User's Manual

The following page manages the necessary operations for user verification and authentication; first thing it verifies the

validity of the response sent by the client and extracts the User-Id; then it control the presence of the User-Id inside the

local database for reading the profile of the token-related user. The connection between the user profile and the token is

carried out with the User-Id returned by the client and the User-Id stored in the database. If the user turns out to be valid

the control is entrusted with the actual home page of the service; otherwise the previous authentication page is re-

proposed.

The ASP (login.asp) page is written in VBScript with the aid of ADO for interfacing with the Access database.

Creation of the Server WebIdentity ActiveX object that is necessary for response verification and

interpretation.

Initialization of the server object with the Server Secret; the Password entry is a server ActiveX variable

inside the ASP page; the Application("wi_Password") entry is an application variable

maintained by ASP, where the Server Secret value has been previously stored.

Dim WIDS

Set WIDS = Server.CreateObject("WISrv.WebIdSrv")

WIDS.Password = Application("wi_Password")

WIDS.RndSessionString = Session("SessionString")

WIDS.DecryptPIN( Request.Form("PIN") )

If WIDS.GetLastError() <> 0 Then

Response.Redirect "index.asp"

Response.End

End If

Dim rsUser, sqlUser, fOk

Set rsUser = CreateObject("ADODB.Recordset")

sqlUser = "SELECT * FROM User WHERE User.PIN = '" &

Server.HTMLEncode(WIDS.pin) & "'"

rsUser.Open sqlUser, Application("Users_ConnectionString")

if Not rsUser.eof Then

Session("user_PIN") = WIDS.pin

fOk = 1

Else

fOk = 0

End if

rsUser.Close

Set rsUser= Nothing

Set WIDS = Nothing

If fOk=1 Then

Server.Transfer "main.asp"

Else

Response.Redirect "index.asp"

End If

1

2

3

4

5

6