The WinCC User Administrator does not provide any functions by default that can be used to verify currently logged on users through password querying. WinCC has functions for triggering and executing a logon procedure. However, this means that there is a new logon even if the current user name is used again for the logon. Logon is usually linked to a picture change (calling the Start picture) and the closing of all faceplates.
Often, just before execution of a switching action, there is a demand for checking the user currently logged on by an additional password query. There is not to be a renewed logon. After successful verification of the user the switching action is to be executed and the operator action stored as an operator input message. This prevents unauthorized operator actions, e.g. when the user currently logged on is absent for a brief time without logging off from the system.
The SIMATIC Logon option permits you to verify a user at runtime. This entry describes the procedure for SIMATIC Logon V1.3 and higher. As from this version of SIMATIC Logon the "SIMATIC Logon Development Kit" is available. Information on this is available in:
- the manual "SIMATIC Logon SIMATIC Electronic Signature" - Entry ID: 34519648.
- the manual "SIMATIC Logon Programming Guide" (after installation this manual is available in the directory: "...\SimaticLogon\developmentkit").
Entry ID 24458070 describes the procedure for SIMATIC Logon up to and including V1.22.
With the "ISLSScripting" interface the "SIMATIC Logon Development Kit" permits you to run a user verification at runtime using VBScript. This entry provides a VBScript (function "SL_VerifyUser") that uses the "GetLogon" and "AuthenticateUser" methods of the "SIMATIC Logon Development Kits" to verify a logged on user at runtime.
The following table describes the settings required for proper functioning.
||Open the Windows "Computer Management" (right-click on "MyComputer" and click on "Administrative Tools") and then click on "System" > "Local Users and Groups".|
||Create a new user in a new group if necessary in the "Users" and "Groups" folders and then close "Computer Management".|
||In WinCC, open the "User Administrator" and create the same group (name) and the same user (name) as created in Windows.|
||Assign the user rights and check the"SIMATIC Logon" check box.|
||Open the Global VBS editor, create a new project module and save the script from the file SL_VerifyUser.txt (contained in SL_VerifyUser.zip)|
Copy the bmo file in the "" folder of the WinCC project, compile and save the script.
Call the "SL_VerifyUser" function before the required operator action and check whether the return value is "true" (current user) or "false" (another user or abort in the Login dialog). Trigger the operator action and any operator input after successful user verification. Verifying the user can be done with an onclick event of a button.
If SL_VerifyUser = TRUE Then
- If the user or password is entered incorrectly, the Login dialog reopens.
- The Entry ID 24325381 provides detailed information on generating an operator input message.
SL_VerifyUser.zip ( 3 KB )
The following table describes the structure and function of this script.
||Declaration and initialization|
In the first part of the script constants are defined and the tags used are declared and initialized. In order to access the SIMATIC Logon interface with WinCC VBScript at runtime the COM interface must be initialized with the call "CreateObject".
||Verify the user currently logged on
- Using the "GetLogon" method the data of the user currently logged on is acquired.
- The "AuthenticateUser" method is used to open the Logon dialog.
In this dialog, the user can interactively enter a user name and password. The Logon dialog is initialized so that the "Change password..." button is not operable and the "Comment" input field is not displayed. The system checks the user's inputs. Upon successful identification the method closed the Logon dialog and returns the logon data as a result. If identification is unsuccessful (incorrect user name or incorrect password), the Logon dialog remains open. A brief error text is displayed and the user can enter the user name and password again. If you press the "Cancel" button, the Logon dialog closes. In this case the method returns an error status that indicates that the Logon dialog has been aborted.
The "AuthenticateUser" method does not permit you to preset the "User name" field with the name of the user currently logged on when the Logon dialog opens. For this reason the "AuthenticateUser" method is called again in a loop when the user verification has been completed successfully, but the user verified is not the user currently logged on.
Therefore the title bar of the Logon dialog also displays the name of the user currently logged on. In this way the user is informed that the user currently logged on is being verified.
- A Logon dialog opened with the "AuthenticateUser" method is not automatically closed when there is a simultaneous logoff or new logon on the system. For this reason the second call of the "GetLogon" method ensures that the user verification works properly even when there is a simultaneous logoff or new logon on the system.
- The "HMIRuntime.Trace" statements are purely for the output of diagnostics messages in the Global Script diagnostics window or the "Output Window" of APDIAG.
||Release resources and close the function|
In this part the resources used are released again and the function closed. Upon successful user verification the "SL_VerifyUser" function returns the value TRUE, otherwise the value FALSE.
These instructions have been tested with the following versions.
|Product and version designation|
|PC operating system
||Microsoft Server 2003 SP2|
||SIMATIC Logon 1.4 SP1|
GMP, Pharma, Life Science, Validation, FDA 21 CFR Part 11