WebApp Sec mailing list archives

RE: Browser login with Windows domain login

From: <stevenr () mastek com>
Date: Thu, 8 Apr 2004 20:50:42 +0530

 
Hi all

Thanks for all the pointers guys/gals. I will follow them up. One
clarification though, the web server is not IIS alone, its Apache from
Oracle 9i App server. There is an existing IIS-based application
existing, but that's not within my scope. So basically the web
application would reside on Apache 1.3.

Regards
Steve

-----Original Message-----
From: Steven Rebello 
Sent: Thursday, April 08, 2004 6:52 PM
To: webappsec () securityfocus com
Subject: Browser login with Windows domain login

Hi

I needed some pointers/links/tips from you folks on a problem. 

I have a web-based application. Is it possible to sign in a user into
the browser based application transparently based on the windows NT
domain login. By this I mean that when the user opens the browser and
types in the URL, the client machine should automatically send the user
credentials to the application. FYI, the windows domain login is
authenticated against Microsoft Active Directory.

If this is possible, can anyone point me to some sites/tutorials? I have
googled but have not come up with anything useful, hence this mail.

Are there any known vulnerabilites with this kind of approach for web
based logins?

Any help would be appreciated.

Thanks
Steve


MASTEK
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCO

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not
that of Mastek Limited, unless specifically indicated to that effect.
Mastek Limited does not accept any responsibility or liability for it.
This e-mail and attachments (if any) transmitted with it are
confidential and/or privileged and solely for the use of the intended
person or entity to which it is addressed. Any review, re-transmission,
dissemination or other use of or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. This e-mail and its attachments have been
scanned for the presence of computer viruses. It is the responsibility
of the recipient to run the virus check on e-mails and attachments
before opening them. If you have received this e-mail in error, kindly
delete this e-mail from all computers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Current thread:

Browser login with Windows domain login stevenr (Apr 08)
- <Possible follow-ups>
- RE: Browser login with Windows domain login Michael Howard (Apr 08)
- RE: Browser login with Windows domain login Simon Cunningham (Apr 08)
- Re: Browser login with Windows domain login m . delibero (Apr 08)
- RE: Browser login with Windows domain login Stegman, William (Apr 08)
- RE: Browser login with Windows domain login stevenr (Apr 08)
- RE: Browser login with Windows domain login Scovetta, Michael V (Apr 08)
- RE: Browser login with Windows domain login Vincent . Kwok (Apr 08)
- RE: Browser login with Windows domain login Tom Martin (Apr 08)
- RE: Browser login with Windows domain login David Carroll (Apr 08)
- RE: Browser login with Windows domain login David Carroll (Apr 08)