Integrating code

After installing the SDK and configuring OneSpan Authentication Server accordingly (see Configure OneSpan Authentication Server for SDK integration), you need to configure the website you want to integrate the SDK with.

The required settings specific to ASP.NET are identical to those used by the sample website (see Configure OneSpan Authentication Server for SDK integration.

Once you have OAS Authentication SDK installed with both OneSpan Authentication Server and the integrated website configured, you can start applying the integration code.

Creating a login form

Add the following code snippets to the webpage, which displays the logon form. For the user ID (required):

<input type="text" size="20" maxlength="16" title="User ID" name="CREDFLD_USERID"/>

For the domain (required):

<input type="text" size="20" maxlength="16" title="Domain" name="CREDFLD_DOMAIN"/>

You will also need to add a field for the one-time password (OTP). The following field is required for OTP logins:

<input type="text" size="20" maxlength="20" title="OTP" name="CREDFLD_DP_RESPONSE"/>

The following snippet is for the server PIN, typically used with authenticators without keypad:

<input type="password" size="20" maxlength="8" title="PIN" name="CREDFLD_CURRENT_PIN"/>

The following field is needed if any users will need to log in using a static password:

<input type="password" size="20" maxlength="20" title="Password" name="CREDFLD_STATIC_PASSWORD"/>

Users might need to log in with a static password in the following cases:

• Staged deployment of a Digipass solution
• There is a delay between assignment of an authenticator and the delivery of the authenticator to the user (grace period in use)
• Users must log in using both their password and an OTP

A host code field may also be used to authenticate the website to the user after the login. The host code matches the code generated by the user's authenticator and provides visual confirmation that they have not been directed to the incorrect site. This functionality is not supported by every type of authenticator.

<input type="checkbox" class="bool" title="Request Host Code" name="CREDFLD_REQUEST_HOST_CODE"/>

Creating a code-behind page

Add the following namespace declarations:

using IdentikeyAuthWrapper.vasco.identikey.model;
using IdentikeyAuthWrapper.vasco.identikey.authentication;

Insert the following class declarations:

// Called by the login target page
protected AuthenticationCommandResponse results;
protected AuthCredentials credentials;

// Calls the wrapper
protected AuthenticationCommandResponse executeAuthUser(string domain, string userID, string pin, string dpResponse, string password, bool reqHostCode)
{
    AuthenticationHandler handler = new AuthenticationHandler();
    CredentialsBase.RequestHostCode rhc = reqHostCode ? CredentialsBase.RequestHostCode.Required : CredentialsBase.RequestHostCode.Optional;
    return handler.authUser(domain, userID, pin, dpResponse, password, rhc);
}

Creating a login target page

Add the following code to the page which handles the submitted form data:

<%
// Credentials have been provided, now perform the request
String userID = Request["CREDFLD_USERID"];
String domain = Request["CREDFLD_DOMAIN"];
String pin = Request["CREDFLD_CURRENT_PIN"];
String dpResponse = Request["CREDFLD_DP_RESPONSE"];
String password = Request["CREDFLD_STATIC_PASSWORD"];
Boolean rhc = (Boolean)"on".Equals(Request["CREDFLD_REQUEST_HOST_CODE"]);
// Execute the command
results = executeAuthUser(domain, userID, pin, dpResponse, password, rhc);
if (results.getReturnCode() == 0)
{
  credentials = results.getResults();
  String hostVerificationId = credentials.getHostCode();
%>
// If using the request host code feature, the host verification code should be displayed before continuing.
// Redirect the user to the secure pages
<%
}
else
{
// Redirect to an error page; this should display any errors returned by the authentication server
}
%>