User's Manual
50
1.
The Name datum to pass to the client is retrieved from the local database User table; the User-Id is used
that was retrieved and stored in the Session("user_PIN") session variable during authentication for
retrieving the user profile.
2.
Creation of the ActiveX WebIdentity Server object necessary for encrypting the data to send.
3.
Generation of the Random Session String dependent on time (with “true” as first parameter, the time value
is used as one of the components for the generation of the Random Session String), on the session id
(Session.SessionID being the variable provided by ASP for identifying the session) as second parameter
and on an option string as third parameter. The Random Session String is also stored in the session
variable Session ("SessionString") for being used for decrypting the information sent by the
client.
4.
Initialization of WebIdentity server object with the User-Id transmitted during authentication by the
client and stored in the session variable Session("user_PIN"); the entry Pin is an ActiveX server
variable.
5.
Initialization of the server object with the Random Session String; the entry RndSessionString is a variable
of the server ActiveX; the Session("SessionString") entry stores the previously generated
Random Session String.
6.
Initialization of the server object with the Server Secret; the Password entry is a server ActiveX variable
inside the ASP page; the Application("wi_Password") entry is an application variable
maintained by ASP, where the Server Secret value has been previously stored.
7.
Call of the Crypt method of the server ActiveX for encrypting the data to send to the client (Name). The
encrypted value is stored in the vbscript variable CryptName to be transmitted to the client.
8.
Request of the ActiveX WebIdentity Client object; the OBJECT tag enables inserting in the HTML
document the ActiveX univocally identified by means of the class id, which for the ActiveX client is
878A0D61-48D2-11D3-A75D-00A0245382DE. The ID attribute identifies the object univocally
inside the document by means of a label, thus enabling interaction. The CODEBASE attribute is necessary
in case ActiveX is not present on the client. Such an attribute specifies the location (URL) from which the
control is downloaded automatically. In addition to the URL it is possible to enter the control version (
#version= ) so that it can be downloaded, if more recent than the installed version. The EMBED tag
enables inserting in the HTML document the client WebIdentity Plug-In univocally identified with the
TYPE application/x-wicli-plugin tag.
9.
OnLoad_Populate function used in the form generation phase for initializing the content fields sent by
the server in encrypted format; the function sees to decrypting the data sent by the server and to setting the
Name field with the corresponding value.
10.
Initialization of the WebIdentity client object with the Random Session String generated and forwarded by
the server; the entry RndSessionString is a variable of the client ActiveX inside the HTML document; the
Session("SessionString") entry is interpreted by the sever side and then replaced with a Random
Session String.
11.
Initialization of the client object with the token identification Label; the Label entry is a client ActiveX
variable inside the HTML document; the entry Aplication("wi_Label")is interpreted by the server
side and then replaced with the label chosen for the service.
12.
Call of the Decrypt method of the client ActiveX for decrypting the data sent by the server (Name).
13.
Setting of variable in the form with the user name in plain text.
14.
OnSubmit function used during modification of the name value for transmission to the server.
15.
Initialization of the client object with the Random Session String generated and sent by the server; the
entry RndSessionString is a variable of the client ActiveX inside the HTML document; the
Session("SessionString") entry is interpreted by the sever side and then replaced with the
“Random Session String” string.