1

From what I've seen on SO and elsewhere, IIS can run server-side Javascript code using it's JScript engine. In fact, in Classic ASP, it appears fairly easy to get this to work, as VBScript can call these functions directly. However, in .NET, I'm not sure how to procede.

I'm converting a web application written in Classic ASP into .NET. The application uses a javascript function to hash the users password. The result is queried against hashes stored in the database.

I'd like to continue to call this javascript function from my codebehind, so that the resulting hashes will continue to match.

Much of what i've seen online involves calling javascript using the RegisterStartupScript function, which won't work in this case, since I want the javascript to run on the server and I want to acquire the result of the javascript before I post back. Is this possible?

Improve this question
1
  • 1
    I suppose you could do something fancy with JScript.NET (en.wikipedia.org/wiki/JScript_.NET), but the better solution is probably to just covert it to C#. The syntax is close enough (especially with C# 2.0+) that it should be pretty easy. If it's really complex, you could even try the JLCA: microsoft.com/downloads/en/… Commented Feb 1, 2011 at 16:29

4 Answers 4

Reset to default
2

Yes and no.

You can call a javascript method through the ASP.NET backend by but the only way your going to get the result is to post it back through AJAX

so you can start a call and then wait around until the result comes back and handle the result.

This may or may not be what you want.

To answer your question directly, rewrite the hashing function in C# codebehind and call it there. Don't just port legacy code, improve it.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yeah, I was afraid of that, as rewriting it correctly will probably change the hashes that are produced for each password.
@Slider345 Treat the function as a black box. Find out how it maps the password to a hash and copy that implementation. Shouldn't be too hard.
1

Here's a way to wrap the server side JScript function using a simple local "web service" call.

Add a JScript or ASP script that references the hashing function:

File: DoHash.asp

<!-- #include file="passwordHasher.js" -->
<%
Dim password
password = Request.Form("password")
Response.Write HashPassword(password)

%>

In your ASP.NET application add this method (and class if necessary somewhere relevant:

public class HashWrapper
{
    public static string HashPasswordFromJScript(string password)
    {
      string url = "https://mysite.com/DoHash.asp";

      string fields = "password=" + password;
      HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
      request.ContentType = "application/x-www-form-urlencoded";
      request.Method = "POST";

      using(Stream rs = request.GetRequestStream())
      {
        using (MemoryStream ms = new MemoryStream())
        {
          using(BinaryWriter bw = new BinaryWriter(ms))
          {
            bw.Write(Encoding.UTF8.GetBytes(fields));
            ms.WriteTo(rs);
            ms.Flush();
          }
        }
      }

      using(HttpWebResponse response = (HttpWebResponse)request.GetResponse())
      {
        if(response.StatusCode == HttpStatusCode.OK)
        {
          using(Stream rs = response.GetResponseStream())
          {
            using (StreamReader rr = new StreamReader(rs))
            {
              StringBuilder sb = new StringBuilder();
              int bufferSize = 1024;
              char[] read = new Char[bufferSize];
              int count = rr.Read(read, 0, bufferSize);

              while (count > 0)
              {
                sb.Append(read, 0, count);
                count = rr.Read(read, 0, bufferSize);
              }
              return sb.ToString();
            }
          }
        }
        return null;
      }
    }
}

In the part of the application you need to hash a password just call:

string hashedPassword = HashWrapper.HashPasswordFromJScript(password);

It's not pretty but it'd get you by. I'm also presuming your site can encrypt traffic using SSL.

Improve this answer

1 Comment

That could work! Not pretty as you say, but it seems to be the only solution, short of rewriting the script.
1

The best thing to do would be to not be afraid of the hash function. If you can figure out the algorithm and reimplement it in C#. Come up with some test cases to check you get the same results through both. It'll save you a lot of effort in the end.

Because classic ASP parses pages on a page-by-page basis, you can pick and choose what language you wrote your pages in. You could use any activescript language (perl was available that way at one point!)

In a .Net web app, the whole app needs to be in one language. So to use Jscript.Net, you'd need a separate project for your function. The project could compile to an assembly that you import into your web app, or it could be another web app and you communicate between the 2 via requests or web services. Either way, it's a lot of work.

Simon

Improve this answer

Comments

-2

Try to use JavaScript handle client-side behaviors and let VB/C# handle the server side calls.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.