Re: get network user name

[Josh <its.josh () verizon net>]

Give this a try to get Firefox to authenticate automatically. (I cant 
confirm if it works, havent tried it myself)
http://blogs.wdevs.com/shog9/archive/2005/03/09/2668.aspx
You can see my previous email for info on setting up IIS so you can use 
.NET for gathering the user name.
No client-side apps are required, all authentication is handled by the 
browser.

John Bond wrote:
> First of all Thank you for all your responses.  Let me expand on wht
> the situation is.
> The server can be either windows or *nix
> The webserver can be apache2 or IIS
> The client will be either windows or *nix.
> the browser can be anything but i could limit this to firefox and MSIE
> if needed but firefox is a must
> the languaged used can be preety much anything par assembly. if needed
> seperate extentios for MSIE and firefox could be writen.
> The whols process should be seemless from the users point of view.
>
> All the users will be logged into a win 2003 Active directory domain. 
> it is this login name which i require (possibly their password or a
> kerbose ticket if possible).
>
> What i need is the loged in users usersname.  This will be used to
> query the active directory to find out infomation about a the user. 
> If i am unable to bind to the ldap as the user i could bind as a
> generic use that had read writes.  However this would mean having a
> script containig a username/password that had read rights to the
> entire AD.  This means that the web server has to trust any infomation
> it gets, as i said this is an intranet site so some restraint can be
> taken, but not much and im sure some would say it shouldnt make a
> difference.
>
> **Nemesis Knight said
>   
> > If this is an Intranet site running IIS on a Windows Server...the information is already
> > contained in the IIS Event Logs.
> >     
> The logs can only get the username from basic auth (i think) I would
> like their domain login username
>
> **Josh said
>   
> > I've built a few apps that do what you are looking for with .NET and IIS.
> >     
> This would certanly be usefull.  Would the solution requier any .NET
> support on the client side? as this may not be possible du to the use
> of *nix systems.
>
> **Fears, Erik said
>   
> > Use NTLM authentication (SSIP) if everyone is part of an NT domain.
> >     
> This looks like a good idea.  My understanding is i can implment in
> php (with cURL), i imagine aspx and posibly perl.  It is also
> supported by firefox and MSIE is that correct?  is their support for
> other browser specificly opera and Konqueror?
>
> **Adam Tuliper said
>   
> > One thing to note is unless authentication is enabled on the webserver you
> > won't get this information.
> >     
> Could you please expand on this it seems that NTLM can be done with a
> php solution using the cURL library.
>
> **Adam Tuliper said
>   
> > I believe IE will first send the current logged on user named when prompted by the
> > webserver
> >     
> When you say prompt are you refering to a webserver prompting a client
> or a physicle user seesing a prompt
>
> **Adam Tuliper said
>   
> > If you arent going to actually use the information for any actual authentication you would > need to write an isapi filter 
> > (iis assuming) etc. to prompt the client, and discard the result > and then allow access.
> >     
> I hope to use this infomation to bind to AD as the user and retrive a
> couple of attributes.  However writing an ISAPI filter (or an apache
> mod) is doable and propably preferable to designing a tool bar.
>
> **Josh said
>   
> > The only other browser I've tested was Firefox which requires the
> >     
> user to manually log in.
> Ohh... this could be a show stopper.  is there another solution or
> could firefox be given support via an extention.
>
> Any way thankyou all for your comments.  Please keep them coming.
>  Idealy i want a solution   that could be rolled out to as many
> combanations of the following as possible.
> server os: any
> browser: any
> web server: IIS, Apache
> server side language:asp/aspx, php, cgi
> idealy there sould be nothing for the client to install on their side
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Watchfire's AppScan is the industry's first and leading web application 
> security testing suite, and the only solution to provide comprehensive 
> remediation tasks at every level of the application. See for yourself. 
> Download AppScan 6.0 today.
>
> https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1
> --------------------------------------------------------------------------
>
>
>
>   



-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1
--------------------------------------------------------------------------