II. implementation in ASP
It has now come to the conclusion that RFC1867 is the best way to upload files in a Web application. So how to run? What is the method that Microsoft provides? What other methods are available?
Microsoft's Posting Acceptor
ASP does not support Multipart/form-data encoding, but Microsoft provides free Posting Acceptor (http://www.microsoft.com/iis/support/iishelp/ iis/htm/core/pareadme.htm), an ISAPI application that, after uploading, produces a new posting to an ASP page. (See Scott Stanfield's article issue of MIND (July 98)).
The Sa-fileup of Software artisans
Sa-fileup (http://www.softartisans.com/softartisans/saf.html) is one of the first commercially Active server components (Active Server components). The first edition, which began in May 97, is now being used by thousands of websites, including microsoft.com, throughout the world. The early beta version combines the ISAPI filter with the Federation of Active Server components with the ASP. Microsoft then introduced ASP 1.0b, ASP. DLL 1.15.14.0), provides a new method: Request.BinaryRead (binary read request). The binary read method enables raw unprocessed data in the browser to be used by the Active server component. As a result, sa-fileup no longer needs ISAPI filters and is present as an ASP component.
Sa-fileup uses binary read requests, rather than through form objects. This makes sense: how can you read the raw data stream from the browser and parse it as table information? To take care of the ASP developer, sa-fileup all the table request functionality in its own set of tables. This enables ASP programmers accustomed to using table requests to be more familiar with Sa-fileup.
Comparison of Posting acceptor and Sa-fileup
Now make a comparison as objectively as possible between PA and Sa-fileup:
Integration with ASP: Sa-fileup is fully scriptable in ASP and can be well combined with ASP applications, rather than being a stand-alone ISAPI DLL.
Standard support: PA upload from IE browser to use its unique webpost API, so not as RFC1867, use PA, for Netscape and IE users to use a different format.
Anonymous connection: Because the PA uses an ISAPI DLL, it must provide additional security outside the ASP application. Therefore, the PA does not allow all anonymous connections in the default state. PA 1.1 can allow anonymous uploads, but there are still some dangers because there is an uploaded programming control. Because Sa-fileup has been combined with ASP, applications can determine the appropriate level of security, including anonymity.
Upload control: The PA does not allow any control when the upload is being sent. But with Sa-fileup, you can limit the size of the upload or decide to cancel the upload in real time. The best thing is that you can dynamically change the location of the upload.
Process: PA has two steps: Upload and post. With Sa-fileup, everything can be done in one step, such as writing a database based on the state of the upload.
Upload to a database: PA can only upload to files, Sa-fileup can be uploaded to files and databases.
"Space in File name": There is a problem with the PA when the file name with the space is processed; Sa-fileup there is no such loophole.
Price: PA is available for free download from Microsoft, bundled with the NT option Soft optional package. And Sa-fileup is not free: it is a supported business component.
Scott Stanfield (http://www.vertigosoftware.com/), president of Vertigo Software, is the author of Mind's post Accetpor article on the July 98 issue, mind. , in Software artisans on Sa-fileup, he wrote: "I know [sa-fileup] very excited, this is a wonderful and valuable product." ”
Common support issues
Up to now, the issue of support for file uploads is primarily security-related. Often web sites are overly careful to protect NTFS licenses, which prevents anonymous user accounts from writing to file destination addresses. And even advanced Server administrators often mistakenly understand the meaning of security.
Keep in mind that iis/asp runs each ASP page in a particular security environment. If there is no authentication mechanism (no basic, no NT Challenge/response), each page is executed as an anonymous user. The network administrator can set up an NT account corresponding to an anonymous user.
For IIS3, the default anonymous user is iusr_< computername >.
For IIS4, the default anonymous user for all running network applications is iusr_< ComputerName > ("Run in separate memory space" is not viewed). The default anonymous user for all applications other than running is iwam_< computername > ("Run in separate memory space" is viewed).
When using Sa-fileup, you must ensure that the appropriate user has read, write, and delete permissions to the destination path.
If the authentication function works, iis/asp will act as an authenticated user in the course of running the ASP page. Therefore, the authenticated user's registered account must have read, write and delete permission for the destination path.
An in-depth discussion of IIS security is beyond the scope of this article, and the IIS 4 Resource kit has a good explanation.
Some code
The theory is enough, let's look at some ASP code.
Single File Upload
The following is a simple HTML format for a single file upload.
< HTML > < head > < TITLE >please Upload Your file</title >
Enter filename to upload: < input type= "file" name= "F1" > < input type= "submit" > </form > < /body > Here is the file ' formresp.asp ':
<%@ language= "VBSCRIPT"% >
< HTML >< head > < TITLE >upload File results</title > < BODY > Thank your for uploading your file.
<% Set UPL = Server.CreateObject ("softartisans.fileup")% >
<% UPL. SaveAs "C:empupload.out"% >
Total Bytes written: <%=UPL. totalbytes% >
</body >
File upload with additional form elements
Adding additional form elements is simple. As long as the enctype is correctly specified, it runs like any normal HTML file.
< HTML > < head > < TITLE >please Upload Your file</title >
< form enctype= "Multipart/form-data" method= "post" action= "mformresp.asp" >
Enter Description: < input type= "text" name= "Descrip" > Enter filename to upload: < input type= "file" Name= " F1 "> < input type=" submit "> </form >
</body > Here is the file ' mformresp.asp ':
<%@ language= "VBSCRIPT"% > < HTML >< head > < TITLE >upload
File Resul
