The WinCC User Administrator does not provide any functions by default that can be used to verify currently logged on users through password querying. WinCC has functions for triggering and executing a logon procedure. However, this means that there is a completely new logon even if the current user name is used again for the logon. Logon is usually linked to a picture change (calling the Start picture) and the closing of all faceplates.
Often, just before execution of a switching action, there is a demand for checking the user currently logged on by an additional password query. There is not to be a renewed logon. After successful verification of the user the switching action is to be executed and the operator action stored as an operator input message. This prevents unauthorized operator actions, e.g. when the user currently logged on is absent for a brief time without logging off from the system.
If you use the SIMATIC Logon option up to version V1.2 SP1, you have the functions of the so-called AUA interface available to access the SIMATIC Logon user administration. This present entry uses the "VerifyUser()" and "GetSignature()" functions of the AUA interface to verify the user currently logged on at runtime.
Note that the AUA interface is no longer supported as from version SIMATIC Logon V1.3. Entry 24458155 shows how to proceed in that case.
The function is declared as follows:
LPCSTR WINAPI VerifyUser (LPCTSTR UserID, LPCSTR Password);
The "UserID" and "Password" parameters are assigned to the function as character strings. The function checks for the password for the "UserID" (user name) transferred. Once the password has been verified the function returns the character string "ok" and in the case of error it returns an error text.
The function is declared as follows:
BOOL (LPCTSTR UserID);
The "UserID" parameter is transferred to the function as a character string. The function opens the "Electronic Signature" dialog and presets the "UserID" field with the "UserID" transferred.
Now the user can enter the relevant password in the "Password" field. Click on the "Sign" button and the function checks the transferred UserID and password. Once the user specified has been verified the dialog closes and the function returns the value "TRUE". If there is an error, the "Electronic Signature" dialog remains open. You can enter the password again. If you press the "Cancel" button, the dialog closes and the function returns the value "FALSE".
This entry provides the script "SimaticLogonVerifyUser()" to execute user verification at runtime. The requirement for the script is the SIMATIC Logon option The following table describes how to use this script and adapt it to your requirements.
||Copy the C function for user verification into the WinCC project|
The following download contains the "simaticlogonverifyuser.fct" file.
WinCC_VerifyUser.zip ( 3 KB )
Copy this file into the "library" directory in your WinCC project directory. Open the "Global Script C" editor and execute the "Tools > Regenerate Header" menu command. Then the "SimaticLogonVerifyUser()" function is available as project function. You must execute this step also in the WinCC project of a client(MultiClient) if there is to be operation with user verification on a client.
The structure of the "SimaticLogonVerifyUser()" function is described below.
BOOL SimaticLogonVerifyUser(char* pszUserID, char* pszPassword);
The function checks whether valid character strings have been transferred in the parameters "pszUserID" and "pszPassword". It transfers the values to the "VerifyUser()" function. If the value "ZERO" has been transferred in the parameter "pszUserID", the user currently logged on is acquired and transferred. Upon successful verification by the "VerifyUser()" function, the function returns the value "TRUE". If the "VerifyUser()" functions detects an error, the "GetSignature()" function is called along with the relevant user. If the user now enters the valid password in the "Electronic Signature" dialog and acknowledges the input with the "Sign" button, the function returns the value "TRUE". If the "Electronic Signature" is aborted, the function returns the value "FALSE".
||Use the C function for user verification|
You can use the "SimaticLogonVerifyUser()" function directly in the process image or in a faceplate. The following figure shows the call of the function by clicking on a button.
Change this example accordingly to meet your requirements. In this example, after the "SimaticLogonVerifyUser()" function has been called successfully, an operator input message is triggered and the relevant WinCC tag for switching on the pump is set.
The "ISALG_OperationLog()" function is simply used here as an example for generating an operator input message. Entry ID 24325381 provides detailed information on generating an operator input message. Note that when generating an operator input message, the system automatically enters the name of the user currently logged on in the "User Name" system block for display in the WinCC Alarm Control. Therefore in this example the value "ZERO" in the "pszUserID" is transferred purposely to the "SimaticLogonVerifyUser()" function, so that there is no difference between the user currently logged on and the user actually verified.