Manualshelf

User's Manual

ManualsBrandsEUTRONSEC ManualsElectronicsUSB Webidentity
41424344454647484950
43
7 Examples
The following examples introduce code pieces for WebIdentity integration, for authentication and for encryption in a
web-based application. The examples are written in VBScripts for ASP on the server side and in Javascipt and HTML
on the client side; for use it is necessary to have IIS and the properly-configured Access driver on the server side whilst
for the client side it is necessary to have Microsoft Internet Explorer.
In the following examples some values stored in the session variables and in the application variables are used:
Session("SessionString")
Value of Random Session String that is initialized where requested inside the
ASP pages:
Session("SessionString") =
WIDS.InitRndSessionString ( true,
Session.SessionID,
"FREE-STRING" )
Session("user_PIN")
Value of User-Id stored in the authentication phase for use inside the http session.
Application("wi_Label")
Variable declared in global.asa and initialized by taking the value from the
database. It is used for identifying the token, which is service-related and
therefore unique for the whole application.
Application("wi_Password")
It is Server Secret, used for security management; this variable is declared in
global.asa , the value of which is taken from the database.
For storing the information an Access database is used with a User table containing the user's personal data (PIN,
Name, ...)
7.1 Authentication
This example clarifies the ASP pages that are necessary for using WebIdentity for authentication purposes.
The authentication process follows the challenge/response sequence introduced in section 5.4 and is implemented with
the aid of two ASP pages:
The former page is used as a response to the client authentication request and is useful for generating the challenge
on the server side and a form necessary for the authentication request by the user, for using the token for response
generation and for sending the response to the server.
The latter page is used for effectively controlling the authentication by interpreting the response sent by the client
by verifying the User-Id validity.
The next page generates one form and the challenge that is necessary to the user for fulfilling recognition. First thing it
generates the challenge univocally with the aid of the server ActiveX and then it created the form to send to the client,
containing the challenge and the scripts that are necessary for querying the token for response generation.
The index.asp page is implemented in HTML with Javascripts for execution on the client side and VBScripts for
execution of the server side.