/    Sign up×
Community /Pin to ProfileBookmark

Capturing Windows Logged in User ID

Copy linkTweet thisAlerts:
Aug 24.2004

Hi!

User logs into his desktop and Windows OS authenticates him against Active Directory Server.

Whenever he accesses a web page say a jsp, he should not be thrown a login page for entering his userid or password.

Instead, his userid and/or password need to be captured from his desktop and passed to the web server.

Is this possible in javascript ?
If not, does any one has an idea how this can be achieved ?

Thanks in advance,
-Babu.

to post a comment
JavaScript

10 Comments(s)

Copy linkTweet thisAlerts:
@KorAug 24.2004 — AFAIN, no, it is not possible with javascript. Anyway, it looks a rtaher unsecure method to me.
Copy linkTweet thisAlerts:
@kvbabuauthorAug 24.2004 — Is there any other method of capturing the user id.
Copy linkTweet thisAlerts:
@steelersfan88Aug 24.2004 — Not with JS ... and I'd highly doubt with any Web Programming. Application programming only, as to my knowledge.
Copy linkTweet thisAlerts:
@AdamGundryAug 24.2004 — You almost definitely can't get the password (the security hole there would be unbelievable) and getting the username requires ActiveX scripting support, which should really be disabled for security reasons. If it isn't, you might be able to use this in IE:

var username = new ActiveXObject("WScript.Network").UserName;

Adam
Copy linkTweet thisAlerts:
@steelersfan88Aug 24.2004 — I didn't even see the OP asked for password. I don't think MS would make their OS that insecure ... despite all the security holes.

May I ask why on Earth you'd wnat to get this info?
Copy linkTweet thisAlerts:
@kvbabuauthorAug 25.2004 — Thanks to all for your suggestions.

Hi, steelersfan88

this web site is for intranet users and the client doesn't want his users to enter their userid and password for visiting the web page.

since my pages are jsp s, i need to check how can i introduce ActiveX in the pages, i am new to that.

Thanks again,

-Babu.
Copy linkTweet thisAlerts:
@javaNoobieAug 25.2004 — well the login page is there for security reasons, if the webpage contains sensitive info, i dont think its appropriate to do that as anyone can get it through an unattended workstation.
Copy linkTweet thisAlerts:
@AdamGundryAug 25.2004 — javaNoobie is right - there is something of a security risk here. You could use the code I provided to set a hidden input field with the username, and then submit the form containing it, but there's no way of knowing if it actually is that user or not.

This is nothing to do with JSP - it is client-side JavaScript, and the user needs to set up their web browser to run the ActiveX code. Since it is for an intranet, the security risk there is slightly lessened, but I would still strongly advise against enabling ActiveX without prompting.

Adam
Copy linkTweet thisAlerts:
@kvbabuauthorAug 25.2004 — Thank you javaNoobie for your input.

Client is aware of security holes with this approach but still interested in this solution.

AdamGundry,

I tried your suggestion and it works well when i access the file locally - it prompts an alert and displays the user name. When i host the same html file in web server, there is an alert saying "Automation server can't create object". Can you suggest me what additional things should be done along with the line you have sent me.

In searching a solution for the same, i could get one reason from microsoft.com site, saying we have to install Windows Scripting 5.6 something, which i have done and still getting the same error.

Can you suggest some solution for this.

Thanks in advance,

-Babu.
Copy linkTweet thisAlerts:
@AdamGundryAug 25.2004 — I suspect this is a security issue. Try accessing the security settings in IE by clicking Tools -> Internet Options -> Local intranet -> Custom Level, and experimenting with the "ActiveX controls and plug-ins" section. You may need to add the web server to the trusted sites zone instead, depending on your server setup.

Whatever you do, don't lower the privileges on the Internet zone - the security risks there are high.

Adam
×

Success!

Help @kvbabu spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.10,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...