CSP Gateway Configuration Guide - InterSystems Documentation
CSP Gateway Configuration Guide - InterSystems Documentation
CSP Gateway Configuration Guide - InterSystems Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>CSP</strong> with Microsoft Active Server Pages (ASP) and VBScript<br />
2.8 <strong>CSP</strong> with Microsoft Active Server Pages (ASP) and<br />
VBScript<br />
You can mix <strong>CSP</strong> pages with ASP pages and vice versa provided the integrity of the user's session is maintained for both<br />
environments. Both environments maintain their sessions using identifiers stored in cookies. <strong>CSP</strong> stores its session ID in<br />
a cookie named with a prefix of <strong>CSP</strong>SESSIONID and ASP uses a cookie named with a prefix of ASPSESSIONID.<br />
For example:<br />
<strong>CSP</strong>SESSIONID=00200001000614eX37yi00363806761900000000000000000000000000<br />
ASPSESSIONIDCCATBQCQ=DPLBEBECJLCJKIHKIKEFCCOA<br />
Provided the session ID for each environment is protected when serving pages from the other environment, the application<br />
should be able to seamlessly and transparently swap between <strong>CSP</strong> and ASP based applications.<br />
2.8.1 Client-side VBScript in <strong>CSP</strong><br />
VBScript, to be executed in the client’s Internet Explorer environment, can be added to <strong>CSP</strong> pages in the same way that<br />
JavaScript is used.<br />
For example:<br />
<br />
document.write "The time is: ",time<br />
<br />
2.8.2 Server-side VB-Script in <strong>CSP</strong> (Serving ASP Content through <strong>CSP</strong>)<br />
Sometimes you want to construct and serve complete ASP pages from a <strong>CSP</strong> application. In this case, the pages generated<br />
by <strong>CSP</strong> contain VBScript that is executed on the web server host (in the ASP engine) as opposed to in the client’s browser.<br />
The ASP (and ASP.NET) engine, in common with the <strong>CSP</strong> <strong>Gateway</strong>, is implemented as an ISAPI extension to IIS. However,<br />
there is no mechanism through which the <strong>CSP</strong> <strong>Gateway</strong> can route ASP content generated by <strong>CSP</strong> ‘sideways’ through the<br />
ASP engine.<br />
The facility for serving ASP content through <strong>CSP</strong> is implemented in the <strong>CSP</strong> <strong>Gateway</strong> by saving the ASP page returned<br />
by <strong>CSP</strong> as a physical file under the IIS documents root. Having done this, the client is then redirected to that page. The<br />
second redirection step results in the newly created ASP page being processed by the ASP engine, at which point the serverside<br />
VBScript is executed before the final page is delivered to the client.<br />
The <strong>CSP</strong> <strong>Gateway</strong> manages the redirection to the ASP resource in one of two ways.<br />
• Server-side redirection This is the preferred choice. The <strong>CSP</strong> <strong>Gateway</strong>, having saved the ASP content returned<br />
from <strong>CSP</strong> as a temporary ASP file, simply requests the page through IIS. IIS ensures that that page is processed by<br />
the ASP engine and the content is delivered to the client. The temporary ASP page is then deleted. The advantage of<br />
this approach is that, from the client’s perspective, it appears as if the ASP content is served directly from <strong>CSP</strong>. The<br />
original <strong>CSP</strong> page requested is registered in the browser’s ‘address’ box.<br />
• Client-side redirection In this scenario, the <strong>Gateway</strong> redirects the client to the newly-created ASP resource<br />
by sending an HTTP redirection header to the client. It is necessary to use this option if SSL is used between the client<br />
and web server. The main disadvantage of this method, apart from the extra round-trip to the client, is that the URL<br />
to the temporary ASP page is registered in the browser’s address box. This means that the client must be able to rerequest<br />
the temporary ASP resource (either as a result of users pressing the Refresh button or using the back-button<br />
against a later page). In order to facilitate this requirement, the <strong>Gateway</strong> retains temporary ASP files for 24 hours after<br />
they have been created.<br />
<strong>CSP</strong> <strong>Gateway</strong> <strong>Configuration</strong> <strong>Guide</strong> 47