Home arrow ASP arrow Page 2 - HTTP Tunneling Revealed: Part 2/3

HTTP Tunneling Revealed: Part 2/3

In part 2 of this article Adnan shows us how to fake a web service using XMLHTTP in ASP, how to handle HTTPS authentication via ServerXMLHTTP and more.

Author Info:
By: Adnan Masood
Rating: 5 stars5 stars5 stars5 stars5 stars / 27
October 22, 2002
  1. · HTTP Tunneling Revealed: Part 2/3
  2. · Forcing Downloads
  3. · Invoking a Web Service Using Only XMLHTTP
  4. · Implementation in .NET Using System.Net.WebClient
  5. · Conclusion

print this article

HTTP Tunneling Revealed: Part 2/3 - Forcing Downloads
(Page 2 of 5 )

By setting up a ContentType, one can direct the binary responses to force downloads, transferring the responseBody variable to web browser. The example below demonstrates this using ServerXMLHTTP:

<%@ Page aspcompat=true Debug="true"%>
<% Dim xmlobject
xmlobject = Server.CreateObject("MSXML2.ServerXMLHTTP")
xmlobject.Open ("GET", "http://www.jlctools.com/jlcsplitit/spltit32.zip", False)
' Adding header
Response.AddHeader ("Content-Disposition", "attachment; filename=spltit32.zip")
'Setting content type for webclient
Response.ContentType = "application/zip"
' Writing binary data
Response.BinaryWrite (xmlobject.responseBody)

Binary file transfer / forcing downloads

Accessing HTTPS and Authentication via ServerXMLHTTP
ServerXMLHttp supports authentication, as the open method provides two optional arguments user name and password. This is for the sites that ask for authentication credentials using the standard WWW-Authenticate header:

<%@ Page aspcompat=true Debug="true"%>
Dim xmlobject
xmlobject = Server.CreateObject("MSXML2.ServerXMLHTTP")
xmlobject.Open ("GET", "https://www.verisign.com", False)
Response.Write (xmlobject.responsetext)

Verisign's HTTPS site

The image on the left shows absolute access via a browser to a secure site, while the image on the right is the screenshot of the code above. No images are displayed on the screenshot to the right because relative paths are not handled in this example.

Web Services; Enhanced Tunneling
Web services are an extension and regularization to what you have experienced above; they are a very simple concept. They can be stated as an application defined & published to be invoked over a network, for instance the World Wide Web via a protocol like HTTP. They are a distributed processing enhancement that provides a standard description language, location and execution mechanism with request-response standards.

In contrast with previous mechanisms like CORBA, RMI and somehow DCOM, web services are emerging as a widely accepted industry standard and a quantum leap in b2b e-business. They take away a lot of remote procedural call and marshalling headaches and provide a neat mechanism for distributed processing.

Two key terms while implementing web services are WSDL and SOAP. I'll explain them below, however I have found that the definitions from the World Wide Web consortium are a tad more interesting:

"WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint. Related concrete endpoints are combined into abstract endpoints (services). WSDL is extensible to allow description of endpoints and their messages regardless of what message formats or network protocols are used to communicate, however, the only bindings described in this document describe how to use WSDL in conjunction with SOAP 1.1, HTTP GET/POST, and MIME."

W3C's definition for Simple Object Access Protocol i.e. SOAP, is:

"SOAP is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses."
blog comments powered by Disqus

- Central Scoreboard with Flash and ASP
- Calorie Counter Using WAP and ASP
- Creating PGP-Encrypted E-Mails Using ASP
- Be My Guest in ASP
- Session Replacement in ASP
- Securing ASP Data Access Credentials Using t...
- The Not So Ordinary Address Book
- Adding and Displaying Data Easily via ASP an...
- Sending Email From a Form in ASP
- Adding Member Services in ASP
- Removing Unconfirmed Members
- Trapping HTTP 500.100 - Internal Server Error
- So Many Rows, So Little Time! - Case Study
- XDO: An XML Engine Class for Classic ASP
- Credit Card Fraud Prevention Using ASP and C...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials