sweetie00
05-30-2004, 01:07 PM
Is there a way to display a user's Windows logon name on a webpage? (For an intranet site.) Any information would be helpful.
Click to See Complete Forum and Search --> : Display Windows Logon Info on Webpage?
Daniel T
05-30-2004, 01:13 PM
Originally posted by sweetie00
Is there a way to display a user's Windows logon name on a webpage?
No, that would be considered confidential information, and therefor could not be obtained from a web server.
Is there a way to display a user's Windows logon name on a webpage?
No, that would be considered confidential information, and therefor could not be obtained from a web server.
ray326
05-30-2004, 05:17 PM
On an intranet running against an IIS server authenticating against an NT domain you could not only display their network login, you could display their password. That's what I call an example of Microsoft's "trusted computing" initiative.
buntine
05-30-2004, 08:44 PM
Its quite easy, actually.
'| ASP example.
Dim strLogon
strLogon = Request.ServerVariables("LOGON_USER")
LOGON_USER is a member of the ServerVariables collection.
Regards,
Andrew Buntine.
'| ASP example.
Dim strLogon
strLogon = Request.ServerVariables("LOGON_USER")
LOGON_USER is a member of the ServerVariables collection.
Regards,
Andrew Buntine.
ray326
05-30-2004, 10:45 PM
But that logon doesn't have to be the user's network logon (ie, Window logon). That requires the site to authenticate against the user's domain.
buntine
05-31-2004, 01:14 AM
That will return the NT logon if i remember correctly. Im not sure how it works in other Operating Systems.
ray326
05-31-2004, 02:16 PM
Originally posted by buntine
That will return the NT logon if i remember correctly. Im not sure how it works in other Operating Systems. Then it's an even better "trusted computing" example.
That will return the NT logon if i remember correctly. Im not sure how it works in other Operating Systems. Then it's an even better "trusted computing" example.
sweetie00
05-31-2004, 03:14 PM
I'll try it out. Thank you very much for your ideas.
PeOfEo
05-31-2004, 03:31 PM
with server variables you can get loads of useful info though, from the client and the server, not confidential information of course but still some need stuff, server ram usage, server uptime, process id, proc usage, other stuff
http://quasi-ke.servebeer.com/default.aspx (server on my home pc, laggy right now, I am only on 128mb of ram till tomorrow) has some good stuff on it.
http://quasi-ke.servebeer.com/default.aspx (server on my home pc, laggy right now, I am only on 128mb of ram till tomorrow) has some good stuff on it.
eakucera00
10-23-2006, 03:29 PM
and what reason would this not work.? it's just blank. nothing. appears. no errors.
<%=Request.ServerVariables("LOGON_USER")%>
BTW. local intranet on windows XP Pro.
<%=Request.ServerVariables("LOGON_USER")%>
BTW. local intranet on windows XP Pro.
Daniel T
10-23-2006, 04:53 PM
http://tnd.servebeer.com/pics/forum/threadres.jpg
eakucera00
10-24-2006, 11:03 AM
LOL that was funny. I figured it out. The directory permissions and anonymous users crap, but it then forces authentication across every file. so I figured out how to query LDAP and authenticate from there. then i can pick and choose the pages that will require user name and password.. thanks. I'll post the script if anyone cares..
awk_U
10-25-2006, 01:27 PM
Please post the complete script as I am a novice and need this ability on my intranet.
eakucera00
10-25-2006, 01:47 PM
It's not pretty, but it works!
I'm very much a novice myself, (only 6 months) so pardon the code could be simplified a bit... If anyone cares to clean this up a bit I wouldn't mind. Good Luck.
this is index.asp
<!-- ================================================== -->
<!-- ========= BEGINNING OF AUTHENTICATION SCRIPT ========== -->
<!-- ================================================== -->
<!-- ======= PLACE BEFORE ANY HTML TAGS ON EACH PAGE ====== -->
<!-- ================================================== -->
<%
UserName = Session("tts_user_name")
UserName = "YOURDOMAIN\" & UserName
Password = Session("tts_user_pass")
Domain = Session("Domain")
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set aConn = server.CreateObject("ADODB.Connection")
aConn.Provider = "ADsDSOOBJECT"
aConn.Properties("User ID") = UserName
aConn.Properties("Password") = Password
aConn.Properties("Encrypt Password") = true
aConn.open "DS Query", UserName, Password
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = aConn
cmd.CommandText = strQuery
on error resume next
set aRS = cmd.Execute
IF aRS.EOF THEN
UserName = Request.Form("tts_user_name")
UserName = "YOURDOMAIN\" & UserName
Password = Request.form("tts_user_pass")
Domain = Request.Form("Domain")
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set bConn = server.CreateObject("ADODB.Connection")
bConn.Provider = "ADsDSOOBJECT"
bConn.Properties("User ID") = UserName
bConn.Properties("Password") = Password
bConn.Properties("Encrypt Password") = true
bConn.open "DS Query", UserName, Password
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = bConn
cmd.CommandText = strQuery
on error resume next
set bRS = cmd.Execute
%>
<% IF bRS.EOF THEN %>
<%
IF request.form("UserName") > "" THEN
user_form = "authenticate.asp?redirect=index.asp&error=User Name and/or Password Failure"
ELSE
user_form = "authenticate.asp?redirect=index.asp"
END IF
%>
<% Response.Redirect(user_form) %>
<% ELSE %>
<b><font face="Verdana" size="4">Processing...</font></b>
<%
email = request.form("tts_user_name")
set dbConn=Server.CreateObject("ADODB.connection")
dbConn.Open "DRIVER={SQL Server};SERVER=sqlserver;DATABASE=tablename;tablename=;UID=sa"
sqlx="SELECT * FROM arctechs WHERE email = '"& email &"' "
set rsx=dbConn.Execute(sqlx)
%>
<% Session("tts_user_name") = Request.Form("tts_user_name") %>
<% Session("tts_user_pass") = Password %>
<% Session("Domain") = Domain %>
<% Session("tts_display_name") = rsx("techname")%>
<% Session("tts_groups") = rsx("ticket_groups") %>
<% Session("tts_techno") = rsx("techno") %>
<meta http-equiv="refresh" content="0">
<% END IF %>
<% ELSE %>
<!-- =================================================== -->
<!-- =============== END OF AUTHENTICATION SCRIPT ========== -->
<!-- =================================================== -->
your page content etc....
<!-- ================================================== -->
<!-- === PLACE THIS AT THE END OF THE HTML CODE ============= -->
<% END IF %>
<!-- ================================================== -->
this is the code of the authenticate.asp, very simple.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Trouble Ticket Login</title>
</head>
<body>
<%
action=request("action")
If Len(action) = "0" Then
%>
<%
redirect = request("redirect")
redirect = replace(redirect,"-","&")
%>
<form method="POST" action="<% = redirect %>">
<div align="center">
<table border="0" width="717" style="border-collapse: collapse">
<tr>
<td width="717" align="center" colspan="2">
<p align="center"><b><font face="Arial" size="4">
<img border="0" src="../Ticket/tt_system_logo.gif" width="380" height="263"><br>
</font></b><font face="Arial" size="4">Administration Login</font></td>
</tr>
<tr>
<td width="717" align="center" colspan="2">
<b><font color="#FF0000" face="Arial" size="4">
<% = request("error") %></font></b> </td>
</tr>
<tr>
<td width="325" align="right">
<p><font face="Arial"><b><font size="2">User Name: </font></b></font></td>
<td width="388" align="left">
<font face="Arial">
<input name="tts_user_name" size="20" ></font></td>
</tr>
<tr>
<td width="325" align="right">
<p><font face="Arial"><b><font size="2">Password: </font></b></font></td>
<td width="388" align="left">
<font face="Arial">
<input type="password" name="tts_user_pass" size="20">
<input type="hidden" name="Domain" value="BENDCABLE">
</font></td>
</tr>
<tr>
<td width="717" align="center" colspan="2"> </td>
</tr>
<tr>
<td width="997" align="center" colspan="2"><input type="submit" value="Login" name="B1"></td>
</tr>
</table>
</div>
</form>
<% Else If action="logout" Then %>
<%
session.abandon
response.redirect "authenticate.asp?redirect=index.asp&error=You have been logged out."
%>
<% END IF %>
<% END IF %>
</body>
</html>
I'm very much a novice myself, (only 6 months) so pardon the code could be simplified a bit... If anyone cares to clean this up a bit I wouldn't mind. Good Luck.
this is index.asp
<!-- ================================================== -->
<!-- ========= BEGINNING OF AUTHENTICATION SCRIPT ========== -->
<!-- ================================================== -->
<!-- ======= PLACE BEFORE ANY HTML TAGS ON EACH PAGE ====== -->
<!-- ================================================== -->
<%
UserName = Session("tts_user_name")
UserName = "YOURDOMAIN\" & UserName
Password = Session("tts_user_pass")
Domain = Session("Domain")
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set aConn = server.CreateObject("ADODB.Connection")
aConn.Provider = "ADsDSOOBJECT"
aConn.Properties("User ID") = UserName
aConn.Properties("Password") = Password
aConn.Properties("Encrypt Password") = true
aConn.open "DS Query", UserName, Password
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = aConn
cmd.CommandText = strQuery
on error resume next
set aRS = cmd.Execute
IF aRS.EOF THEN
UserName = Request.Form("tts_user_name")
UserName = "YOURDOMAIN\" & UserName
Password = Request.form("tts_user_pass")
Domain = Request.Form("Domain")
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE objectClass='*' "
set bConn = server.CreateObject("ADODB.Connection")
bConn.Provider = "ADsDSOOBJECT"
bConn.Properties("User ID") = UserName
bConn.Properties("Password") = Password
bConn.Properties("Encrypt Password") = true
bConn.open "DS Query", UserName, Password
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = bConn
cmd.CommandText = strQuery
on error resume next
set bRS = cmd.Execute
%>
<% IF bRS.EOF THEN %>
<%
IF request.form("UserName") > "" THEN
user_form = "authenticate.asp?redirect=index.asp&error=User Name and/or Password Failure"
ELSE
user_form = "authenticate.asp?redirect=index.asp"
END IF
%>
<% Response.Redirect(user_form) %>
<% ELSE %>
<b><font face="Verdana" size="4">Processing...</font></b>
<%
email = request.form("tts_user_name")
set dbConn=Server.CreateObject("ADODB.connection")
dbConn.Open "DRIVER={SQL Server};SERVER=sqlserver;DATABASE=tablename;tablename=;UID=sa"
sqlx="SELECT * FROM arctechs WHERE email = '"& email &"' "
set rsx=dbConn.Execute(sqlx)
%>
<% Session("tts_user_name") = Request.Form("tts_user_name") %>
<% Session("tts_user_pass") = Password %>
<% Session("Domain") = Domain %>
<% Session("tts_display_name") = rsx("techname")%>
<% Session("tts_groups") = rsx("ticket_groups") %>
<% Session("tts_techno") = rsx("techno") %>
<meta http-equiv="refresh" content="0">
<% END IF %>
<% ELSE %>
<!-- =================================================== -->
<!-- =============== END OF AUTHENTICATION SCRIPT ========== -->
<!-- =================================================== -->
your page content etc....
<!-- ================================================== -->
<!-- === PLACE THIS AT THE END OF THE HTML CODE ============= -->
<% END IF %>
<!-- ================================================== -->
this is the code of the authenticate.asp, very simple.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Trouble Ticket Login</title>
</head>
<body>
<%
action=request("action")
If Len(action) = "0" Then
%>
<%
redirect = request("redirect")
redirect = replace(redirect,"-","&")
%>
<form method="POST" action="<% = redirect %>">
<div align="center">
<table border="0" width="717" style="border-collapse: collapse">
<tr>
<td width="717" align="center" colspan="2">
<p align="center"><b><font face="Arial" size="4">
<img border="0" src="../Ticket/tt_system_logo.gif" width="380" height="263"><br>
</font></b><font face="Arial" size="4">Administration Login</font></td>
</tr>
<tr>
<td width="717" align="center" colspan="2">
<b><font color="#FF0000" face="Arial" size="4">
<% = request("error") %></font></b> </td>
</tr>
<tr>
<td width="325" align="right">
<p><font face="Arial"><b><font size="2">User Name: </font></b></font></td>
<td width="388" align="left">
<font face="Arial">
<input name="tts_user_name" size="20" ></font></td>
</tr>
<tr>
<td width="325" align="right">
<p><font face="Arial"><b><font size="2">Password: </font></b></font></td>
<td width="388" align="left">
<font face="Arial">
<input type="password" name="tts_user_pass" size="20">
<input type="hidden" name="Domain" value="BENDCABLE">
</font></td>
</tr>
<tr>
<td width="717" align="center" colspan="2"> </td>
</tr>
<tr>
<td width="997" align="center" colspan="2"><input type="submit" value="Login" name="B1"></td>
</tr>
</table>
</div>
</form>
<% Else If action="logout" Then %>
<%
session.abandon
response.redirect "authenticate.asp?redirect=index.asp&error=You have been logged out."
%>
<% END IF %>
<% END IF %>
</body>
</html>
awk_U
10-25-2006, 02:50 PM
Thank you for posting your code but that is not what I was looking for. I should of read your post entirely. Instead I read the first couple posts and assumed that is what you were refering to. I was looking for a way to display %username% or the domain account name on a webpage without them having to authenticate first to IIS. It doesnt matter how the information is recieved, ex: Active directory or local system variables. My goal is to deter students on a school network by displaying there login name on a block page. I do not need to record/log the information...it is basically a psychology tactic for the students and a chance for teachers to catch them in the act of accessing restricted content. If anyone can point me in the right direction I would appreciate it.
pcthug
10-25-2006, 06:11 PM
Ok, this is getting very ASP intensive. So I'm gonna move this thread over to the ASP forum.
russell
10-25-2006, 09:31 PM
On an intranet running against an IIS server authenticating against an NT domain you could not only display their network login, you could display their password. That's what I call an example of Microsoft's "trusted computing" initiative.
fixed a few years ago. yes, that was a serious flaw in my opinion, but in an intranet not a huge deal. in any event, anyone not keeping up with hot fixes and updates is begging for trouble anyway. iis 6 doesnt have that flaw.
fixed a few years ago. yes, that was a serious flaw in my opinion, but in an intranet not a huge deal. in any event, anyone not keeping up with hot fixes and updates is begging for trouble anyway. iis 6 doesnt have that flaw.
webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.