Product Overview

Product Overview
What is Active Server Pages?
Microsoft® Active Server Pages (ASP) is the server-side execution

environment in Microsoft Internet Information Server (IIS) 3.0 that
enables you to run ActiveX™ scripts and ActiveX server
components on the server. By combining scripts and
components, developers can create dynamic content and
powerful Web-based applications easily.
What is dynamic content?
Web pages that are customized for each user on the fly, based
upon their actions or requests. For example, new visitors to your
site can be shown a different welcome page than returning users
see, or pages in an online catalog can be queries to a database
so customers always see the most current information and
availability.
Who should use Active Server Pages?
Organizations will use the Active Server Pages technology to put

a Web front end on existing business solutions, or to create
entirely new Web-based applications. Since ASP provides a very
open development environment, with support for both Microsoft
Visual Basic®, Scripting Edition (VBScript) and JScript™,
organizations can leverage the investments they already have in
these scripting languages.
Who can create dynamic content with Active Server

Pages?
Webmasters, information systems (IS) professionals, and

programmers familiar with Hypertext Markup Language (HTML)
and languages such as Microsoft Visual Basic, JavaScript, PERL,
REXX, or C++.
What do I need to run Active Server Pages?

The Active Server Pages feature of IIS 3.0 requires Microsoft
Windows NT® Server 4.0 running IIS 2.0 or Windows NT
Workstation 4.0 running Peer Web Services.
The ASP feature does not require Service Pack 2 for Windows NT
4.0, although it is recommended that all Windows NT systems
receive the Service Pack 2 updates. The ASP feature contains a
subset of the updates found in Service Pack 2.
Installation of ASP will upgrade IIS version 2.0 to version 3.0. The
other IIS 3.0 features—Index Server 1.1, Microsoft NetShow™,
FrontPage® 97 Server Extensions, and Crystal Reports—add
significant functionality to IIS, but are not required to take
advantage of ASP.
How much will Active Server Pages cost?
Active Server Pages is a component of IIS 3.0, which is a free,

downloadable, and integrated feature of Windows NT Server 4.0.
Features
What can Active Server Pages do for my business?
Active Server Pages can develop a new generation of Web-based

applications, including extending sales and customer service to
the Web, and providing access to corporate databases and
applications to any browser on an intranet.
What ActiveX Server Components are supported?
Active Server Pages allows organizations to extend the power of

scripting on the server with ActiveX server components. These
components can be created using Microsoft Visual Basic, Visual
C++®, Java, and other languages.
What scripting languages does Active Server Pages

support?
Active Server Pages provides native support for both Microsoft

JScript and VBScript. ActiveX scripting plug-ins are available for
REXX, PERL, and Python.
What browsers does Active Server Pages support?
Active Server Pages can work with any Web browser. The output
of an ASP file is plain HTML, the content of which can be
customized for the capabilities of the client.
Does Active Server Pages maintain state for me?
Yes. Active Server Pages allows you to define application and

session variables that can be carried across multiple pages in a
Web site. This can be as simple as remembering a user's name,
and it is necessary in applications such as online shopping to
track product selections.
What about legacy data?
Active Server Pages makes it easy to bring legacy database

applications to the Web.
Implementation Questions
On which platforms does Active Server Pages run?
Active Server Pages will run on Microsoft Windows NT Server 4.0,

Windows NT Workstation 4.0 with Peer Web Services, and
Microsoft Windows® 95 with Personal Web Server. Windows NT
3.51 is NOT supported. Windows NT 4.0 on MIPS is also not
supported by ASP.
Is Active Server Pages secure?
Yes. Active Server Pages is a component of Internet Information

Server, and thus uses Windows NT Security. ASP files can be
easily restricted to just certain users through secure Windows NT
authentication, basic Web authentication, or client-side
certificates. For additional security, all client-to-server
communications can be secured with Secure Sockets Layer (SSL).
What data sources can my Web application integrate

with?
An Active Server Pages application can integrate with any ODBC-

compliant databases including Microsoft SQL Server™, Oracle,
Sybase, Informix, and DB2 databases. Any OLE 2 application,
such as Lotus Notes or Microsoft Excel, can also be scripted to
access or process information. You can also write components to
access online data feeds and legacy mainframes.
How does Active Server Pages compare to CGI?
Active Server Pages provides all of the functionality of CGI

applications in an easier-to-use and more robust environment.
ASP is an easier way for your server to access information in a

form not readable by the client (such as an SQL database) and
then act as a gateway between the two to produce information
that the client can view and use.
With CGI, the server creates as many processes as the number of

client requests received. The more concurrent requests there are,
the more concurrent processes created by the server. However,
creating a process for every request is time-consuming and
requires large amounts of server RAM. In addition, this can
restrict the resources available for sharing from the server
application itself, slowing down performance and increasing wait
times on the Web.
Active Server Pages runs in the same process as the Web Server,
handling client requests faster and more efficiently. It is much
easier to develop dynamic content and Web applications with
ASP.
How does Active Server Pages compare to ISAPI

applications?
ISAPI applications require all of the programming and layout to be

contained in a .dll file written in C++. ISAPI applications are thus
more difficult to create and maintain. With ASP files, an HTML
writer can script an external component and format the output.
ASP separates the layout and design from the business logic.
How does Active Server Pages compare to PERL?
PERL and other scripting languages are not robust development

tools by themselves. Active Server Pages provides a familiar
framework and objects for building complex applications that
require data from relational databases and legacy sources.
ASP supports virtually any scripting language to build these

applications. Third parties are currently developing additional
scripting engines, such as PERL, which we will announce when
they are ready.
Can Active Server Pages use Java?
Yes. Active Server Pages supports ActiveX server components

written in any language, including Java. In addition, ASP includes
the Microsoft Windows reference standard Java Virtual Machine.
Can I use existing Automation servers?
There really are no minimum requirements for a component,

beyond supporting Automation through IDispatch. You can
optionally provide the following two methods on IDispatch:
1. OnStartPage
2. OnEndPage
Refer to "Creating ASP Components" in the Programmer's

Reference for more details.
Competition
What does Active Server Pages do better than other Web
application tools?
Active Server Pages allows you to quickly bring your existing

skills and knowledge, data sources, components, and applications
to the Web. Other tools create either static HTML or lock you into
a non-standard programming model or language. ASP is based
upon the leading industry standards, making it easy to build,
maintain, and evolve powerful interactive Web applications.
How does Active Server Pages compare to Netscape

LiveWire?
Netscape LiveWire requires the use of JavaScript, while Active

Server Pages supports the use of virtually any scripting language,
with native support for VBScript and JScript. ASP supports
components written in any language, while LiveWire supports
only Java components.
LiveWire applications must be manually compiled after each

change, and then the application stopped and restarted. Active
Server Pages recognizes when an ASP file changes and
automatically recompiles the application at the next request.
ASP and Web Session

Management
Michael P. Levy
Senior Consultant, Microsoft Consulting Services
April 2, 1997
Contents
Introduction
ASP Sessions Are Cookie-based
Managing ASP Sessions
Session Events
When Are Session Cookies Sent by ASP?
ASP Session ID Encryption and Session Security
SSL Encryption
Hard-to-Guess Cookie Values
User Authentication
Web Farms and ASP Session State
ASP Session Aware Load-Balancing
Introduction
One of the challenges faced by Web developers is how to create
a coherent application out of a series of independent HTML
pages. This problem is a particular concern in Web development
because HTTP is a stateless protocol. Each browser request to a
Web server is independent, and the server retains no memory of
a browser's past requests. The HTTP 1.0 protocol did not provide
a mechanism to maintain state information between requests
from a browser.
To overcome this limitation, application developers require a

technique to provide consistent user sessions on the Web. Active
Server Pages (ASP) provides powerful and flexible Web session
management that requires no special programming. The Session
object, one of the intrinsic objects supported by ASP, provides a
developer with a complete Web session management solution.
The Session object supports a dynamic associative array that a

script can use to store information. Scalar variables and object
references can be stored in the session object. A script simply
assigns a value to a named entry in the array:
Session ("UserName") = "JohnH"
would store the string "JohnH" in the Session object and give it
the name "UserName." This value can be retrieved from the
Session object by referencing the Session object by name, as in
the following:
Welcome back <% = Session("UserName") %>
Object references are stored using the SET keyword of VBScript,

for example:
Set Session("MyAd") = Server.CreateObject("MSWC.Adrotator")
This is similar to the normal Dictionary objects supported by

Visual Basic® Scripting Edition (VBScript). However, the Session
object will maintain its values for the lifetime of a user's logical
Web session. For each ASP page requested by a user, the Session
object will preserve the information stored for the user's session.
This session information is stored in memory on the server. The
user is provided with a unique session ID that ASP uses to match
user requests with the information specific to that user's session.
In this way, the Session object can be thought of as a locker that
a script uses to store information for the user. The session ID is a
unique key given to the user that ASP uses to open that locker
and retrieve that user's private session information.
ASP Sessions Are Cookie-based
ASP uses HTTP cookies to send users their unique session keys.
For example, an ASP application that is using sessions would
respond to a user's request with an HTTP header such as:
Set-Cookie: ASPSESSIONID=PUYQGHUMEAAJPUYL; path=/Webapp
Each subsequent request by this browser to this server, in the

virtual directory /Webapp, would include the HTTP cookie header:
Cookie: ASPSESSIONID=PUYQGHUMEAAJPUYL
ASP automatically processes this cookie and uses it to restore the

values saved in the Session object. The cookie that is sent by ASP
as a session ID does not provide an expiration time. Cookies with
no expiration specified are only valid until the browser is closed.
In this way the cookie is flushed when the user exits the browser.
Managing ASP Sessions

The server will maintain a user's session data for the lifetime of
the session. A script can end a session programmatically by
calling the Abandon method of the Session object. When a user
completes an application and a session is no longer needed, the
script can simply call Session.Abandon to end the session and
free the server resources used by that session. A session can also
end if the user does not make any HTTP requests to the ASP
application for a specified time-out period. This period defaults to
20 minutes, but can be adjusted by setting the Timeout property
of the Session object. If a user begins a session, but stops making
requests to the Web application, ASP will time out the session
after the specified idle period expires. The Session object also
exposes a SessionID property. SessionID is a LONG datatype that
uniquely identifies the user session.
Session Events
ASP also provides session-specific events that can trigger your
own session initialization and clean up code. Each time a new
session begins, the procedureSession_OnStart is called. An ASP
program can use this event to perform any required session
initialization tasks. Any time a session ends, whether it was timed
out by the server, or killed by calling Session.Abandon, the
procedureSession_OnEnd is called. An ASP program can use this
event to perform any session cleanup that is required.
When Are Session Cookies Sent by

ASP?
By default, ASP does not buffer responses. This means that as a
script runs, its response output is sent to the client. Since the
output is not buffered, all required HTTP headers must be sent to
the browser before any HTML is sent. With no buffering, ASP must
create a session cookie and send it as an HTTP header before the
ASP script generates any HTML output. Even though an ASP script
may not require session management, a Session ID cookie is sent
for every browser request. In other words, a Session ID cookie is
placed in the HTTP headers just in case there is going to be
Session state defined in the processing of the ASP file. If no
Session state is defined, then the next ASP file request has the
same potential to start a Session by storing something in the
Session object, so another Session ID Cookie is sent to the
browser. ASP will send a different Session ID cookie for each and
every ASP file that is requested until Session state is used. Once
a script begins a session, by storing a value in the Session object,
the Session ID is fixed for that user for the life of the session and
no new session ID cookies will be sent.
This behavior may cause some confusion, because ASP

applications that don't require session management send out
session cookies. If you don't plan to use session management for
any applications on the server, then you may use the Registry to
turn it off for all applications. You can also turn on ASP buffering
to prevent unnecessary cookies. When buffering is used, the ASP
response generated by the script is stored in memory and sent all
at once. When buffered in memory, ASP can determine whether a
session cookie is required before the completed response is sent,
and a session cookie header will only be included when it is
required.
ASP Session ID Encryption and
Session Security
Once an ASP session begins, a browser request is identified only
by its session ID cookie. Any HTTP request with a matching
cookie is assumed to have come from the same browser that
originated the session. This simple session management
approach could open a potential security problem. If a hacker
were able to capture, or guess, the session ID cookie in use by an
active session, he or she could submit valid HTTP requests that
included this cookie. In this manner a hacker could hijack, or
steal, a user's active session. For example, if a user had supplied
valid credit card information, and an ASP script stored this
information in the Session object, a hacker who managed to
hijack the session could make purchases using the stolen session.
If an application requires strong security, a number of techniques
can be employed.
SSL Encryption
Encrypting all communications between the browser and the
server will prevent hackers from capturing the session cookie.
Using SSL, all traffic—including the session cookies—are
encrypted. A hacker sniffing or monitoring the network will not be
able to see the private cookies in use. When using SSL
encryption, remember that all browser requests to the Web
application directory will include the session ID cookie. Even
requests for static HTML content in the same directory tree as the
ASP pages will include the session ID cookie. All requests to the
virtual directory, not just for ASP files, must be encrypted.
Hard-to-Guess Cookie Values

Using encryption prevents hackers from capturing valid cookies.
However, a hacker could conceivably guess an active Session ID.
ASP Session ID values are selected from a huge range, and are
then encrypted. This makes it hard to guess an active cookie. You
can obtain higher security by implementing cookies longer than
16 characters and matching them with session variables. Also,
keep in mind that if someone does manage to guess a valid
cookie once, this will not help them guess another valid cookie.
The following steps are taken when generating ASP session
cookies:
• Session ID values are 32-bit long integers.

• Each time the Web server is restarted, a random Session ID
starting value is selected.
• For each ASP session that is created, this Session ID value is
incremented.
• The 32-bit Session ID is mixed with random data and
encrypted to generate a 16-character cookie string. Later,
when a cookie is received, the Session ID can be restored
from the 16-character cookie string (ASPSESSIONID).
• The encryption key used is randomly selected each time the
Web server is restarted.
User Authentication
If the combination of SSL encryption and the complexity of the
ASP cookie generation algorithm do not meet your security
requirements, user authentication and client certificates can be
used in conjunction with session management to provide secure
Web applications with client authentication.
Web Farms and ASP Session State

ASP session information is stored in memory on the Web server,
which creates a challenge for using Active Server Pages in a Web
farm environment, where requests are load balanced among a
number of Web servers. In order to use the ASP Session object,
the same Web server must handle all requests from a user for the
life of the session. Most load balancing schemes do not ensure
that requests return to the same server.
To use ASP in a load-balanced environment, there are a number

of options available, some of which are outlined below:
1. Do not use the session management provided by ASP. You

can write your own session management logic that keeps
session state in a centralized place, such as a database
server. This is a good solution; however, you lose the
benefits of ASP session management.
2. Use a third-party session management ActiveX component.
Because ASP can support ActiveX components, it is feasible
that a commercial component will be available for ASP that
supports session management in a Web farm.
3. Load-balance all new requests across your server farm; but
once a session begins, make sure that all subsequent
requests for that session return to the same server. This
technique allows you to load-balance at a logical session
level rather than load-balancing each individual request,
and is sometimes called "ASP session aware load-
balancing."
ASP Session Aware Load-Balancing

There are a number of possibilities to implement ASP session
aware load-balancing. One simple technique is to load-balance all
new requests using current load-balancing mechanisms (for
example, round-robin DNS or dedicated IP load balancers). The
load balancer will distribute all requests to a site's well known
URL. For example, a site could be known by a DNS name such as
example.microsoft.com. Any Web requests to this site will be load
balanced among the active servers in the Web farm. In
the Session_OnStart event that is fired for each new session,
the ASP script can use the ASP Response object to send the user
an HTTP redirect response. This response can redirect the
browser to request an ASP page from the specific server that the
user's session is running on. For instance, the redirect URL could
specify the IP address, or unique name, of the machine on which
the user's session was running. Then all future requests based on
relative URLs would return to the machine specified by the
redirect.
When a user first comes to a Web application by clicking a

hyperlink, or typing a URL such as
http://example.microsoft.com/Webapp/, a load balancer routes
the request to a specific machine in the Web farm. For example,
the load balancer selects a machine named w10.asite.com to
handle this request. ASP will create a new session for the request
running on this specific machine. In theSession_OnStart event,
the ASP script can redirect the user,
<% Response.Redirect("http://w10.sample.com/Webapp/firstpage.asp"
%>
The browser will request the specified page, and can run the
application. The only requirement is that all URLs embedded in
each page (as hyperlinks or form actions) should be relative
URLs, for example:
<FORM METHOD="POST"
ACTION="ProcessForm.ASP"></FORM>
<A HREF="nextpage.asp">
While the user is using the application, all requests will return to
the same Web server on which the session is running. This
technique may not be appropriate for all Web applications. If
users save URLs using favorites or bookmarks, they may save a
URL to a specific machine and when they return for a new
session, they will not be properly load-balanced.
The Session_OnStart logic can choose to accept these requests
or intelligently return the user to the well-known URL
(http://example.microsoft.com/Webapp/) for load-balancing. This
is only an example technique to allow ASP session management
to work in a Web farm. Other methods are available. You don't
have to do it using a redirect; you can get the same effect by
using full URLs in your start page that specify the server the
session is on.
Michael P. Levy specializes in Internet and client-server

application development. His current focus is helping Microsoft's
New York customers design and deploy Internet and intranet
solutions.
Active Server Pages Tutorial
Microsoft Corporation
Updated December 27, 2000
Summary: This two-module tutorial provides a step-by-step
introduction to several ASP features. The tutorial shows how to
build sample applications and demonstrates key concepts you'll
need to understand when developing your own ASP pages. (11
printed pages)
Welcome to the Active Server Pages (ASP) tutorial. If you are new
to Microsoft® Internet Information Services (IIS), this introduction
provides necessary information about tutorial directory structure
and permission issues. The two tutorial modules show you how to
build sample applications, while demonstrating key concepts
you'll need to understand when developing your own ASP pages.
We suggest you work through each lesson in Module One before
starting Module Two.
This article contains the following sections:
• Introduction. This section defines what ASP is, how it works,

and other technologies that can be used in conjunction with
ASP to create active content on your Web site. It also
describes the directory structure you should use for the
tutorial and security considerations that may affect your
ability to run the tutorial.
• Module One. This module introduces the creation of an ASP
page, and focuses on the collection and transfer of data. It
contains the following lessons:
• Write and Run an ASP Page. Describes how to use
Visual Basic® Scripting Edition (VBScript) and HTML
tags.
• Send Information by Using Forms. Shows how to use
forms to send information.
• Create a Guest Book. Shows how to create a sign-in
book on your ASP page for visitors to your Web site.
• Display an Excel Spreadsheet in ASP. Explains how to
display an Excel spreadsheet on an ASP page.
• Module Two. This module contains the following lessons:
• Rotate Information Randomly. Shows how to rotate
ads on your Web page randomly.
• Record Traffic with a Page Counter. Demonstrates the
use of a page counter to track the number of hits a
page receives.
Introduction
Microsoft® Active Server Pages (ASP) is a server-side scripting
technology that can be used to create dynamic and interactive
Web applications. An ASP page is an HTML page that contains
server-side scripts that are processed by the Web server before
being sent to the user's browser. You can combine ASP with
Extensible Markup Language (XML), Component Object Model
(COM), and Hypertext Markup Language (HTML) to create
powerful interactive Web sites.
Server-side scripts run when a browser requests an .asp file from

the Web server. ASP is called by the Web server, which processes
the requested file from top to bottom and executes any script
commands. It then formats a standard Web page and sends it to
the browser.
It is possible to extend your ASP scripts using COM components

and XML. COM extends your scripting capabilities by providing a
compact, reusable, and secure means of gaining access to
information. You can call components from any script or
programming language that supports Automation. XML is a meta-
markup language that provides a format to describe structured
data by using a set of tags.
As you work through the lessons in each module, save your work
in the C:\Inetpub\Wwwroot\Tutorial directory to view the content
on your Web site. If you did not customize your installation of IIS,
C:\Inetpub\Wwwroot was created as the default home directory.
To load and run the tutorial samples, you must have
administrator privileges on the computer running IIS. The default
IIS security settings should allow you to run the tutorial, but you
may need to change your security settings on the directory if you
encounter access violations. See the product documentation for
more information about IIS security settings.
Module One
This module explains how to create ASP pages (.asp files) that
use the fundamental features of HTML, ASP, and VBScript. This
module includes the following lessons:
• Write and Run an ASP Page. Describes how to use Visual
Basic® Scripting Edition (VBScript) and HTML tags.
• Send Information by Using Forms. Shows how to display
forms on an HTML page.
• Create a Guest Book. Uses forms to gather information from
visitors, store the information in a database, and display the
database contents in a Web page.
• Display an Excel Spreadsheet in ASP. Explains how to
display an Excel spreadsheet in a Web page.
Write and Run an ASP Page
The best way to learn about ASP pages is to write your own. This
lesson covers VBScript syntax and coding samples. To create an
ASP page, use a text editor to insert script commands into an
HTML page. Saving the page with an .asp file name extension
tells the Web server how to process the script commands. To
view the results of a script, request the page using a Web
browser. VBScript is the default scripting language for ASP, and
most of the examples in the tutorial are scripted in VBScript.
In HTML, you use brackets as delimiters around the tags:
<example>
In VBScript, you use the percent sign with brackets as delimiters

around the tags:
<%example%>
You can put many tags inside one pair of VBScript delimiters:
<%example, samples%>
Example 1
This example displays the words "Hello World". To run this

example, cut and paste it into an empty file and save it in the
C:\Inetpub\Wwwroot\Tutorial directory as Example1.asp. Make
sure to save your file with an .asp extension. Some text editors
automatically change the file name extension to .txt when
theText Document option is selected in the Save dialog box. To
prevent this, select the All Files(*.*) option. Exit your text editor
as the server may not be able to display an HTML page that is
open in a text editor. View your page with your browser by
typing http://<Your Server Name>/Tutorial/Example1.asp in
the address bar.
When running Example 1, the page is processed by the Web

server in the following sequence:
1. Assigns the text "Hello World" to the variable FirstVar.

2. Uses HTML to make an HTML page.
3. Uses <%FirstVar%> to print out the value of the variable
FirstVar.
4. Ends the HTML page.
<%@ Language=VBScript %>

<html>
<head>
<title>Example 1</title>
</head>
<body>
<%
FirstVar = "Hello world!"
%>
<%=FirstVar%>
</body>
</html>
Example 2
This example incorporates a FOR loop in the ASP page. The FOR
loop is a statement that prints "Hello World" 10 times. To create
Example 2, use the file from Example 1 and add the FOR loop
code as shown in the following code sample. Save the file as
Example2.asp. View it in your browser.

<html>
<head>
</head>
<body>
<%
%>
<%FOR i=1 TO 10%>
<%=FirstVar%>
<%NEXT%>
</body>
</html>
Example 3
In this example, a time stamp is added to the ASP page. The

word time is a function; it is a predefined VBScript function
variable containing the current time. There are more than 90
functions in VBScript. Add the code for time shown in the
following code sample to Example2.asp and save it as
Example3.asp. View it in your browser.

<html>
<head>
</head>
<body>
<%
%>
The time is: <%=time%> <BR>
<%FOR i=1 TO 10%>
<%=FirstVar%>
<%NEXT%>
</body>
</html>
Example 4
This example displays the message "Good Morning Everyone" if

the hour is between 4:00 A.M. and 6:00 P.M. It displays the
message "Good Night Everyone" if the hour is between 6:00 P.M.
and 4:00 A.M. Add the IF THEN statement in the code shown
below to Example3.asp and save it as Example4.asp.

<html>
<head>
</head>
<body>
<%IF Hour(time)>18 OR Hour(time)<4 THEN%>
Good Night Everyone.
<%ELSE%>
Good Morning Everyone.
<%END IF%>
</body>
</html>
Send Information by Using Forms
A common use of intranet and Internet server applications is to

process a form submitted by a browser. With ASP, you can embed
scripts written in VBScript directly into an HTML file to process
the form. ASP processes the script commands and returns the
results to the browser. In this lesson, you create an HTML page
that displays various elements of an HTML form. Later in this
module, you use this knowledge of forms to build a guest book
application on your Web site.
This lesson contains the following examples:
• Button example. Displays selection buttons in the form.

• Text example. Displays text boxes in the form.
Button example
In this example, there are three input lines that use "buttons,"
and two default buttons-RESET and SUBMIT. The Post method is
used to send data from the client browser to the Web server.
Open your text editor, create a new file, and paste in the
following code. Save the file as Button.htm and view the page in
your browser.
<html>
<head>
<title>Button Form</title>
</head>
<body>
<FORM NAME="Button Example" METHOD="POST" ACTION="tutorial/button.htm">
Computer Programming Experience:
<P>
<INPUT TYPE="button" NAME="choice" VALUE="Less than 1">Less
than 1 year.<BR>
<INPUT TYPE="button" NAME="choice" VALUE="1 to 5">1-5 years.<BR>
<INPUT TYPE="button" NAME="choice" VALUE="More than 5">More
than 5 years.
</P>
<P><INPUT TYPE="reset" VALUE="Clear Form">
<INPUT TYPE="submit" VALUE="Submit">
</P>
</form>
</body>
</html>
Text example
In this example, you create text fields in a form. Open a new file
in your text editor, paste in the following code, and save the file
as Text.htm:
<html>
<head>
<title>Text Form</title>
</head>
<body>
<FORM NAME="Text Example" FORM METHOD="POST" ACTION="tutorial/text.htm">
<TABLE>
<TR>
<TD ALIGN="RIGHT" VALIGN="MIDDLE">Name?
<TD ALIGN="LEFT">
<INPUT TYPE="text" NAME="name" VALUE=""
SIZE="20" MAXLENGTH="150">
<TR>
<TD ALIGN="RIGHT" VALIGN="MIDDLE">Company?
<TD ALIGN="LEFT">
<INPUT TYPE="text" NAME="company" VALUE=""
SIZE="25" MAXLENGTH="150">
<TR>
<TD ALIGN="RIGHT" VALIGN="MIDDLE">
Email Address?
<TD ALIGN="LEFT">
<INPUT TYPE="text" NAME="email" VALUE=""
SIZE="25" MAXLENGHT="150">
</TABLE>
<INPUT TYPE="reset">
<INPUT TYPE="Submit" NAME="Submit" VALUE="Submit">
</form>
</body>
</html>
Create a Guest Book
This lesson describes how to develop a guest book application.

Guest books allow visitors to your site a chance to give you
feedback. Information such as the visitor's name, e-mail address,
and comments can be available to you.
Create the guest book database

You must first create an Access database called Guestbook.mdb
and save it in the C:\Inetpub\Wwwroot\Tutorial directory. The
database must have the fields with the properties described in
the following table.
Field Name Data Type and General Properties
ID AutoNumber, Field Size=Long Integer, New Values=Increment,

Indexed=Yes(No Duplicates)
TB1 Text, Field Size=255, Required=No, Allow Zero Length=Yes,

Indexed=No

Indexed=No

Indexed=No

Indexed=No
MB1 Memo, Required=No, Allow Zero Length=Yes
After you create the database, you need to create a data source
name (DSN) connection to the database so your ASP application
can interact with it. The DSN must be created on the Web server
that is running the ASP application. If you move the ASP
application to a different Web server, you have to re-create the
DSN on the new Web server. The following procedure describes
how to create a DSN on Windows NT and Windows 2000.
1. In the ODBC Data Source Administrator, select the ODBC

icon.
2. Select File DSN.
3. Select Add, select Microsoft Access Driver, and
click Next.
4. Type in a descriptive name for your file DSN (Guestbook)
and click Next.
5. Click Finish, click Select, specify the location of the
database file, and select OK.
6. Click OK twice. After you specify the location of the
database file, the ODBC Data Source Administrator creates
a file DSN for it.
Now that you have created the database and the DSN, paste the
following code into a file named Guestbook.asp and place it in the
C:\Inetpub\Wwwroot\Tutorial directory.
<% @Language=VBScript %>

<html dir=ltr>
<head>
<TITLE>Guest Book</TITLE>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<%
IF request.form ("Message")="True" THEN
strTB1=request.form("To")
strTB2=request.form("EMailAdd")
strTB3=request.form("CC")
strTB4=request.form("Subject")
strMB1=request.form("Memo")
IF strMB1 = "" THEN
iLenMB1=255
ELSE
iLenMB1 = Len(strMB1)
END IF
'Connects to the Access driver and Access database in the Inetpub
'directory where the database is saved
strProvider = "Driver={Microsoft Access Driver (*.mdb)};
DBQ=C:\Inetpub\Wwwroot\Tutorial\guestbook.mdb;"
'Creates an instance of an Active Server component
set objConn = server.createobject("ADODB.Connection")
'Opens the connection to the data store
objConn.Open strProvider
'Instantiate Command object and use ActiveConnection property to
'attach connection to Command object
set cm = Server.CreateObject("ADODB.Command")
cm.ActiveConnection = objConn
'Define SQL query
cm.CommandText ="INSERT INTO Guestbook (TB1,TB2,TB3,TB4,MB1)
VALUES (?,?,?,?,?)"
'Define query parameter configuration information for guestbook fields
set objparam=cm.createparameter(, 200, , 255, strTB1)
cm.parameters.append objparam
set objparam=cm.createparameter(, 201, , iLenMB1, strMB1)
cm.execute
response.write("Thank you!")
ELSE%>
<h1>Guestbook</h1>

<form name=guestbook.asp action="guestbook.asp" method="POST">
<p>To</p>
<p><input type="Text" name="To"></p>
<p>Email Address</p>
<p><input type="Text" name="EmailAdd"></p>
<p> CC</p>
<p><input type="Text" name="CC"></p>
<p>Subject</p>
<p><input type="Text" name="Subject"></p>
<p>Message</p>
<p><textarea name="Memo" rows=6 cols=70></textarea></p>
<input type="HIDDEN" name="Message" value="True">
<input type="submit" value="Submit information">
</form>
<%End if%>
</body>
</html>
View the database in a browser
Using a database to collect information left by visitors is a safe

and simple way to make your Web site more useful. Once
information is entered in a database, you can either open the
database in the application in which it was originally created, or
you can use a Web page containing another script to view and
edit the data. The following is a script that allows visitors to view
and edit your database. To learn more about how to limit access
to resources on your site, see "NTFS Security, Part 1:
Implementing NTFS Standard Permissions on Your Web Site,"
available at http://www.microsoft.com/technet/iis/ntfssec.asp.
<% @Language=VBScript %>

<html dir=ltr>
<head>
<title>View Guest Book</title>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<%
'This section makes it possible for visitors to sort the data in the
columns in ascending order.
if request.form("sort")<> "" THEN
StrSort=request.form("sort")
ELSE
StrSort="TB1 ASC"
END IF
strQuery="SELECT * FROM Guestbook ORDER BY " &StrSort
'Database path statement describing the driver to use and the
path to the desired database.
strProvider = "Driver=Microsoft Access Driver (*.mdb);
DBQ=C:\Inetpub\Wwwroot\Tutorial\guestbook.mdb;"
IF Request("ID") <> "" THEN
strIDNum=Request("ID")
'Creates an instance of an Active server component
set objConn = server.createobject("ADODB.Connection")
objConn.Open strProvider
'Instantiate Command object and use ActiveConnection property to
'attach connection to Command object
set cm = Server.CreateObject("ADODB.Command")
cm.ActiveConnection = objConn
'Define SQL query
cm.CommandText = "DELETE FROM Guestbook WHERE ID = " &strIDNum
cm.Execute
END IF
'Instantiate a Recordset object and open a recordset using
'the Open method
Set rst = Server.CreateObject("ADODB.recordset")
rst.Open strQuery, strProvider
%>
<h1>Guest Book</h1>
<form name=viewdb.asp action=viewdb.asp method=post>
<table border=1 cellspacing=3 cellpadding=3 rules=box>
<%
ON ERROR RESUME NEXT
IF rst.EOF THEN
Response.Write "There are no entries in the database."
ELSE%>
<tr>
<%
'Deletes rows from the database, this cannot be undone
Response.Write "<td width=200><center>Delete Record</center></td>"
FOR i = 1 to rst.Fields.Count -1
Response.Write "<td width=200><input name=sort value=" & rst(i).Name
& " type=submit></td>"
NEXT
WHILE NOT rst.EOF %>
<tr>
<%
Response.Write "<td align=left valign=top bgcolor='#ffffff'>
<a href=viewdb.asp?id=" & rst(0) & ">Delete</a></td>"
FOR i = 1 to rst.fields.count - 1
Response.Write "<td align=left valign=top bgcolor='#ffffff'>" & rst(i)
&"</td>"
NEXT
rst.MoveNext
WEND
END IF
%>
</table>
</form>
</body>
</html>
Display an Excel Spreadsheet in ASP
This lesson demonstrates a technique that can be used to display

a Microsoft Excel spreadsheet in a Web page. There are several
standard server components supplied with IIS. One of these is the
ActiveX® Data Objects (ADO) component, which is used as a
connection mechanism to provide access to data. In the database
lesson earlier, we used ADO. We use it again here to show you
how to view and edit a spreadsheet with a Web browser.
To prepare your Excel spreadsheet for display in an Active Server

Page:
1. Create a spreadsheet using either Excel 98 or Excel 2000

and save it as ASPTOC.xls in the C:\Inetpub\Wwwroot\
directory.
Note: Do not include any special formatting or column
labels when creating the spreadsheet.
2. Highlight the rows and columns on the spreadsheet that you
want displayed in the Web page.
3. On the Insert menu, choose Name, and select Define.
4. If there are any names listed, select them and
select Delete.
5. Type a name for the workbook, select Add, and select OK.
To display the spreadsheet in a Web page, you must create a

DSN for the spreadsheet. The process is the same as it was for
the database lesson earlier in this module. The only difference is
that you must select the {Microsoft Excel Driver
(*.xls)} option for the DSN.
Once you have created the spreadsheet and named the table in
the spreadsheet, and also created a DSN for the spreadsheet, you
are ready to create the page that displays the contents. Paste the
following code into a new file and name it ASPTOC.asp. Save it in
the C:\Inetpub\Wwwroot\Tutorial directory and view the page in
your browser.
<%@Language=VBScript %>
<html>
<head>
<title> Displaying An Excel Spreadsheet in an Web Page </title>
</head>
<body bgcolor="#FFFFFF" text="#000000" >
<h1>ASP Table of Contents</h1>
<%
'Creates an instance of an Active Server Component
Set oConn = Server.CreateObject("ADODB.Connection")
'Connects to the Excel driver and the Excel spreadsheet
'in the directory where the spreadsheet was saved
strConn = "Driver={Microsoft Excel Driver (*.xls)};
DBQ=C:\Inetpub\Wwwroot\Tutorial\ASPTOC.xls;"
oConn.Open strConn
'Selects the records from the Excel spreadsheet
strCmd = "SELECT * from `ASPTOC`"
Set oRS = Server.CreateObject("ADODB.Recordset")
'Opens the recordset
oRS.Open strCmd, oConn
'Prints the cells and rows in the table
Response.Write "<table border=1><tr><td>"
'Gets records in spreadsheet as a string and prints them in the table
Response.Write oRS.GetString (, , "</tr><td>", "</td></tr><tr><td>",
NBSPACE)
%>
</body>
</html>
Module Two
This module explains how to develop an ASP page that delivers
services useful in e-commerce. This module includes the
following lessons:
Rotate Ad Information. Randomly rotate ads on your Web page.
Redirect Users from Ad Links. Redirect browsers to advertisers'

sites when users click on an ad image.
Count Page Hits. Track the number of times users request a page.
Rotate Ad Information
Advertising is big business on the Web. This lesson explains how

to take advantage of the Ad Rotator component installed with
ASP by describing how to use this component to rotate
advertisements on your Web pages. The Ad Rotator component
selects an advertisement for your Web page each time the user
refreshes or loads the Web page. Two files are required to set up
the Ad Rotator component: an Ad Rotator Include file and an ad
images data file. By setting up these two files, this component
can be called by any ASP page on your site. Changes to the ad
parameters are not done on all the sites containing the ad, but to
the ad images data file. This saves lots of time if the ad appears
on numerous pages within your Web site.
This lesson explains how to:
Write an Ad Rotator Include File. Creates the ad-image links on

any page that calls this file.
Create an Ad Image Data File. Specifies global ad-display data

and information specific to each ad.
Test the Ad Rotator. Uses an ASP page that calls the Ad Rotator
logic Include file and the image data file to display and rotate
ads.
Write an Ad Rotator Include file
Include files are used to store information that will be used by

more than one ASP or HTML file. By creating an Ad Rotator
Include file, when changes need to be made to specific
information, you only need to change the information in one
location. This lesson will guide you in creating an Ad Rotator
Include file containing a function named getAd(). This function
randomly selects ads to display on your ASP pages. You can call
this file from within any ASP page intended to display the rotated
ads. When you test calling the Include file from an ASP page
(see Test the Ad Rotator), you will use some images from
Microsoft.com for ad images.
Open a new file in your text editor, paste in the following script,
and save the file as Adrotatorlogic.inc:
<%
Function getAd()
Dim load
'Create an instance of the AdRotator component

Set load=Server.CreateObject("MSWC.AdRotator")
'Set the target frame, if any. This is the frame

'where the URL will open up. If the HTML page does
'not find the target name, the URL will be opened
'in a new window.
load.TargetFrame = "Target = new"
'Get a random advertisement from the text file.
getAd = load.GetAdvertisement("adimagedata.txt")
End Function
%>
Create an ad images data file
An ad images data file is created to provide information about the

ads to be displayed. By placing the data in one text file, when
changes need to be made, you only need to change the data in
one location. The ASP page (with the logic in the Include file)
sends data in the ad images data file to the Ad Rotator
component. The component then selects an ad for display.
The data file is divided into two sections that are separated by an
asterisk (*). The first section provides information common to all
the ads to be displayed. The second section lists data relevant to
each ad.
• The following outlines the structure of an ad images data

file:
• REDIRECTION. URL, the path and name of the ASP
file that redirects browsers that select ad images.
• WIDTH. The width of ad images in pixels. Default is
440.
• HEIGHT. The height of ad images in pixels. Default is
60.
• BORDER. The border thickness around ad images.
Default is 1.
• *. Separates the first section from the second section.
• AdURL. Virtual path and filename of the image file
containing the advertisement.
• AdHomeURL. URL to jump to when this link is
selected. To indicate there is no link, use a hyphen.
• Text. Text to display if browser does not support
graphics.
• Impressions. An integer indicating the relative
weight, or probability, that this ad will be selected for
display. For example, if two ads were displayed, one
with an impression of 3 and the other with 7, then the
one with 3 would have a 30 percent probability of
being selected, while the other would have a 70
percent probability.
and save the file as Adimagedata.txt:
REDIRECT adrotatorredirect.asp
WIDTH 250
HEIGHT 60
BORDER 0
* ' separates the general data from the image information
images/windows_logo.gif
http://www.microsoft.com/windows
Microsoft Windows
2
images/office_logo.gif
http://www.microsoft.com/office
Office 2000
3
Test the Ad Rotator
To test the system, you will need an ASP page that calls the Ad
Rotator Include file and the ad images data file, and then displays
the ads. First, you will need test ad images stored on your site.
Acquire and store the ad images as follows:
1. Create a directory named Images in the tutorial folder:

C:\Inetpub\Wwwroot\Tutorial\Images.
2. Download the Office logo file, available
athttp://www.microsoft.com/office/images/office_logo.gif,
from the Microsoft Office Web site, and save it as
Office_logo.gif in C:\Inetpub\Wwwroot\Tutorial\Images.
3. Download the Windows logo file, available at
http://www.microsoft.com/windows/images/bnrwinfam.gif(,
from the Microsoft Windows Web site, and save it as
Windows_logo.gif in C:\Inetpub\Wwwroot\Tutorial\Images.
and save the file as Displayad.asp:
<%@ Language="VBScript" %>




<html>
<head>
<title>Test Ad Display Page</title>
</head>
<body>
<h1>Test Ad Display Page</h1>

<p><%=getAd()%></p>
<p>The space above should contain an image displaying either the
Microsoft Windows family logo or the Microsoft Office
family logo.</p>
<ul>
<li type="disc">This indicates that Displayad.asp, Adrotatorlogic.inc,
and Adimagedata.txt are working together to correctly display the
images.</li>
<li type="disc">Repeatedly refreshing the page should result in the
Windows and Office logos displaying in random order.</li>
<li type="disc">After you save Adrotatorredirect.asp, clicking on the
displayed image should cause a new window to open, displaying the
home page corresponding to the displayed logo.</li>
<li type="disc">After you add the hit counter script to this page,
under "Statistics" you should see the number of page hits since
the script was added.</li>
</ul>
<br><br><br><br><br>
<h3>Statistics</h3>
<% Set pageCount = Server.CreateObject("MSWC.PageCounter") %>

<% pageCount.PageHit %>
<p>You are visitor number <% =pageCount.Hits %> to this Web page.</p>
</body>
</html>
Redirect Users from Ad Links
When a user clicks the ad, the browser appends a query string to
the request to the server. Then, the server directs the user's
browser to the ad's URL.
and save the file as Adrotatorredirect.asp:
<%@Language=VBScript %>
<html>
<head>
<title>Redirection Page</title>
</head>
<body>
<%
'Set the response buffer on
Response.Buffer = True
Dim lsURL
'Obtain the URL from the query string
lsURL = Request.QueryString("URL")
'Clear the response and redirect to URL
Response.Clear()
Response.Redirect(lsURL)
%>
</body>
</html>
To check your work, use Displayad.asp. When you click on an ad,

you should see a new window displaying an appropriate ad-
related Web page.
Count Page Hits
It is important to know how many hits your Web pages get. This
data helps determine how changes to your Web site may affect
your customers' viewing habits. More importantly, it provides
useful insight as to how customers are navigating through your
site and where ads should be placed. Sites with high trafficking
have higher advertisement prices associated with them. The data
gathered from a page hit counter provides you with trafficking
information to begin negotiating advertisement prices for your
Web pages.
The Page Counter component uses an internal object to record

page hit-count totals for all pages on the server. At regular
intervals, this object saves all information to a text file so that no
counts are lost due to power loss or system failure. The Page
Counter component uses the following three methods:
• Hits(). This displays the number of hits for a Web page. The
default is the current page.
• PageHit(). This increments the hit count for the current
page.
• Reset(). This resets the hit count for a page to zero. The
default is the current page.
An in-use sample of this script can be seen at the bottom of the
Displayad.asp script. To place a page hit counter on a Web page,
place the following script where you want the counter displayed
on the page:
<% Set pageCount = Server.CreateObject("MSWC.PageCounter") %>

<% pageCount.PageHit %>
You are visitor number <% =pageCount.Hits %> to this Web site.
ASP Conventions
IIS Resource Kit Team

Posted March 17, 1998
Contents
Introduction
Using ASP in IIS
ASP Application Directory Structure
Filename Extension Standards
Connection Pooling
Visual Basic Applications as DLLs
Object and Variable Initiation
VBScript Conventions
HTML Conventions for ASP Pages
Introduction
The authors of the IIS Resource Kit have produced this document
on ASP authoring conventions for Web developers. These
conventions for developing Active Server Pages (ASP) promote
script efficiency (fast application execution), efficient use of
server resources, and consistent styles. These conventions are
adapted from Appendix B, "ASP Standards" of the Internet
Information Server Resource Kit, published by Microsoft Press,
1998. The Resource Kit provides a wealth of information on ASP
application development.
The ASP standards document (in HTML and Word format) is
offered to assist with the adoption of ASP in your organization. If
you have requirements to create standards before deploying new
technologies, you can edit this document to fit your specific
standards styles and adapt it to fit your in-house standards
documentation.
Please send comments and suggestions for improving the next

version of the Resource Kit to rkinput@microsoft.com.
Using ASP in IIS

To make the most efficient use of your server resources, you
should use the .asp filename extension only for pages that
contain scripts.
Writing Scripts for Browsers
When possible, write scripts to be executed by the browser,

rather than the server. By using the client platform to perform
tasks such as data validation, edit-checking, and selecting simple
conditional output, you can reserve server resources for those
tasks requiring ASP.
ASP Application Directory Structure

The directory and file conventions suggested in this section
optimize ASP application directory structure for consistency,
clarity, and ease of use.
The directories and files described are listed here:
/Application_Root
Default.htm
Global.asa
/Classes
/Content
/Media
/Themes
/Data
/DLLs
/Helpers (not in the Web site directories identifiable to users)
Application Root Directory
For readability and clarity, the application root directory should

be named in a way that conveys what the site is about. For
example, a site about financial research might be named
/FinancialResearch or /FR. Avoid application root names that
might be misidentified as standard subdirectories of a site, such
as /Media or /Content. Also, avoid names that sound like part
numbers or codes, such as /FR98346A.
While the site is being developed, the application root directory

should be stored under /InetPub/Wwwroot.
The root directory of every application should contain at least

these files:
• Default.htm
• Global.asa
Default.htm or Default.asp should be the default home page for

the site, and the server default should be set accordingly. This
combination enables users to find sites in your organization
consistently, by typing the server address plus the application
root directory name.
Global.asa contains scripts that affect the Application object

and Session object. For example, Global.asa scripts make
application- and session-scope variables available at startup.
Global.asa should be present at the application root level for
every ASP application.
/Classes Directory
The /Classes directory holds Java classes used by the application.
/Content Directory
The /Content directory holds all .htm files and all .asp files that
may be run by a user of the site. The /Content directory has
execute permissions. Keeping all scripted pages in this directory
branch simplifies permissions management.
/Media Sub-directory
A sub-directory of the /Content directory, Media should contain

sub-directories for sounds, images, animation files, .avi files, and
similar items. An /Images sub-directory should contain bullets,
buttons, icons, and others that are used throughout the
application independently of changing themes.
/Themes Sub-directory
The /Themes directory is a sub-directory of the /Content

directory. Establish a convention of using the /Themes directory
to enable application-wide changes to the look of a site. The
directory should contain style sheets, bullets, buttons, icons,
rules, and similar items organized so that you can change the
look of an application by changing any or all the theme-related
items easily. Each item in the /Theme directory can be linked
dynamically by setting an application variable to the image's
virtual path. Themes are stored in Options.txt and assigned to
theApplication object in Global.asa.
/Data Directory
This directory should contain all database access information

such as SQL scripts, file-based dataset names or other data
needed by the application.
/DLLs Directory
This directory should contain COM server components and Visual

Basic 5.0 run-time DLLs, such as Vbrun500.dll and Msvbvm50.dll.
Helper Files
Helper files are include files or text files that make information
available across the application. For security reasons the
directory containing helper files should not be stored in the
published Web space (the Web site directories identifiable to
users).
Filename Extension Standards

This section suggests conventions for standardizing on filename
extensions, accounting for the types of files containing scripts, or
HTML and scripts (VBScript or JScript) together.
Extensions for Page Files
Standards:
• .asp—for pages containing ASP scripts

• .htm—for straight HTML pages
You must use the .asp extension for pages that contain ASP
scripts. To save time and resources when serving pages, use
the .htm extension for files that don't require server-side script
execution.
Extensions for Included Files
Standards:
• .inc—for large amounts of data, with scripting, to be

included in a page
• .txt—for text-formatted data files, without scripting, to be
included in a page
For consistency, use include files to make specific information

available to more than one referring page (changes to include
files are distributed to all the pages that include them).
Connection Pooling
One of the potential bottlenecks in ASP application performance
is connection management. If not managed properly, the opening
and closing of connections can happen too frequently and can
cause reduced server performance. Windows NT Server 4.0
features built-in support for Connection Pooling, maintaining
connections optimally to achieve faster application performance
and graceful timeout management with less coding effort.
To use ODBC connection pooling:
• Configure the driver for the database to which you are

establishing a connection.
• Check the Windows NT registry to verify that Connection
Pooling is on, and let it handle the connection logic.
• If Connection Pooling is off, use Regedit32 to turn it on in
the Windows NT registry.
• Open individual connections—in your ADO code—just before
you need data access on each individual page.
• Close your connections when the data access activities are
complete.
Enabling connection pooling involves setting

the CPTimeout property. For descriptions and examples on how
to configure the CPTimeout property in the registry, see Internet
Information Server Resource Kit, Chapter 6, "Data Access and
Transactions."
Enabling connection pooling involves setting

the CPTimeout property. For descriptions and examples on how
to configure the CPTimeout property in the registry, see Internet
Information Server Resource Kit, Chapter 6, "Data Access and
Transactions."
Visual Basic Applications as DLLs

When you convert Visual Basic applications for use in ASP, they
should be run as DLLs (components), rather than being converted
to VBScript. Visual Basic DLLs will generally run more efficiently
than scripts written in any scripting language. Encapsulate the
Visual Basic code in DLLs and use Server.CreateObject().
Visual Basic 5.0 should be used to create an ActiveX DLL that has
its project properties set to Run in Unattended
Mode, Apartment Model Threaded, andMulti-instance.
Object and Variable Initiation
The following discussion focuses on initializing and setting
dimensions for objects and variables to achieve speed of
execution and efficient use of server resources.
Application-Wide Scope for Convenience
Information stored in variables with application-wide scope is in

memory and is cached for access by any page in the application.
Establish a convention to give application scope to variables used
often within an application if the values do not change frequently.
Whatever the potential benefits, use caution in deciding whether

or not to give application scope to an object. It can potentially
affect performance and decrease reliability (your application
could hang). For best results, use application scope for objects
with threading marked BOTH, aggregating
theFreeThreadedMarshaler.
Declaring Objects with the <OBJECT> Tag
For objects that may or may not be used in an application, it's

often most efficient to declare the objects without instantiating
them until the need to use them arises (until they are
referenced). To declare an object without actually creating it, use
the <OBJECT> tag on the page instead
of Server.CreateObject().
Another advantage to bear in mind is that the <OBJECT> tag

uses CLASSIDs, which are unique and tend to eliminate name
collisions. The PROGIDs used byServer.Create.Object() do not
force unique names, creating the possibility of name collisions.
Also, the <OBJECT> tag is supported in Global.asa and can be

used to define scope using SCOPE or SESSION as values.
VBScript Conventions
The following suggested conventions apply to the development of
ASP scripts written in Microsoft Visual Basic Scripting Edition
(VBScript) and are designed to enhance consistency,
performance, and reliability.
Comments in Scripts
Write consistent comment blocks near the top of each page

listing, such as the filename, the group developing the file (not
the person--e-mail should go to a group alias), the date
developed, the HTML standard, and clear descriptions of all
changes made.
Scripts that are commented out should be deleted unless they

are placeholders, in which case they should be labeled as such.
Use comments to explain obscure or complex code. Do not leave

a phrase such as the following without a comment:
If Err = -214983642 Then
Use comments to explain empty statements used as

placeholders, such as:
If...Then...Else...Endif
Constant Names
To clearly distinguish constants from other elements, use all

uppercase when naming them. An underscore can be used to
separate terms when necessary. Example:
Const MIN_QUAL = 25
Minimize Context Switching
For readability, try to minimize context-switching between HTML

and scripts. When possible, use a few large blocks of script on a
page instead of several scattered fragments.
Dictionary Object: Speed Access to Information

The VBScript Dictionary object enables fast lookup of arbitrary
key/data pairs. Because the Dictionary object gives you access
to array items by key, it is faster for finding items that are not in
contiguous memory since you are specifying a key, rather than
knowing where in the array the item is located.
Use the Dictionary object when you have set a high priority on
fast searches of nonlinear data.
Delimiting Lines of Script for Readability
Lines of script should be blocked between a pair of delimiters,

rather than written with delimiters on each line.
Instead of this:
<% strEmail = Session("Email") %>

<% strFirstName = Request.Form ("FirstName") %>
<% strLastName = Request.Form ("LastName") %>
Do this:
<%
strEmail = Session("Email")
strFirstName = Request.Form ("FirstName")
strLastName = Request.Form ("LastName")
%>
For a single stand-alone line of script, keep the delimiters on the

same line as the script. Example:
<% strEmail = Session("Email") %>
If the line of script consists of an equal sign and a variable, make

the equal sign part of the delimiter. Example:
<%= strSubscrLName %>
Similarly, if the line of script specifies an ASP declarative, include

the @ sign as part of the opening delimiter. Example:
<%@ LANGUAGE = VBScript %>

Enable Session State Directive
Using the Enable Session State directive (set in Internet Services

Manager) for your site enables the detailed tracking of user
requests.
Save the resources used by IIS to process scripts for pages not
using session state information by setting the Enable Session
State directive to FALSE for those pages:
<%@ ENABLESESSIONSTATE = False %>
Language Default
Override the scripting language being used as the server's

default language (VBScript) by using the @ language directive.
For example, to ensure that the default language is JScript, put
the following code at the top of each ASP page:
<%@ LANGUAGE = JScript %>
Layout Order of Scripts in ASP Pages
The following list summarizes the layout of VBScript scripts in

an .asp file, in orderfrom top to bottom.
• Specify language.
• Use Option Explicit statement.
• List function library includes.
• Declare page-scoped variables.
• Assign values to page-scoped variables.
• Code HTML and in-line scripting.
• List functions called by in-line scripts.
The first two script statements should specify declaratives

and Option Explicit to force explicit variable declaration.
Inline scripts with HTML markup should call objects of functions

placed at the bottom of the page. The inline scripts should be
short and readable, even if this requires splitting out procedures
to be placed at the bottom of the page.
Blank Lines in Files
In general, use blank lines sparingly. You should remove all blank
lines at the beginnings and ends of files, but may want to include
one blank line between statements, to increase readability.
Object and Procedure Call Names
To clearly distinguish object names and procedure calls from

elements such as variables, begin each object name or procedure
call with a verb. Use initial capitalization for each term within an
object name or procedure call. The following list suggests some
naming conventions that could be used to name objects for some
typical activities.
Name Function Example
AddNew add new records Customer.AddNew
Update edit records Customer.Update
Remove delete records Customer.Remove
Get return row from database Customer.GetNewest
List return multiple rows Customer.GetNew
To limit criteria for methods that return information,

use From and For with a method or function name.
Name Function Example
GetFor returns criteria-based row Customer.GetForName
ListFor returns criteria-based multiple rows Customer.ListForPeriod
Object Naming
As with variables and statements, used mixed case in naming

objects, and in spelling out names of intrinsic objects. Capitalize
the first letter of each term.
Use descriptive names for objects, even though this requires
more characters per name.
The following example conforms to this convention (cnn prefixes

an ADO connection variable, see "Variable Names" below):
Set cnnSQL = Server.CreateObject("ADODB.Connection")

Set cnnSQLServer = Server.CreateObject("ADODB.Connection")
These do not conform:
Set cnnS = Server.CreateObject("ADODB.Connection")

Set cnnsql = Server.CreateObject("ADODB.Connection")
Paths, using MapPath
Consider using MapPath instead of literal paths in ASP

applications. The ASPServer.MapPath method allows you to
physically relocate an ASP application without recoding scripts.
This saves program modification and maintenance effort.
Performance is affected slightly, because every time you

use MapPath in a script, IIS must retrieve the current server
path. Consider placing the result of the method call in an
application variable to avoid retrieving the server path.
Select Case Statement for Readability
For readability and efficiency, use the Select Case statement in

place of If...Elseto repeatedly check for the same variable for
different values. For example:
Select Case intYrsService

Case 0 to 5
strMessage = "You have ten days paid leave this year."
Case 6 to 15
strMessage = "You have fifteen days paid leave this year."
Case 15 to 30
strMessage = "You have twenty days paid leave this year."
Case 30 to 100
strMessage = "Will you never leave?"
End Select
Spaces in Scripts
To enhance script readability, use spaces consistently:
• Before and after operators, such as plus and equal.

• After commas, as when passing parameters.
• Exception: do not use spaces between arguments in ADO
connection strings.
Statement Styles
Each scripting language has its own conventions for

capitalization, indentation, and other style-related characteristics.
Since VBScript is case-insensitive, capitalization conventions can
be created to improve readability, as the following suggestions
illustrate.
If...Then...Else...End If statements:
• Capitalize the first letter of If, Then, Else, and End If.
• Indent the clauses two spaces, or one tab.
• Put spaces at each end of an equal sign.
• Avoid using unnecessary parentheses.
Correct example:
<%
If Request("FName") = "" Then
Response.Clear
Response.Redirect "test.html"
Else
Response.Write Request("FName")
End If
%>
Similarly, capitalize the first letters of function and subroutine

statements, and indent their definitions 2 spaces. Example:
Sub SessionOnStart
Set Session("MyId") = Request.ServerVariables(...)
End Sub
As with variable names, use mixed case, capitalizing the first

letter in each term in a name. Avoid underscores. Example:
FirstName
String Concatenation
For the sake of consistency and to achieve more self-

documenting scripts, use the string concatenator (&), instead of a
plus (+) sign.
String Function
Use the String() function to create a string consisting of

repeated characters. Example: a string of non-breaking spaces
( ). The String() function is more readable and elegant
than, for example:
For I = 0 to 11 . . .
Case Values
Keep case consistent in both variable assignment and logical

tests by usingUCase() or LCase(). This is especially important
when assigning and logically testing HTML intrinsic form controls,
such as check boxes and radio buttons.
Trimming Values
Be consistent in trimming values. For example, consider always

trimming values before putting them in state. This will eliminate
errors in processing caused by inconsistencies in trimming
schemes.
Variable Declaration
Declaring variables explicitly helps expose errors, such as

misspelled variable names. To make code more reliable and
readable use the Option Explicitstatement in VBScript.
When you want to use strong variable typing, the logic should be
programmed into a component built with a language that
supports it, such as Visual Basic 5.0 or Visual J++. Loosely typed
variables, such as Variants in VBScript, can affect performance,
especially when mathematical computations are involved.
Variable Names for Consistency
For consistency in naming variables, use initial capital letters in

variable names (do not capitalize prefixes).
To make the intended use of a variable clear to others reading

your script, use three-character prefixes to indicate data type.
Even though explicit typing is not supported in VBScript, the use
of prefixes is recommended to denote the intended data type.
Table B.1 Suggested Prefixes for Indicating the Data Type of a

Variable
Data Type Prefix
Boolean bln
Byte byt
Collection col
object
Currency cur
Date-time dtm
Double dbl
Error err
Integer int
Long lng
Object obj
Single sng
String str
User-defined udt
type
Variant vnt
ADO command cmd

Jul 17, 1998 editor's note: This was previously published as cmn in the
Resouce Kit; we now recommend cmd.
ADO cnn
connection
ADO field fld
ADO parameter prm
ADO recordset rst
To keep variable name lengths reasonable, use standardized

abbreviations. For clarity, keep abbreviations consistent
throughout an application, or group of related applications.
Instead of:
strSocialSecurityNumber
Use:
StrSSN
Variable Scope for Performance
Use local scope (within subroutines and functions) for variables

unless you have a compelling reason to use global scope. Local
variables are resolved into table lookups when compiled,
enabling fast execution at run time.
Declare global variables using the Dim statement before using

them. This saves valuable first-use time by eliminating a search
of the entire variable list.
HTML Conventions for ASP Pages

ASP applications serve dynamic information in standard HTML
format. This means that you can customize information for a wide
range of users.
Support Text-Only Browsing
Many users browse the Web in text-only mode in order to speed

up the display of information to their browsers. To ensure that
you present as much content as possible to these users, take the
following steps to support text-only display:
• Include text-only navigation objects, such as menus.

• Include the alternative (ALT) parameter with each image tag
to provide information about images.
<IMG SRC="gravity.jpg" ALT="Picture of apple falling">
• When providing client-side imagemaps, add a text-only list

of the mapped areas, with links to the information that
would have been loaded if the user had clicked on a map
link.
Checking HTML Files
You should check and debug your HTML code formally, using
either a dedicated HTML checker or an HTML editor that includes
a checker.
• Choose an HTML checker that helps enforce your HTML

version standard.
• Debug each new HTML file as it is developed. Then debug
your files again after each time they are modified.
To debug an HTML page that contains ASP scripts:
• Run the page that contains ASP scripts.

• View the source.
• Save the output, which is pure HTML.
• Run the saved output through an HTML checker.
This process is especially important for ASP pages that include

forms. In these cases, HTML errors may corrupt
the Request object sent from the browser to the server and
cause a run-time error.
Using the 216-Color Palette
Color palette mismatches are ever-present concerns when you

are creating images for a multi-platform Web. Even images in
formats that require compact palettes, such as GIF (256 colors
max), often display disparate colors when displayed on different
platforms, such as Mac OS, Windows 95, and UNIX.
To ensure that your images display the same colors in different

browsers on diverse platforms, use the 216-color palette—also
called the safety palette, or the 6x6x6 palette. This allows nearly
as many colors as a GIF image can display, and displays
consistent colors across systems.
Designing for Small Screens
Small-screen formats are still the standard for many users.

Although larger formats are making progress, even 800 by 600 is
too large to fit on millions of displays. For example, there are
about ten million Macintoshes currently in use, many of which
display 640 by 480 pixels.
To accommodate a broad spectrum of users, including those with

small screens, design for 640 by 480 pixels.
For usability with small screens, keep the average line of text to
approximately 12 words.
Displaying Standard Error Messages
For consistency and to make error messages informative, use

standardResponse.Status values, such as "401 Unauthorized -
Logon failed" and other IIS standard responses in your pages. You
can customize error messages in cases where additional
information is needed.
Using Object Statements with Embed Statements

To use interactive objects delivered to multiple browsers you
must code for browsers that do not support the HTML <OBJECT>
tag.
To script the use of interactive objects, ActiveX Controls, or Java

applets in HTML pages designed for a wide range of browsers:
• Use the <OBJECT> tag to place the object on the page.

• Add the <EMBED> tag to support browsers that do not
support the <OBJECT> tag.
• Add a display object using the <NOEMBED> tag for
browsers that cannot "play" the object.
The following example places a Shockwave control onto a page,

and provides for the contingencies in the preceding sections:
<OBJECT ID="ShockedPMDauntless">
CLASSID="clsid:59CCB4A0-727D-11CF-AC36-00AA00A47DD2"
CODEBASE="http://www.fabrikam.com/marketing/movers/..."
WIDTH=180 HEIGHT=120
>
<PARAM NAME="swURL" VALUE="dauntless.dcr">
<EMBED SRC="dauntless.dcr" ALT="Movie of Fabrikam
Dauntless model in
action" WIDTH=180 HEIGHT=120>
</EMBED>
<NOEMBED>
<IMG SRC="dauntless.gif" ALT="Picture of Fabrikam
Dauntless model in
action" WIDTH=180 HEIGHT=120>
</NOEMBED>
</OBJECT>
ASP from A to Z
Nancy Winnick Cluts

Developer Technology Engineer
October 22, 1998

Contents
Introduction
What ASP Is
How ASP Works
ASP from A to Z
Bibliography
Introduction
There's lots of helpful information about Active Server Pages
(ASP) available on this site and other sites. If you have plenty of
time to search for the information, you can find answers to most
of your questions. But if you want to find out what tools you can
use to debug ASP or how to handle errors, you need to do some
digging. This article provides an easy way to find information that
pertains to ASP, including a short definition of what ASP is, how
ASP works, and an alphabetical list of terms and tips that relate
to ASP. In the A-to-Z list, you will see a brief description as well as
pertinent links to more detailed information (when that
information is available). This article is meant to be a "living"
document. That means that I plan on updating it with new tips
and removing tips that no longer apply. If you are an ASP
developer and have a "juicy" tip, send it to me. If I publish it here,
you'll get credit and the everlasting gratitude of throngs of other
ASP developers.
What ASP Is
Active Server Pages is a programming environment that provides
the ability to combine HTML, scripting, and components to create
powerful Internet applications that run on your server. If you are
already creating Web sites that combine HTML, scripting, and
some reusable components, you can use ASP to glue these items
together. You can create an HTML interface for your application
by adding script commands to your HTML pages and you can
encapsulate your business logic into reusable components. These
components can be called from script or other components.
How ASP Works

When you incorporate ASP into your Web site, here's what
happens:
1. The user brings up a Web site (like MSDN Library) where the
default page has the extension .asp.
2. The browser requests the ASP file from the Web server.
3. The server-side script begins to run with ASP.
4. ASP processes the requested file sequentially (top-down),
executes any script commands contained in the file, and
produces an HTML Web page.
5. The Web page is sent to the browser.
Because your script runs on the server, the Web server does all of
the processing and standard HTML pages can be generated and
sent to the browser. This means that your Web pages are limited
only by what your Web server supports. Another benefit of having
your script reside on the server is that the user cannot "view
source" on the original script and code. Instead, the user sees
only the generated HTML as well as non-HTML content, such as
XML, on the pages that are being viewed.
ASP from A to Z
This section contains a list of terms and tips to help you
understand ASP. They are listed in alphabetical order. Scroll down
to the topic that interests you or click the letter in the alphabet
below to jump down to the section containing the topic. I cribbed,
er, I mean, compiled these tips and definitions from a number of
sources, including technical articles (listed in the bibliography
below), Knowledge Base articles, and a beta version of the
Microsoft® Internet Information Server (IIS) 5.0 documentation
(I'm so lucky!).
A B C D E F G I J L M O P
Q R S T V W X
ADO
Active Data Objects (ADO) provides a programming model for an

OLE-DB data source. It is the database model that ASP uses;
however, ASP can use other database access mechanisms. ADO
supports the following installable objects, which are often used in
ASP files: Command, Connection, Recordset, Field, andError.
Refer to the ADO Web site
at http://www.microsoft.com/data/ado/ for more information than
you can shake a stick at.
Applications
ASP is not just for prototyping. When using ASP as a solution,

design your solution as an application instead of designing stand-
alone ASP pages. As far as objects are concerned, it's best to take
a look at what you need to accomplish and decide what you
need, then whether you can buy the objects or will need to create
the objects yourself. Take into consideration caching, scalability,
reusability, security, and consistency.
Bottlenecks
Identify your bottlenecks (that is, the database, network card, or

network connection) using the tools available: WCAT, NetMon,
and performance counters. To improve server performance, take
a look at all parts of the system for potential bottlenecks,
including hardware configuration and software settings. This way,
if you are ever asked to scale the project larger, you will know
where the work needs to be done.
Browser Connection
In IIS 4.0, use the Response.IsClientConnected property to

determine if the browser is still connected. If the browser is not
connected, you can conserve CPU cycles by ceasing the
processing of the ASP page. Refer to the Knowledge Base
article Use IsClientConnected to Check if Browser is Connected.
Buffering
Turn buffering ON. By default it is OFF in IIS 4.0; in IIS 5.0,

buffering is ON by default. You should buffer your ASP files so
that you can abort sending a Web page. This might happen if the
script being processed runs into a problem or if a user does not
have appropriate security credentials. If this happens, and if you
are using IIS 5.0, you can transfer the user to another page
usingServer.Transfer, or clear the buffer (using
the Clear method of the Responseobject) to send different
content to the user.
C++
If you are creating page-level components, you can use server

scriptlets, Visual Basic®, Visual J++™, and Visual C++®. If you
are writing components that will be in application or session
state, we recommend that you write them in C++ or Java so you
can create them as both-threaded. Visual Basic is apartment-
threaded. See the section below on threading for more details.
Caching
If your application sends pages to the client via a proxy server,

the proxy server may cache pages to return them more quickly to
the client. This reduces the load on the network and the Web
server. To prevent a browser from caching ASP pages,
set Response.Expires to some negative number. This will force
the cached pages to expire immediately. If you
set Response.Expires to 0, and if your browser clock is behind
by a few minutes, the page won't expire immediately. If your Web
site contains objects that do not expire often, such as images, set
the expiration to some time in the future. This will greatly
increase the speed at which a page is refreshed or downloaded.
Proxy caching viapragma:nocache is already done for you by
IIS, so you don't have to set this in your headers. More
information about caching can be found in Got Any Cache?
Client-Side Scripts
Distribute the work on your Web site by providing script on both

the client and the server. See Client-Side and Server-Side
Objects.
COM Object Debugging
If you create a COM object and use it through ASP

with Server.CreateObject, you cannot go back into your
development environment and recompile the COM DLL without
restarting the IIS Admin and W3SVC (Web server) service.
Otherwise, the COM DLL will be locked. To restart these services,
do the following:
1. At a command prompt, type net stop iisadmin /y. Please
note that this will shut down IIS' parent service, IIS Admin.
This will also shut down FTP and other services that are
children of IIS Admin. If you type only net stop w3svc,
inetinfo.exe will not be unloaded.
2. At a command prompt, type net start w3svc. This will
restart IIS Admin and the W3SVC service (Web server).
3. You may recompile at any point after Step 1. Once you refer
to an object that loads your DLL, you must repeat Step 1
before building the component successfully.
Components
Use components to encapsulate the business logic in your ASP

applications. You can create your own components or buy them
"off the shelf." Once you have a component, you can reuse it
wherever you need it. Develop your components using C++ or
Java. Because Visual Basic is not marked as both-threaded, you
cannot use Visual Basic components within application scope. If
you design your own components, be sure to design components
that are stateless (that is, the methods you define take
parameters, rather than having a script set properties then call
the method without the parameters).
Stateless components are far more flexible and reusable. In

addition, if you have areas in your script where you have more
than 100 lines of contiguous script, consider turning that script
into a server scriptlet. More information about creating
components can be found in the Active Server Components
section of the Server area of the MSDN Library. A comprehensive
list of third-party components available for ASP can be found in
the ASP Component Catalog.
Connections
Pool your connections for optimal performance. By pooling your

connections, your resources are allocated more efficiently. For
support of multiple logons, provide one connection for read-only
access and one connection for read/write access. In general,
avoid putting ADO connections in session state. ODBC (version
3.0 and later) automatically does connection pooling for you, and
OLE-DB provides session pooling.
Cookie Munger
ASP uses cookies to store the session identifier (ASP SessionID).

For machines that have cookies turned off, the Cookie Munger
tool can be used to strip out cookies and put the information in a
URL. This enables the use of "cookies" without actually sending
out cookies. For more information, see Simulating Cookies with
the Cookie Munger.
CPU
Design for scalability. Stress your ASP applications at 100% CPU

to determine how to best allocate your resources. Use WCAT or a
third-party tool such as Mercury's LoadRunner to tune your
performance.
Data Access Components
Read Improving the Performance of Data Access Components in

IIS 4.0 for a detailed explanation of the techniques that you can
use to improve performance.
Database
Use ADO for adding database access to your Web pages via
components. ADO can be used to create small components that
connect to any OLE-DB compliant data source, whether it's
relational or non-relational. This includes spreadsheets,
databases, or e-mail directories.
Debugging
There are many tools available for debugging, including

the Microsoft Script Debugger. The Script Debugger lets you run
your server-side scripts one line at a time, monitor the value of
variables, properties, or array elements during execution, and
trace procedures.
Important: Once you have finished debugging your

Web site, don't forget to turn off debugging on your
live servers. This will increase performance.
Dictionary Object
The Dictionary object enables you to look up and store arbitrary
key-data pairs rapidly. The Dictionary object gives you access to
items in the array by key, so it is faster to find things that aren't
stored contiguously in memory. Instead, you use a key rather
than having to know where in the array the object is stored.
Disconnected Recordsets
Disconnecting a Recordset means you can view

the Recordset's data after severing the connection to the data
store that generated the Recordset. You can create a
disconnected ADO Recordset in-process with
a Recordset whoseCursorLocation property
is adUseClient and whose ActiveConnection property is set to
NULL/Nothing. You can then put the Recordset into ASP
application state and use the Recordset Clone method to share
and access the Recordset in your ASP files. You can then pass
this Recordset to a remote client using either RDS or DCOM (or
both together). Read the Knowledge Base articles HOWTO:
Getting ADO Disconnected Recordsets in VBA/C+
+/Java and INFO: Disconnected Recordsets with ADO or RDS for
detailed information.
Error Handling
You can use the ASPError object to obtain information about an

IIS 5.0 error condition that has occurred in an ASP file.
The ASPError object is returned by
theServer.GetLastError method. If the error condition
generates an exception and you are using VBScript, use OnErr.
In JScript™, use the try…catch method. Detailed information
about error handling can be found in the article Microsoft JScript
Version 5.0 Adds Exception Handling, by Michael Edwards.
Flow Control
Flow control is the ability to set the flow of your ASP application.
Flow is controlled through Response methods and two
new Server methods (for IIS 5.0).
Using Response.Redirect causes posted data to be lost.
The Response.Endmethod causes ASP to stop when an error is
found. You do not need to call this method after
calling Response.Redirect. The Server.Transfer method is the
same as Response.Redirect, except that the work is done on
the server and posted data is not lost.
The Server.Execute method will flow into a nested ASP call and
return execution to where you were before the error occurred.
FileSystem Object
The FileSystem object blocks on files. If you are running a high-

volume Web site, don't use the FileSystem object because the
performance of accessing a single file will degrade. If you are
using multiple files that are not being accessed at the same time,
use of the FileSystem object will not result in a performance hit.
Global.asa
The Global.asa file is an optional file in which you can specify

event procedures and declare objects that have session or
application scope. It is not a content file displayed to the users; it
stores event information and objects used globally by the
application. This file must be named Global.asa and must be
stored in the root directory of the application. An application can
have only one Global.asa file. Instead of using the
ASP FileSystem object to read files on a page, load the file(s)
into an Application level array in Global.asa.
Glue
Use ASP for the glue and components for the business logic. If
you have 100 or more lines of consecutive script, turn it into a
component using server scriptlets (bearing in mind that server
scriptlets have the same limitations as Visual Basic components).
InetLoad
The InetLoad tool can be used to tune your Web site. This tool
generates customizable loads on various Internet services, over a
broad range of Internet protocols, including HTTP, SMTP, POP3,
and LDAP. You can use this tool to simulate traffic on your Web
site. InetLoad is available
athttp://www.thaiware.com/software/internet/IN00470.htm. See
also WCATW and Mercury LoadRunner for tuning tools.
Internationalization
If you are providing a Web site that will be viewed in countries
other than the United States, you can use the CODEPAGE tag
within the <% %> delimiters to specify the proper code page.
Alternatively, you can use the Session.CodePageproperty. Read
all about it
athttp://www.microsoft.com/workshop/server/nextgen/nextgen
.asp. In addition to CODEPAGE, you can also use the Local
Language Identifier (LCID) to determine the language that the
user has set as her preference. Detailed information about LCID
can be found in the IMultiLanguage Reference.
Isolation
You can separate IIS, ASP, and components into different

processes for better performance. The drawback to putting these
in different processes is the cross-process communication
performance hit. You can put IIS, ASP, and your components in
one process. This is the fastest method, but if your component
goes down, it can bring down ASP and IIS. You can put IIS in one
process and ASP with your components in another so that IIS will
not crash if your component or ASP crashes. You can put IIS and
ASP in one process and your component in another process. This
is slower than the previous option due to all of the cross-process
communication; however, it does insulate IIS and ASP from a
buggy component. The slowest but "safest" option is to put IIS,
ASP, and your components all in separate processes. If one
crashes, nothing else will, but the performance will be very, very
slow. It's a better idea to test your components really well.
Component Configuration Protection Speed
IIS, ASP, and components in one process 1 4
IIS in one process, ASP and components in another process 2 3
IIS and ASP in one process, components in another process 3 2
IIS in one process, ASP in one process, components in one process 4 1
Legend: 1 = Least, 4 = Most
Java
Use Java (or C++) to write components. Java is a powerful
language that you can use to create components that are both-
threaded.
Logging
You can turn on URI_Query extended logging to log ASP failures.

This is not turned on by default. Turning it on is tricky, so here
are the steps:
1. Select a Web or FTP site and open its property sheets.

2. Enable logging if it is disabled and select the W3C Extended
log file format.
3. Click Properties.
4. On the Extended Properties property sheet, select the fields
you want to log (in this instance, URI_Query). By default,
Time, Client IP Address, Method, URI Stem, and HTTP Status
are enabled.
5. Click Apply.
You can also log to the Windows NT® Server Event Log; however,
logging to the Windows NT Server Event Log is not a good idea if
you've got lots of errors or are in debugging mode because you
can fill up the log quickly. Using the Windows NT Performance
Monitor, you can log a variety of error conditions, including how
many ASP requests have failed and how many errors occurred
during the script run-time.
Mail
Use Collaboration Data Objects (CDO) to send mail for Windows

NT Server. CDO is a lightweight version of CDO for Exchange. It
works on SMTP or Exchange. If you are using another e-mail
protocol, use a third-party component. A comprehensive list is at
http://www.microsoft.com/workshop/server/components/catalog.a
sp.
<OBJECT> tag
If you need to refer to objects that may not be used, instantiate

them by using the <OBJECT> tag rather than
using Server.CreateObject. UsingServer.CreateObject causes
the object to be created immediately. If you don't use that object
later, you end up wasting resources.
Option Explicit
Turn on the Option Explicit option in your .asp file. Visual Basic
enables you to use variables without explicitly declaring them.
Turning on this option helps to identify undefined variables—you
will get an error message for undefined variables. Turning on
Option Explicit makes undeclared variables illegal. Undeclared
local variables are as slow as global variables. Turning on this
option will help you find these slugs so that you can get them out
of your code.
Order of Execution
ASP does not guarantee the order of execution of script written in

different script blocks. It is strongly recommended that only
procedures (functions and subs) be used in script blocks. This
way, you can control the execution order by calling those
procedures from the primary script (that found inside <% and
%>) or by calling one procedure from another procedure.
Performance Monitoring
Make sure to monitor the performance of your ASP application.

You can use the System Monitor to determine the number of
connections and file transfers for a week-long period on your Web
site. You can also check the Event Viewer to view the Windows
NT Event log. (See the logging topic just above.) Some events
that can be helpful include:
• Request.WaitTime (how long the request has been

waiting)
• Request.Queued (how many requests are queued up)
• Request.Executing (what's being done concurrently)
• Request.PerSecond (throughput)
• Sessions.Current (to see if there aren't any or how many
are going on)
• Request.Disconnected (if the browser has disconnected,
stop processing the ASP to reduce the waste of CPU cycles)
• Templates.Cached (if you are caching too many, you may
run out of memory)
Programming Conventions
If you want to have efficient scripts, consult the programming

conventions available in the IIS Resource Kit. These conventions
are published online
athttp://www.microsoft.com/workshop/server/asp/aspconv.asp .
Queuing
You can use Message Queuing Services to bundle an update or

set of updates into a transactional message that is delivered to a
remote server. Message Queuing Services ensures that updates
will be delivered to the remote server, even if the network is
currently unavailable. Your application receives a commit
message and can continue with the transaction.
Remote Data Service (RDS)
To tune RDS, increase ADCThreads from its default of six to

twelve. The Registry entry for this parameter is located at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SV
C\Parameters\ADCThreads. The maximum number you can
specify is 50. Note that the server must be rebooted for this
change to take effect.
Restarting IIS
By default, sites start automatically when your server restarts. To

start, stop, or pause a site in the Internet Information Services
snap-in, select the site you want to start, stop, or pause. Then
click the Start, Stop, or Pause button on the toolbar. If a site stops
unexpectedly, the Internet Information Services snap-in may not
correctly indicate the state of the server. Before restarting, click
Stop, and then click Start to restart the site. Use the Cluster
Administrator user interface for starting and stopping clustered
sites.
Scalability
Break your include files into multiple small files rather than
having one large file, and include only those files required by
your server-side script. If the file that your ASP script includes
contains a large number of functions and variables that are not
used by the including script, you can waste resources and
adversely affect performance and scalability.
Scripting Engines
ASP comes with scripting engines for Microsoft Visual Basic®

Scripting Edition (VBScript) and Microsoft JScript. COM Scripting
engines for PERL, REXX, and Python are also available through
third-party developers. Cache as many script engines as you
have threads running.
Scripting Languages
ASP supports the VBScript, JScript, Perl, and REXX scripting

languages.
Security
You can create server-side script using ASP that extracts a user's
client certificate and saves the information. You can then use
Secured Sockets Layer (SSL) to catalog and manage the
certificates of users accessing your server. Read more about
implementing a secure site with ASP
athttp://www.microsoft.com/isn/whitepapers/security.asp.
Self-Tuning
A new feature for IIS 5.0 enables ASP to detect when executing
requests are blocked by external resources, and to automatically
provide more threads to simultaneously execute additional
requests and continue normal processing. If the CPU becomes
overburdened, ASP cuts down on the number of threads to
reduce thread-switching on simultaneous non-blocking requests.
Server Performance
You can optimize your server performance by techniques like

changing Registry settings for both your system and for IIS. Read
this detailed explanation of the settings used on the Microsoft
Web site and how the Web team tunes the
site:http://www.microsoft.com/backstage/whitepaper.htm.
Server Scriptlets
In IIS 5.0, ASP supports server scriptlets. Now you can turn your
business logic script procedures into reusable COM components
that you can use in your Web applications, as well as in other
COM-compliant programs.
Service Packs
Be sure to get the latest service pack for IIS and ASP. You can
find information about service packs on the IIS site
athttp://www.microsoft.com/ntserver/web/default.asp.
Sessions
Use the AspSessionMax metabase property to set the

maximum number of concurrent sessions that IIS will run. Using
this property will limit the memory overhead incurred by
maintaining sessions. You can also manage the lifetime of session
objects within IIS using the AspSessionTimeout property.
Session Loss
Session identifiers can be lost for a variety of reasons including

bad code, an insufficient Session.Timeout value, and lack of
cookie acceptance. If you are running into this problem, refer to
this very helpful article on ASPAlliance at
http://www.aspalliance.com/juan/.
Serialized
Session requests are serialized unless they are in sessionless ASP

pages. Sessionless ASP pages can often improve the
responsiveness of your server by eliminating potentially time-
consuming session activity.
SQL Server
By default, the creation of temporary stored procedures is set to

ON for SQL Server 2.65 and 3.5 drivers. If you have connection
pooling enabled, your temporary stored procedures can be
inadvertently deleted. We recommend that you disable the
creation of stored procedures when running with connection
pooling. A detailed explanation of this phenomenon can be found
in the article Improving the Performance of Data Access
Components with IIS 4.0,
http://www.microsoft.com/workshop/server/components/daciisper
f.asp, in the Connection Pooling and SQL Server Temporary
Stored Procedure section.
Templates
Templates can be either static, like a style sheet or a Word

document template, or can include logic. You can use ASP to
provide templates that contain logic that you use for many
different files.
Testing
Test your ASP. Use the tools available with IIS and Visual InterDev
6.0 to test your script and components.
Threads
Use objects that are marked as "both" for the threading model in
your ASP file, if you plan to store those objects in session or
application state. Objects marked "both" or "apartment" will give
you the best performance for objects that are within the scope of
the page. ASP does not guarantee that your session will run on a
particular thread. If you use an apartment-threaded component,
that component will always run on the same thread. Components
that are both-threaded can run on any thread. In simple terms:
Let's say that you are at a supermarket. You notice that checkout
line number three has only one person in line while the other
checkout lines are long. You choose checkout line number three.
If you come back to the store later, you might see that checkout
line number three now has a very long line, so you'd prefer to go
to another checkout that has a shorter line. If you are apartment-
threaded, you can't go to another line; you must go back to the
thread that created you.
Readhttp://www.microsoft.com/workshop/server/components/agili
ty.asp for more information about threading and ASP
components.
Transactions
A transaction is a group of operations that you can have perform

as a whole. Transactions are used with databases to ensure that
all related data is updated as a whole. If an error occurs, the
original state of the database is restored.
Tools
Drumbeat, FrontPage 2000, and NetObjects Fusion are tools that

you can use to get started using ASP quickly and easily.
Type Libraries
You can cache type libraries on the server using

the AspEnableTypelibCachemetabase property. This property
applies to all ASP applications that are running in the same
process.
Validation
If you are running a smart browser, it's capable of doing some

validation for you. Take advantage of this whenever you can.
Then, perform validation through your scripting. When all else
fails, you can go ahead and access your database on the back
end. But remember that whenever you access the database that
lives on the server, you are going to take a performance hit. This
can be very expensive if you have several values in a form that
you are validating. If you know that you will need to run some
script on the client side, go ahead and move the code to the
client side for faster performance. When you are running on the
client, you have the processor(s) for your use; the server has to
use its processing power for all of the requests it receives.
Visual InterDev
Use Microsoft Visual InterDev® to quickly create leading-edge

Web sites. Visual InterDev includes a set of integrated database
tools that greatly simplify connecting your Web site to OLE-DB
data sources and open database connectivity-compliant (ODBC)
databases. For more information, visit the Microsoft Visual
InterDev Web site at http://msdn.microsoft.com/vinterdev/. For
development information, refer
tohttp://msdn.microsoft.com/vinterdev/technical/articles.asp.
If you are running into problems debugging local ASP in Visual

InterDev, the problem might be with the way you have your
permissions set. Open DCCOMCNFG and go to the Catalog Class
and Machine Debug Manager application identifiers. Go to the
Security tab and make sure that your machine Administrators
group is listed in the Custom Access and Launch Permissions
dialogs. In addition, be sure to add yourself to the Administrators
group.
WCAT
The WCAT tool runs simulated workloads on client/server

configurations. Using WCAT, you can test how IIS and your
network configuration respond to a variety of different client
requests. The results of these tests can be used to determine the
optimal server and network configuration. WCAT is designed to
evaluate how Internet servers running Windows NT Server and IIS
respond to various workload simulations.
Web Farms
A Web farm is a Web site that is served by more than one

computer. As a result, user requests will not always be routed to
the same server. Software is used to distribute the work. This is
known as load balancing. When loads are balanced, it can be
difficult to maintain session information. If you are going to use
ASP session management on a Web farm that is load-balanced,
you need to be sure that all requests made within a user session
are directed to the same server. You can do this by writing
a Session_OnStart procedure that uses a Response object to
redirect the browser to the Web server where the user's session
is running.
XML
Extensible Markup Language (XML) enables you to describe

complex data structures to be used in your Web applications (for
C-types, think of a struct). You can use the Microsoft XML
Parser (part of Internet Explorer 4.0) to create ASP applications
using XML.

Product Overview

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Product Overview

Hochgeladen von

Copyright:

Verfügbare Formate

Product Overview

What is Active Server Pages?

Microsoft® Active Server Pages (ASP) is the server-side execution

What is dynamic content?

Who should use Active Server Pages?

Organizations will use the Active Server Pages technology to put

Who can create dynamic content with Active Server

Webmasters, information systems (IS) professionals, and

What do I need to run Active Server Pages?

How much will Active Server Pages cost?

Active Server Pages is a component of IIS 3.0, which is a free,

Active Server Pages can develop a new generation of Web-based

What ActiveX Server Components are supported?

Active Server Pages allows organizations to extend the power of

What scripting languages does Active Server Pages

Active Server Pages provides native support for both Microsoft

Does Active Server Pages maintain state for me?

Yes. Active Server Pages allows you to define application and

What about legacy data?

Active Server Pages makes it easy to bring legacy database

Active Server Pages will run on Microsoft Windows NT Server 4.0,

Is Active Server Pages secure?

Yes. Active Server Pages is a component of Internet Information

What data sources can my Web application integrate

An Active Server Pages application can integrate with any ODBC-

How does Active Server Pages compare to CGI?

Active Server Pages provides all of the functionality of CGI

ASP is an easier way for your server to access information in a

With CGI, the server creates as many processes as the number of

How does Active Server Pages compare to ISAPI

ISAPI applications require all of the programming and layout to be

How does Active Server Pages compare to PERL?

PERL and other scripting languages are not robust development

ASP supports virtually any scripting language to build these

Can Active Server Pages use Java?

Yes. Active Server Pages supports ActiveX server components

Can I use existing Automation servers?

There really are no minimum requirements for a component,

Refer to "Creating ASP Components" in the Programmer's

Active Server Pages allows you to quickly bring your existing

How does Active Server Pages compare to Netscape

Netscape LiveWire requires the use of JavaScript, while Active

LiveWire applications must be manually compiled after each

ASP and Web Session

To overcome this limitation, application developers require a

The Session object supports a dynamic associative array that a

Session ("UserName") = "JohnH"

Welcome back <% = Session("UserName") %>

Object references are stored using the SET keyword of VBScript,

Set Session("MyAd") = Server.CreateObject("MSWC.Adrotator")

This is similar to the normal Dictionary objects supported by

Set-Cookie: ASPSESSIONID=PUYQGHUMEAAJPUYL; path=/Webapp

Each subsequent request by this browser to this server, in the

ASP automatically processes this cookie and uses it to restore the

Managing ASP Sessions

When Are Session Cookies Sent by

This behavior may cause some confusion, because ASP

Hard-to-Guess Cookie Values

• Session ID values are 32-bit long integers.

Web Farms and ASP Session State

To use ASP in a load-balanced environment, there are a number

1. Do not use the session management provided by ASP. You

ASP Session Aware Load-Balancing