WebApp Sec mailing list archives
RE: get network user name
From: "Auri Rahimzadeh" <auri () auri net>
Date: Thu, 9 Mar 2006 21:42:57 -0500
Yeah, with ASP.NET it's easy. Of course, if you're using another language you can query the HTTP headers for username, if it's passed (I recall IE passes it, but it *can be spoofed very easily that way*). You want to use Windows authentication and NTLM or similar authentication to guarantee the username (which you can set up in IIS). Best, Auri Rahimzadeh Author, Hacking the PSP www.hackingpsp.com -----Original Message----- From: Josh [mailto:its.josh () verizon net] Sent: Thursday, March 09, 2006 8:01 PM To: John Bond Cc: webappsec () securityfocus com Subject: Re: get network user name What language are you using and what type of server are you running? I've built a few apps that do what you are looking for with .NET and IIS. John Bond wrote:
I am trying to write an intranet program which will get the network/domain login name of a user visiting my site. As this site is going to be an intranet site it can be said their is a high level of trust betwwen the user and the application. The application will need to run with multible browsers and (i hope) be able to query the username from multible OS's. Does anyone have any ideas on the best way to implment this and the possible secutity considerations which should be considered. Thanks for your help ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1 --------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1 -------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1 --------------------------------------------------------------------------
Current thread:
- get network user name John Bond (Mar 09)
- Re: get network user name Josh (Mar 09)
- Re: get network user name Adam Tuliper (Mar 09)
- Re: get network user name Josh (Mar 09)
- RE: get network user name Auri Rahimzadeh (Mar 09)
- Re: get network user name Adam Tuliper (Mar 09)
- <Possible follow-ups>
- Re: get network user name John Bond (Mar 10)
- Re: get network user name Josh (Mar 11)
- Re: get network user name Josh (Mar 09)