User's Manual
47
3.
Initialization of the server object with the Random Session String; the same string previously
communicated to the client; the entry RndSessionString is a variable of the server ActiveX; the
Session("SessionString") stores the previously generated Random Session String.
4.
Call of DecryptPIN method of the server ActiveX for decrypting the response sent by the client and
retrieved by the call to Request.Form("PIN") which returns the corresponding value of the PIN
variable of the HTML form. The User-Id is stored in the PIN variable of the server ActiveX.
5.
Verification of the User-Id read operation; if the result is 0 it means that the client is in possession of a
token properly initialized by the same service.
6.
The previous control has verified the token validity; to verify the user status (user profile) a token-user
connection has been created in the user information file in the local database. The research in the received
User-Id local database enables associating the user with his/her profile and his/her current status. In this
case if the user proves registered in the database he/she can be authenticated, otherwise he/she is
readdressed to the login page.
<%
Dim Name, rsUser, sqlUser
Set rsUser = CreateObject("ADODB.Recordset")
sqlUser = "SELECT * FROM User WHERE User.PIN = '" &
Server.HTMLEncode( Session("user_PIN") ) & "'"
rsUser.Open sqlUser, Application("Users_ConnectionString")
if rsUser.eof Then
Response.Redirect "index.asp"
Response.End
End If
Name = rsUser("Name")
rsUser.Close
Set rsUser= Nothing
Dim WIDS
Set WIDS = Server.CreateObject("WISrv.WebIdSrv")
Session("SessionString") = WIDS.InitRndSessionString(1, Session.SessionID,
"AeCdEfGhIlMnOpQrStUvZ")
WIDS.pin = Session("user_PIN")
WIDS.RndSessionString = Session("SessionString")
WIDS.password = Application("wi_Password")
Dim CryptName
CryptName = WIDS.Crypt( Name )
Set WIDS = Nothing
%>