. ????? ????? ???????? ??? ???? ????? ?????? ??? ??? ??????? ??????.
  6. ?? ???? ??? ????? ?????? ???? ??? ???? ???????? ?? ????? ???????? ???????? ?? ???? ??? ????? ?? ?????? ????? ?? ??? ????. ????? ????? ???????? ??? ???? Register.asp ???? ???? ????? ???????? ?? ?????. ????? ???? ???????? ??? ????? ??? ???????? ???????? ??? ????? ?????? ????????.
  7. ????? ?????? ??? ??? ???? ?????? ??? ???? ??????? ???????? ?????? ????? ?????? ??? ???? ???????? ????? ?? ???? ???. ??? ??? ?????? ????? ???? ????? ???? ????? ???? ???????? ?????? ????? ????? ("").

????? ???? ????? ?????? ????????

  1. ???? ??? ???? ?? ???? ??? ????? ????? ??????? ?? ?????? ??? ?? ?? ???? ????? "???????" ?????? ???????.
  2. ????? ???????? ????? SQL ?????? ???? ??? ?????? ?????? ??? ???????? ????? ?? ???? ??? ???. ?? "???????" ? ???? ??? "???" ??? ????? ???????.
    CREATE TABLE [Users] (
    	[uid] [varchar] (25) NOT NULL ,
    	[password] [varchar] (25) NOT NULL ,
    	CONSTRAINT [PK_Users] PRIMARY KEY  CLUSTERED 
    	(
    		[uid]
    	)  ON [PRIMARY] 
    ) ON [PRIMARY]
    GO
    					
  3. ?? ??????? ???? ???? ??? ???. ?? ?????? ??? ????? ? ???? User.txt.
  4. ???? ??? ???? ???? ??? ???????? ???? ??? Microsoft SQL Server ? ?? ???? ??? ???? ???????. ?? ???? ?????? ??????? ?? SQL Server ? ??? ??? ?????? ???? ???? ?????? SQL Server ? ????? ???????? ? ???? ?????? ??????? ????? SQL.
  5. ?? ??????? ???? ???? ??? ???. ?? ???? ?????? ??? ? ???? ??? All Files (*. *) ?? ?????? ????? ???????. ???? ??? User.txt ?? ??????? ?? ???? ??? ???.
  6. ?? ?????? DB ??? ???? ??????? "? ??? ????? ???????? ???? ???? ????? ??? ??????. ??? ?? ??? ???? ????? ?????? ????? ???? ????? ???? ??? Pubs ????? ??? ?????? ?? ????? ?????? Pubs ?????.
  7. ??? ????? ????? ???????? "? ???? ??? ????? ??????? ??????? ?????? ?????????. ??? ?????? ?????? ???? ???????? ?? ????? ???????? ??????.

????? ???? ????? ??????

  1. ?? "????? Windows" ? ?? ?????? ???? ??? ??? ???. ??? ??? ???? ??????? SystemDrive: \Inetpub\Wwwroot. ??? ?????? ASPSecureAPP.
  2. ???? ???? ?????? ????? ????? ?????? ???????? ?? Microsoft (MMC).

    ?????? ???? ??? MMC ????? ????? ?????? ?? Windows NT 4.0.
    • ???? "????? ????? ??????" ??? ???? ??????? ???? ????? ??????? Windows 2000 ?? Windows Server 2003 ???? ??? ???? ?? ???? ??? ????? ? ????? inetmgr ?? ???? ??? ??? ?? ???? ENTER.
    • ???? "????? ???? ??????" ??? ???? ??????? ???? ????? ??????? Windows NT 4.0 ???? ??????? ???????:
      1. ???? ??? ???? ???? ??? ???????? ???? ??? Windows NT 4.0 Option Pack ? ?? ???? ??? ???? ??????? ?????? ?? Microsoft.
      2. ???? ??? ????? ???? ??????.
  3. ?? ?????? ?????? ?? ?? ?????? ???? ??? ?????????. ???? ??? ?????? ?????? ??? ?????? ASPSecureAPP ???? ??? ??????? ?? ?????? 1 ?? ???? ??? ?????.
  4. ?? ??????? ?????? ?? ???? ?????? "?????" ? ???? ??? ????? ?? ?????? ??????? ??????? ???? ????? ??? ?????? ??? ??? ?????.

????? ????? ?????

?????? ?? ???? ??????? "???????" ?????? ??? ??????? ???? ?? ???? ??? ???? ??????? ?? ?????? ??? ???? ?? ???? ?????? ??? ???? ??? ??? ???????.
Logon.asp
??? ?????? ?????? ???? ??? ???????? ????? ?????? ?????? ??? ??????.

?? ???? ???????? ???????? ??????? ?? ???? ASP ?????. ?? ???? ????? ???? Logon.asp ?? ?????? ASPSecureAPP ?????? Inetpub\Wwwroot.
<%
'The following three lines of code are used to make sure that this page is not cached on the client.
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1
%>
<html><body>
<form action="Validate.asp" method="post">
<P>
Login ID:&#xa0;&#xa0;  <INPUT type=text id=UID  name=UID> <br>
Password:&#xa0;&#xa0;<input type="password" id="passwd" name="passwd"> 
</P>
<input type="submit" value="Logon" id="submit1" name="submit1">
</form>
</body></html>
				
Validate.asp
??? ????? ???????? ?????? ?? ??????? ????? ?????? ????? ?????? ??? ??????? ????? ??, ??? ?????? ??????? ?? ??? ??????? ???????? ??? ?? ????? ????? ???????? ??? ?????? ????????.

?? ???? ???????? ???????? ??????? ?? ASP ???? ??????. ????? ?????? ????? ??????? ???? ???? ????? ??? ??? ?????. ?????? ????? ??????? ?? ???????:
  • ???? ????????
  • ???? ??????
  • ???????? ??????
  • ???? ????????
?? ???? ????? ???? Validate.asp ?? ?????? ASPSecureAPP ?????? Inetpub\Wwwroot.
<%
Response.Buffer=true

'The following three lines of code are used to make sure that this page is not cached on the client.
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1

Dim userid
Dim Pwd
'Assign the user ID to this variable. The user provides the user ID.
userid= Request.Form("UID")
'Check whether userid is an empty string. If it is empty, redirect to Logon.asp.
'If it is not empty, connect to the database, and validate the user.

if userid <> "" then
    pwd = Request.Form("passwd")
	
    Dim Cn
    Dim Rs
    Dim StrConnect

'Specify the connection string to access the database.
'Remember to change the following connection string parameters to reflect the correct values
'for your SQL server.
    StrConnect = "Provider=SQLOLEDB.1;User ID=<username>;Password=<strong password>;Initial Catalog=pubs;" & _
    "Network Library=dbmssocn;Data Source=servername"

    Set Cn = Server.CreateObject("ADODB.Connection")
    Cn.Open StrConnect
    Set Rs = Server.CreateObject("ADODB.Recordset")
    Rs.Open "Select * from Users where uid='" & userid & "'",Cn
'Check to see whether this user ID exists in your database.
    If Not Rs.EOF then
        If strcomp( pwd, Rs.Fields("password").value , 1) = 0 then
'Password is correct. Set a session variable, and redirect the user to a Default.asp page
'or the main page in your application.
            Session("UID") = userid
            Response.Redirect "Default.asp"
            Response.End
        Else
'Password is incorrect. Redirect the user to the logon page.
            Response.Redirect "Logon.asp"
            Response.End
        End if
    Else
'If the user is not in your database, point him or her to the Register.asp page
'so that he or she can register at your Web site to access your application.
        Response.Redirect "Register.asp"
        Response.End
    End if
Else
    Response.Redirect "Logon.asp"
    Response.End
End if

%>
				
Register.asp
??? ?????? ?????? ????? ???? ???????? ????? ?????? ?????? ??? ??????.

?? ???? ???????? ???????? ??????? ?? ASP ???? ??????. ????? ?????? ????? ??????? ???? ???? ????? ??? ??? ?????. ?????? ????? ??????? ?? ???????:
  • ???? ????????
  • ???? ??????
  • ???????? ??????
  • ???? ????????
?? ???? ????? ???? Register.asp ?? ?????? ASPSecureAPP ?????? Inetpub\Wwwroot.
<%
Response.Buffer=true

'The following three lines of code are used to make sure that this page is not cached on the client.
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1

'Check whether user has submitted user name and password so that you can 
'add that user to the users database and register him or her as a valid 
'user to use this application.
'This is just the minimal code that you need. You can customize this the way you want.
Dim pwd
Dim userid

userid = Request.Form("uname")
pwd = Request.Form("pwd")

If userid <> "" then
    If  pwd <> "" then
        Dim Cn
        Dim Rs
        Dim StrConnect

'Specify the connection string to access the database.
'Remember to change the following connection string parameters to reflect the correct values
'for your SQL server.
        StrConnect = "Provider=SQLOLEDB.1;User ID=<username>;Password=<strong password>;" & _
        "Initial Catalog=pubs;Network Library=dbmssocn;Data Source=servername"

        Set Cn = Server.CreateObject("ADODB.Connection")
        Cn.Open StrConnect
        Set Rs = Server.CreateObject("ADODB.Recordset")
        Rs.Open "Select * from Users where uid='" & userid & "'",Cn,3
        If Rs.RecordCount>0 then
            Response.Write "The Username that you entered has already been taken by someone else."
            Response.Write "Use a different Username."
            Set Rs = Nothing
            Set Cn = Nothing
        Else
            Dim records
            Cn.Execute "INSERT INTO USERS1 (uid,password) VALUES" & _
            "('" & userid & "','" & pwd & "')" , records
            If records=1 then
                Response.Write "You have been registered successfully."
                Set Rs = Nothing
                Set Cn = Nothing
                Session("UID")= userid
                Response.Redirect "Default.asp"
                Response.End 			
            Else
                Response.Write Err.Description
                Set Rs = Nothing
                Set Cn = Nothing
                Response.End 			
            End if
        End if
    Else
    Response.Write "Password is empty. Could not register. Try again."
    End if
End if
%>

<html>
<head>
<script language="javascript">
function callsubmit()
{

if (frm1.pwd.value==frm1.pwdc.value) {
frm1.submit();
}
else
{
alert("Password does not match. Re-enter the password");
}

}
</script>
</head>
<body>
<form action="" method="post" id=frm1 name=frm1>
<P>
Login ID:&#xa0;&#xa0;  <INPUT type=text id=uname  name=uname> <br>
Password:&#xa0;&#xa0;<input type="password" id="pwd" name="pwd"> <br>
Confirm Password:&#xa0;&#xa0;<input type="password" id="pwdc" name="pwdc"> 
</P>
<input type="button" value="Register" id="submit1" name="submit1" onclick=javascript:callsubmit();>
</form>
</body>
</html>
				
Logoff.asp
??? ?????? ?????? ????? ??????.

?? ???? ???????? ???????? ??????? ?? ???? ASP ?????. ?? ???? ????? ???? Logoff.asp ?? ?????? ASPSecureAPP ?????? Inetpub\Wwwroot.
<%
Response.Buffer=True

'The following three lines of code are used to make sure that this page is not cached on the client.
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1

'Set the session variable to an empty string and also destroy the session to make
'to complete the user session.
Session("UID")=""
Session.Abandon
Response.Redirect "Logon.asp"
Response.End
%>
				
Default.asp
????? ??????? ??? ?????? ??????? ??????? ?????? ???? ??? ????????.

?? ???? ???????? ???????? ??????? ?? ???? ASP ?????. ?? ???? ????? ???? Default.asp ?? ?????? ASPSecureAPP ?????? Inetpub\Wwwroot.
<%
'The following three lines of code are used to make sure that this page is not cached on the client.
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1

if session("UID")="" then 
    Response.Redirect "Logon.asp"
    Response.End
else
    Response.Write "You are logged on as " & session("UID") & "<br>"
end if
%>
<HTML>
<BODY>
<A HREF="Logoff.asp">Click here to log off</A>
<BODY>
</HTML>
				

????? ??? ?????? ?? ????? ??? ?????

???????? ???????? ??????? ????? ?? ??? ??? ???????? ??? ?????? ?????? ?????? ??? ???? ??? ????? ?? ?? ????? ???.

??? ??? ?????? ?? ????????? ???????? ?? ?? ?? ????? ASP ????? ?????? ?? ??? Logon.asp ????? Validate.asp. ?? ??? ?????? ??? ???????? ???????? ??? ???? Logon.asp ?? ??? ???? Validate.asp. ???? ?? ??? ??? ???????? ???????? ?? ???? ?? ???? ???? ???? ??? ???????? ???????? ?????.
<%
'The following three lines of code are used to make sure that this page is not cached on the client.
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1

if session("UID")="" then 
    Response.Redirect "Logon.asp"
    Response.End
end if
%>
				

????? ??? ??? ???????

???? ?????, ??? ??????? ????? ??? ?????? (Logon.asp ? Register.asp) ???? ???? ??? ??? ????? ??? ????? ????? ???????? ?????? ???. ???? ???? ??????? ??? ??? ?????? ????? ?????? ???????? ???? ?????? ???? ????? ??????. ????? ??? ???? ?????? ?????????? ?????? ??? ?? ???? ????? ??????? ????? ??????, ???????? ????? ??? ???? Logon.asp. ??? ??? ?????????? ????? ???? ?????? ???? ????? ?????? ?? ???? Logon.asp. ??? ???? ???? ?????? ??? ?????? ???? ?? ????? ???????? ????? ?????? ??? ????.

?? ???? ??? ???? ????? ???????? ????? ?????? ???????? ?? ????? ???????? ?????? ?? ????? ????? ???????? ??? ???? Register.asp ??? ???? ????? ???????? ???????? ??????? ????? ??. ??? ?????? ??????? ???????? ?? ???? ??? ????? ?? ??? Register.asp ?? ?????? ?????? ???????? ?? ????? ?????? ???????? ???? ??? ???????? ?????? ?? ??? ??????????.

??????? ??????? ????????

  • ???????? ??? ????????? ??? ??????? ?????? ??? ???????, ????? ????? ????? ???? ???? ??????? ?????? (SSL) ??? Logon.asp ????? ??? ?????? ?????? ???????? ?? ?? ????.
  • ??? ??????? ?????? ?????????? ??? ??? ?????? Windows. ????? ?? ????? ?????? ??????? ?????? Windows ?????? ?????? ??? ??? ???????.
  • ?????? ???? ?????? ??? ????????? ???????? ??? ???? ASP. ????? ?? ???? ??? ?????? ?????????? ????? ?? ??? ????? ????? ????? ????????.

?????

????? ?? ?????????? ???? ??? ????? ???????? ??????? ?????? ?? "????? ??????? ?? Microsoft:
172138????? ????? ???? ????? ?? ????? ??????? ?????? (IIS)
282060????? ?? ????? "????? ??????? ??????"
299970????? ??????? ?????? NTFS ?????? ???? ??? ??? ??????? ??? IIS 4.0 ?? 5.0

???????

???? ???????: 299987 - ????? ??? ??????: 20/????? ??????/1427 - ??????: 4.2
????? ???
  • Microsoft Active Server Pages 4.0
????? ??????: 
kbmt kbaspobj kbdatabase kbhowtomaster kbsecurity KB299987 KbMtar
????? ????
???: ??? ????? ??? ?????? ???????? ?????? ????? ???? ????? ?????????? ????? ?? ????????? ?????? ????. ???? ???? ?????????? ???? ?? ???????? ???????? ?????? ????????? ????? ????????? ???????? ????? ???????? ?????? ?? ?????? ??? ?? ???????? ???????? ?? ????? ??????? ?????? ??? ??????? ?????? ??. ?????? ?? ???? ??? ??????? ???????? ????? ?? ???? ????? ?????? ??? ????? ??? ????? ??????? ?? ????? ?? ?????? ??? ??? ??????? ??????? ?? ????? ????? ????? ????? ?????. ?? ????? ???? ?????????? ??????? ??? ????? ?? ??????? ?? ????? ?????? ?? ??? ????? ?? ????? ??????? ?? ???????? ?? ??? ???????. ???? ???? ?????????? ???????? ??? ????? ?????? ??????? ??????
???? ??? ????? ??????? ?????? ??????????299987
????? ??????? ?? ????? ???? ?? ????? ???????
?? ????? ????? ?????? ???? ???? ???? ??? ??????? ??? ?? ? ?? ??? ??????? Microsoft ??? ????? ??? ??????? ????? ?????? ?????

????? ???????

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com