User's Manual

30

5.5.1 Example – cryptography from server to client

The following example illustrated the essential steps to take for integrating the WebIdentity cryptography into a web-

based application with ASP; the following example shows the passage of an encrypted data from the server to the client;

only the parts that are strictly necessary for describing the operation are reported hereunder; a complete example is

provided at section Errore. L'origine riferimento non è stata trovata..

•

From the server side (ASP-VBScript code on server side) just a call to the Crypt method is necessary for

encrypting the data in order to send it to the client.

1.

Initialization of WebIdentity server object with the User-Id transmitted during authentication by the client

inside the ASP page; the Application("wi_Password") entry is an application variable

maintained by ASP, where the Server Secret value has been previously stored.

4.

Call of the Crypt method of the server ActiveX for encrypting the data to send to the client

(ConfidentialData). The encrypted value is stored n the vbscript variable

CryptConfidentialData to be transmitted to the client.

•

From the client side (Javascript code on the client side ) just a call to the Decrypt method is necessary for

decrypting the data sent by the server.

Session("SessionString") entry is interpreted by the sever side and then replaced with a Random Session

String.

2.

Inizializzazione of the client object with the Label for identifying the token; the Label entry is a client

ActiveX variable inside the HTML document; the entry Application("wi_Label") is interpreted

by the server side and the replaced with the label chosen for the service.

3.

Call of the Decrypt method of the server ActiveX for decrypting the data sent by the server

(ConfidentialData). In this case the decrypted value is displayed with a call to the Javascript Write

function inside the HTML page.

Table 5.5 – Association of software functions / methods for cryptography.