User's Manual
26
1.
Client-side JavaScript function used for the generation and forwarding of the response that is called for by
the login page following an authentication attempt. The function must be called for by the web page
following an event that occurred by pressing the website enter key, for instance.
2.
Initialization of the client object with the Random Session String generated and sent by the server; the
entry RndSessionString is a variable of the client ActiveX inside the HTML document; the
Session("SessionString") entry is interpreted by the sever side and then replaced with a
“Random Session String” string.
3.
Initialization of the client object with the token identification Label; the Label entry is a client ActiveX
variable inside the HTML document; the entry Aplication("wi_Label")is interpreted by the
server side and then replaced with the label chosen for the service.
4.
Call of ReadPin method by the client ActiveX inside the HTML document for the generation of the
response (response + masked User-Id) to be sent to the server; the response value is assigned to the PIN
variable contained in the WebIdData Form inside the HTML document.
5.
Explicit call to the submit of the WebIdData form for actual forwarding via a GET or a POST of the PIN
variable containing the response.
•
After the server has received the response from the client it must verify its authenticity. The following server-side
ASP-VBScript code describes the verification part of the response authenticity.
1.
Initialization of the server object with the Server Secret; the Password entry is a server ActiveX
variable inside the ASP page; the Application("wi_Password") entry is an application variable
maintained by ASP, where the Server Secret value has been previously stored.
2.
Initialization of the server object with the Random Session String generated at the start of transaction; the
RndSessionString entry is a variable of the server ActiveX inside the ASP page; the
Session("SessionString") entry is a session variable maintained by ASP and used for storing the
Random Session String.
WIDSrv.Password = Application("wi_Password")
WIDSrv.RndSessionString = Session("SessionString")
WIDSrv.DecryptPIN( Request.Form("PIN") )
If WIDSrv.GetLastError() <> 0 then
Response.Redirect "index.asp"
endif
function SendPIN()
{
document.WIDrvCli.RndSessionString =
"<%= Session("SessionString") %>"
document.WIDrvCli.Label = "<%= Application("wi_Label") %>"
document.WebIdData.PIN.value = document.WIDrvCli.ReadPin();
// Send PIN to server
document.WebIdData.submit();
}
1
2
3
4
5
1
2
3
4