About the ActivID AAA Web Authentication API (WAA)

The Web Authentication API (WAA) provides a set of services that make it possible to secure access to websites or parts of a website using calls from Web applications.

The WAA API is distributed with the Web Access Agent within the ActivID AAA Server authentication solution. It is designed for Microsoft Active Server Pages (ASP) and ActiveX Server Pages (ASPX) deployed in a Microsoft Internet Information Server environment.

Refer to the ActivID Web Access Agent installation Guide for information on how to install and configure the Web Access Agent.

Note: WAASKI Connector is an ASP/ActiveX API. It works with ActivID AAA Server version 6.5 and later.

About the Web Access Agent

The Web Access Agent is a RADIUS/TACACS plug-in for an IIS server. The Web Access Agent allows the server to communicate with an AAA Server for Remote Access, thus allowing use of SKI authentication on websites. The Web Access Agent supports both challenge response and synchronous authentication.

This documentation is for experienced developers with a good knowledge of:

  • ASP
  • ActiveX

Components in the Web Access Agent

The Web Access Agent consists of:

  • Web Help Desk - Provides a console help desk through a Web interface.
  • Web Access Agent - This RADIUS/TACACS plug-in allows an IIS server to communicate with an AAA Server, and thus supports both challenge/response and synchronous SKI authentication on websites.
  • The Web Authentication API (WAA) is an ActiveX control that provides Web Access Agent functionality from Microsoft Active Server Pages (ASP and ASP.NET) Web scripts.

Integration of WAA Applications

The integration of the API services is the responsibility of the Application Service Provider programmer. The following rules must be followed:

  • The component is designed to be used in server-side scripts to provide strong authentication using AAA Server. A number of interfaces are available to the Active Server Pages programmer.
  • The ProgID of the component is 'ActivPack.WebAccessAgent'.
  • The component should have application scope and be instantiated in global.asa for ASP or global.asax for ASP.NET.
  • The component supports both apartment-threaded and free-threaded threading models (and includes a free-threaded marshaller).
  • The scripting language used in this section is JavaScript.

Instantiating the WAA Component

It is assumed in the code examples that the component has been instantiated in the following global.asa or global.asaxfunction:

Copy
function Application_OnStart() { 
ActivPackWAA = Server.CreateObject("ActivPack.WebAccessAgent"); 
Application("ActivPackWAA") = ActivPackWAA; 
ActivPackWAA.Initialize();

There are two additional services included for compatibility with Active Server Pages Components:

OnStartPage

OnEndPage

They do not implement any functionality.

Sample Code

Samples for the ASP Environment

The samples provide an example of how to use the WAA API with an ActiveX Server Component. Both samples demonstrate the use of a RADIUS attribute to redirect a user to their home page and to retrieve the authenticated username. Both methods can be configured in global.asa.

The samples demonstrate two different methods for authenticating users:

  • Synchronous authentication
  • Asynchronous challenge/response authentication

In the AAA Server, the ‘Web-Default-Page' attribute is set to the LDAP parameter ‘WWWHomePage’ of the authorization profile.

This parameter is set to the personal home page on the protected website of each user in the group.

When a user is successfully authenticated, the client browser redirects to the home page as defined by the link to the ‘Web-Default-Page' in the HTML form.

If the AAA Server is not configured with an authorization profile that provides the home page name, the samples display the message:

"No 'Web-Default-Page' has been submitted by the Authentication server."

The samples provided are:

Filename Description

global.asa

Initialization parameters

authForm.asp

Synchronous authentication form

authFormAsync.asp

Asynchronous authentication form

checkAuth.asp

Check if the session is still authenticated

killSession.asp

Close the session

logon.asp

Start an authentication process

mainForm.asp

Protected page shows after authentication

Samples for the ASP.NET Environment

Some samples are provided to show an example use of the ActiveX Server Component. The samples use two different methods to authenticate a user:

  • Synchronous authentication
  • Asynchronous challenge/response authentication

Both methods can be configured in global.asax.

The samples demonstrate the use of a RADIUS attribute to redirect a user to their home page and to retrieve the authenticated username.

In the ActivCard AAA Server, the ‘Web-Default-Page' attribute is set to the LDAP parameter ‘WWWHomePage’ of the authorization profile.

For each user in the group, this parameter is set to their personal home page on the protected website.

When a user is successfully authenticated, the client browser redirects to the home page as defined by the link to the ‘Web-Default-Page' in the HTML form.

If the ActivCard AAA Server is not configured with an authorization profile that provides the home page name, the samples display the following message:

"No 'Web-Default-Page' has been submitted by the Authentication server."

The samples provided are:

Filename Description

global.asax

Initialization parameters

authForm.aspx

Synchronous authentication form

authFormAsync.aspx

Asynchronous authentication form

checkAuth.aspx

Check if the session is still authenticated

killSession.aspx

Close the session

logon.aspx

Start an authentication process

mainForm.aspx

Protected page shows after authentication