HEAD and GET requests

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Agoston Bejo
    #1

    HEAD and GET requests

    Hello,
    I have to write some asp pages that react to HEAD and GET requests.
    The scenario is this: This is going to be a WAP site. When someone goes to
    the main page, it is redirected to a payment server.
    The payment server then issues a HEAD request for which the IIS Server has
    to return some specific header fields. After this, the payment server takes
    care of how the client pays, etc. When everything is fine, it issues a GET
    request, for which the actual content must be returned.
    According to the documentation that I have, this can be quite simply
    achieved:

    pay_main.asp
    <%Response.AddH eader "Header1", "Value1"%>
    ....
    <wml>
    .... <!-- content -->
    </wml>


    This way for HEAD requests the server will send the appropriate header
    information and for GET requests it will return the whole content.
    Now what I want to do is set up a session variable that indicates if the
    payment already took place. I could do this in VBScript after adding the
    header fields to Response. But I don't know whether the server-side VBScript
    (apart from the Response.AddHea der... statements) gets executed when the
    server replies to HEAD requests, or only when it replies to GET requests.
    If it does, then I'll have to find some way to somehow determine whether the
    server is currently replying to a GET or a HEAD request (in the first case
    the payment has already taken place). Is there any way to do this?


    Tags: None
    • David Wang [Msft]
      #2
      Re: HEAD and GET requests

      What you want to do is very possible with ASP -- part of what it was
      designed to do. Remember, ASP is just as powerful as PHP and ASP.Net -- what
      distinguishes them is mainly available class libraries and design paradigm.
      In terms of raw functionality, they are pretty much equivalent.

      For example, it is ASP that popularized the notion of having server-side
      script execute to generate the response, which itself can contain
      client-side script. Of course, in the ASP file both client and server sid
      script looks like the same script, hence some obvious confusion (unless you
      follow a good design paradigm -- something ASP.Net later fixed).

      So, for all practical purposes, you should consider the server-side script
      executed to generate the response. It is ASP's job to figure out how to
      handle GET/HEAD correctly. Consider the following ASP page:

      <%
      Response.AddHea der "Header1", "Value1"
      Response.Write "Hello World"
      Response.AddHea der "Header2", "Value 2"
      %>


      If ASP works the way you are hypothesizing, how would ASP be able to execute
      statements sequentially, yet not send entity body but send both response
      headers for a HEAD request?

      Thus, you will need to use Request.ServerV ariables("REQUE ST_METHOD") to
      distinguish between HEAD/GET.


      FYI: Your payment/authorization model seems quite weird to me. Authorization
      is purely based on a property of the request (i.e. GET vs. HEAD). There is
      no verification on the WAP generation on IIS -- so why bother authorizing?

      You are going to have to prove that your custom scheme is able to deal with
      replay, spoofing, and man-in-the-middle security attacks if you ever plan to
      charge for services -- and the responsibility is squarely on you since it is
      your custom scheme.

      --
      //David
      IIS
      A load of stuff about Azure IaaS and Azure IoT
      http://blogs.msdn.com/David.Wang

      This posting is provided "AS IS" with no warranties, and confers no rights.
      //
      "Agoston Bejo" <gusz1@freemail .hu> wrote in message
      news:e6HmxfILFH A.580@TK2MSFTNG P15.phx.gbl...
      Hello,
      I have to write some asp pages that react to HEAD and GET requests.
      The scenario is this: This is going to be a WAP site. When someone goes to
      the main page, it is redirected to a payment server.
      The payment server then issues a HEAD request for which the IIS Server has
      to return some specific header fields. After this, the payment server takes
      care of how the client pays, etc. When everything is fine, it issues a GET
      request, for which the actual content must be returned.
      According to the documentation that I have, this can be quite simply
      achieved:

      pay_main.asp
      <%Response.AddH eader "Header1", "Value1"%>
      ....
      <wml>
      .... <!-- content -->
      </wml>


      This way for HEAD requests the server will send the appropriate header
      information and for GET requests it will return the whole content.
      Now what I want to do is set up a session variable that indicates if the
      payment already took place. I could do this in VBScript after adding the
      header fields to Response. But I don't know whether the server-side VBScript
      (apart from the Response.AddHea der... statements) gets executed when the
      server replies to HEAD requests, or only when it replies to GET requests.
      If it does, then I'll have to find some way to somehow determine whether the
      server is currently replying to a GET or a HEAD request (in the first case
      the payment has already taken place). Is there any way to do this?



        Comment

        Previous template Next
        Working...