In-depth study of "uploading Files with ASP" (ii)

Source: Internet
Author: User
Tags format anonymous comparison file upload iis
II. implementation in ASP
It has now come to the conclusion that RFC1867 is the best way to upload files in a Web application. So how to run? What is the method that Microsoft provides? What other methods are available?

Microsoft's Posting Acceptor

ASP does not support Multipart/form-data encoding, but Microsoft provides free Posting Acceptor (http://www.microsoft.com/iis/support/iishelp/ iis/htm/core/pareadme.htm), an ISAPI application that, after uploading, produces a new posting to an ASP page. (See Scott Stanfield's article issue of MIND (July 98)).

The Sa-fileup of Software artisans

Sa-fileup (http://www.softartisans.com/softartisans/saf.html) is one of the first commercially Active server components (Active Server components). The first edition, which began in May 97, is now being used by thousands of websites, including microsoft.com, throughout the world. The early beta version combines the ISAPI filter with the Federation of Active Server components with the ASP. Microsoft then introduced ASP 1.0b, ASP. DLL 1.15.14.0), provides a new method: Request.BinaryRead (binary read request). The binary read method enables raw unprocessed data in the browser to be used by the Active server component. As a result, sa-fileup no longer needs ISAPI filters and is present as an ASP component.

Sa-fileup uses binary read requests, rather than through form objects. This makes sense: how can you read the raw data stream from the browser and parse it as table information? To take care of the ASP developer, sa-fileup all the table request functionality in its own set of tables. This enables ASP programmers accustomed to using table requests to be more familiar with Sa-fileup.

Comparison of Posting acceptor and Sa-fileup

Now make a comparison as objectively as possible between PA and Sa-fileup:

Integration with ASP: Sa-fileup is fully scriptable in ASP and can be well combined with ASP applications, rather than being a stand-alone ISAPI DLL.

Standard support: PA upload from IE browser to use its unique webpost API, so not as RFC1867, use PA, for Netscape and IE users to use a different format.


Anonymous connection: Because the PA uses an ISAPI DLL, it must provide additional security outside the ASP application. Therefore, the PA does not allow all anonymous connections in the default state. PA 1.1 can allow anonymous uploads, but there are still some dangers because there is an uploaded programming control. Because Sa-fileup has been combined with ASP, applications can determine the appropriate level of security, including anonymity.


Upload control: The PA does not allow any control when the upload is being sent. But with Sa-fileup, you can limit the size of the upload or decide to cancel the upload in real time. The best thing is that you can dynamically change the location of the upload.


Process: PA has two steps: Upload and post. With Sa-fileup, everything can be done in one step, such as writing a database based on the state of the upload.


Upload to a database: PA can only upload to files, Sa-fileup can be uploaded to files and databases.

"Space in File name": There is a problem with the PA when the file name with the space is processed; Sa-fileup there is no such loophole.


Price: PA is available for free download from Microsoft, bundled with the NT option Soft optional package. And Sa-fileup is not free: it is a supported business component.

Scott Stanfield (http://www.vertigosoftware.com/), president of Vertigo Software, is the author of Mind's post Accetpor article on the July 98 issue, mind. , in Software artisans on Sa-fileup, he wrote: "I know [sa-fileup] very excited, this is a wonderful and valuable product." ”

Common support issues

Up to now, the issue of support for file uploads is primarily security-related. Often web sites are overly careful to protect NTFS licenses, which prevents anonymous user accounts from writing to file destination addresses. And even advanced Server administrators often mistakenly understand the meaning of security.

Keep in mind that iis/asp runs each ASP page in a particular security environment. If there is no authentication mechanism (no basic, no NT Challenge/response), each page is executed as an anonymous user. The network administrator can set up an NT account corresponding to an anonymous user.

For IIS3, the default anonymous user is iusr_< computername >.

For IIS4, the default anonymous user for all running network applications is iusr_< ComputerName > ("Run in separate memory space" is not viewed). The default anonymous user for all applications other than running is iwam_< computername > ("Run in separate memory space" is viewed).

When using Sa-fileup, you must ensure that the appropriate user has read, write, and delete permissions to the destination path.

If the authentication function works, iis/asp will act as an authenticated user in the course of running the ASP page. Therefore, the authenticated user's registered account must have read, write and delete permission for the destination path.

An in-depth discussion of IIS security is beyond the scope of this article, and the IIS 4 Resource kit has a good explanation.

Some code

The theory is enough, let's look at some ASP code.

Single File Upload

The following is a simple HTML format for a single file upload.



< HTML > < head > < TITLE >please Upload Your file</title >
Enter filename to upload: < input type= "file" name= "F1" > < input type= "submit" > </form > < /body > Here is the file ' formresp.asp ':

<%@ language= "VBSCRIPT"% >
< HTML >< head > < TITLE >upload File results</title > < BODY > Thank your for uploading your file.
<% Set UPL = Server.CreateObject ("softartisans.fileup")% >
<% UPL. SaveAs "C:empupload.out"% >
Total Bytes written: <%=UPL. totalbytes% >
</body >
File upload with additional form elements

Adding additional form elements is simple. As long as the enctype is correctly specified, it runs like any normal HTML file.


< HTML > < head > < TITLE >please Upload Your file</title >
< form enctype= "Multipart/form-data" method= "post" action= "mformresp.asp" >
Enter Description: < input type= "text" name= "Descrip" > Enter filename to upload: < input type= "file" Name= " F1 "> < input type=" submit "> </form >
</body > Here is the file ' mformresp.asp ':


<%@ language= "VBSCRIPT"% > < HTML >< head > < TITLE >upload
File results</title > < BODY >
Thank for uploading your file. <% Set UPL = Server.CreateObject ("softartisans.fileup")% >
<% UPL. SaveAs "C:empupload.out"% > Your description is: ' <%=UPL. Form ("Descrip")% > ' Total Bytes written: <%=UPL. totalbytes% >
</body > Multiple file uploads

Because browsers do not support the size= attribute, you must use an additional < INPUT > statement in each file for multiple files.


Enter the: < input type= "file" name= "F1" > Enter second filename: < input type= "file" name= "F2" &G T
Format processing is the same:


<%@ language= "VBSCRIPT"% > < HTML >< head >
< TITLE >multiple File Upload results</title > < BODY >
Thank for uploading your files. <% Set UPL = Server.CreateObject ("softartisans.fileup")% > <% UPL. Form ("F1"). SaveAs "C:empupload1.out"% > Total Bytes written for file 1: <%=UPL. Form ("F1"). totalbytes% > <% UPL. Form ("F2"). SaveAs "C:empupload2.out"% > Total Bytes written for file 2: <%=UPL. Form ("F2"). totalbytes% > </body > Limit upload Size

To limit the upload size, you only need to set a property:


    <%@ language= "VBSCRIPT"% > < HTML >< head >     < TITLE >uplo   Ad file results</title > After the 1000th word, the content will be deleted, and the Web server's disk will not be unnecessarily filled up.

Conclusion

Implementing an upload file in a Web application is simple: just two lines of ASP code can be done. http/rfc1867 file uploads are preferred by the rich programming environment provided by the server. Sa-fileup as an Active server component that combines with ASP, has a significant advantage over Microsoft's posting Accetpro.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.