Is it possible to display the logged in user that is accessing the
form, in a textbox?
so say I have txtname I want to display the username of the person
that is logged in to the PC in that box, can I do this?
How would this be done?
On Mon, 05 Nov 2007 17:59:40 +0100,
> Is it possible to display the logged in user that is accessing the
> form, in a textbox?
If you control the 'being logged in to the website' with PHP or with Basic
HTTP authentication, then yes.
> so say I have txtname I want to display the username of the person
> that is logged in to the PC in that box, can I do this?
> How would this be done?
Hardly on the www. You should not want to know my username. On intranets,
you could use some ActiveX, nothing to do with PHP/not something PHP can
do though.
--
Rik Wasmus
On Nov 5, 12:03 pm, "Rik Wasmus"
> On Mon, 05 Nov 2007 17:59:40 +0100,
> > Is it possible to display the logged in user that is accessing the
> > form, in a textbox?
>
> If you control the 'being logged in to the website' with PHP or with Basic
> HTTP authentication, then yes.
>
> > so say I have txtname I want to display the username of the person
> > that is logged in to the PC in that box, can I do this?
> > How would this be done?
>
> Hardly on the www. You should not want to know my username. On intranets,
> you could use some ActiveX, nothing to do with PHP/not something PHP can
> do though.
> --
> Rik Wasmus
OK thanks. Yes this would be on an intranet. I'll do that, look up
some activex controls.
paul814@excite.com wrote:
>Is it possible to display the logged in user that is accessing the
>form, in a textbox?
>
>so say I have txtname I want to display the username of the person
>that is logged in to the PC in that box, can I do this?
Computers that run web browsers do not necessarily have the concept of
"logging in". Windows 98 and Windows CE are two of the most common
examples of systems that don't.
--
Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc.
Rik Wasmus pisze:
> On Mon, 05 Nov 2007 17:59:40 +0100,
>
> Hardly on the www. You should not want to know my username. On
> intranets, you could use some ActiveX, nothing to do with PHP/not
> something PHP can do though.
oh please.
of coure you can do that , and not through some active X
There is a normal way to do that. the question is only what kind of
serwer you are using for the web (apache ,iis )and what kind of serwer
for the local net (nt, samba, so on)
with microsoft serwer it is done in almost no time
with apache you need additional module
http://modntlm.sourceforge.net/
then logged user sid should be visible in $_SERVER variable
then you have to chceck the user id in LDAP to get the name to display
the end
z.
zdzisio wrote:
> Rik Wasmus pisze:
>> On Mon, 05 Nov 2007 17:59:40 +0100,
>
>>
>> Hardly on the www. You should not want to know my username. On
>> intranets, you could use some ActiveX, nothing to do with PHP/not
>> something PHP can do though.
>
> oh please.
>
> of coure you can do that , and not through some active X
> There is a normal way to do that. the question is only what kind of
> serwer you are using for the web (apache ,iis )and what kind of serwer
> for the local net (nt, samba, so on)
>
>
> with microsoft serwer it is done in almost no time
> with apache you need additional module
>
> http://modntlm.sourceforge.net/
>
> then logged user sid should be visible in $_SERVER variable
>
> then you have to chceck the user id in LDAP to get the name to display
>
> the end
>
>
> z.
>
>
Sorry, that's a login module for Apache. It tells you who logged into
Apache, not who's currently logged into the machine. And the same is
true with IIS. This is not necessarily the same as the person logged
into the machine.
Rik is correct. There is no way to get the name of the user logged into
the machine without ActiveX controls. HTTP security prohibits the
server from knowing such information - which is a good thing.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Jerry Stuckle pisze:
> zdzisio wrote:
>> Rik Wasmus pisze:
>>
>> http://modntlm.sourceforge.net/
>>
>>
>
> Sorry, that's a login module for Apache.
ofcourse it is.
> It tells you who logged into
> Apache, not who's currently logged into the machine.
I can imagine situation when this two values differ. but so what?
> And the same is
> true with IIS. This is not necessarily the same as the person logged
> into the machine.
I can imagine situation when this two values differ. but so what?
of course you can try and log out and then log in as different user than
YOUR login to corporate network.
but question was about displaing courent user of a local machine
on web when the local machine is corporate network
to do that you have to force automatic single sign on authentication to
intranet web . what don't you understand?
> Rik is correct. There is no way to get the name of the user logged into
> the machine without ActiveX controls.
HTTP server sends request for NTLM authentication and Windows
workstation sends the sid back as a response. then you have to check the
sid in Active Directory (or other LDAP server ) and youre done. this is
that simple. no need to deny
> HTTP security prohibits the
> server from knowing such information - which is a good thing.
That's exactly the reason to use NTLM authentication not HTTP
authentication.
z.
>I can imagine situation when this two values differ. but so what?
>
>> And the same is
>> true with IIS. This is not necessarily the same as the person logged
>> into the machine.
>
>I can imagine situation when this two values differ. but so what?
>
>of course you can try and log out and then log in as different user than
>YOUR login to corporate network.
>
>but question was about displaing courent user of a local machine
>on web when the local machine is corporate network
I understood the situation to be that the local machine is *on* the
corporate network, not that it *is* the corporate network.
>to do that you have to force automatic single sign on authentication to
>intranet web . what don't you understand?
>
>> Rik is correct. There is no way to get the name of the user logged into
>> the machine without ActiveX controls.
>
>
>HTTP server sends request for NTLM authentication and Windows
What arguments does such a NTLM request require? You haven't got
a user name at the HTTP server; that's what is desired. You
presumably don't have a password, either. The point of using the
local login is usually to avoid having to repeat that information
into a web page.
Suppose: there are several people logged in on various machines
on the local network. There are several people logged in on the
same machine as user who's making the HTTP request (possible with
terminal server or remote desktop on a Windows machine). What
information does the HTTP server have to tell which user made the
request? The IP address alone is NOT enough, and there's more than
one user logged in on that machine.
>workstation sends the sid back as a response. then you have to check the
>sid in Active Directory (or other LDAP server ) and youre done. this is
>that simple. no need to deny
>
>
>> HTTP security prohibits the
>> server from knowing such information - which is a good thing.
>
>That's exactly the reason to use NTLM authentication not HTTP
>authentication.
>
>
>
>z.
zdzisio wrote:
> Jerry Stuckle pisze:
>> zdzisio wrote:
>>> Rik Wasmus pisze:
>>>
>>> http://modntlm.sourceforge.net/
>>>
>>>
>>
>> Sorry, that's a login module for Apache.
>
> ofcourse it is.
>
>
>> It tells you who logged into Apache, not who's currently logged into
>> the machine.
>
> I can imagine situation when this two values differ. but so what?
>
>> And the same is true with IIS. This is not necessarily the same as
>> the person logged into the machine.
>
> I can imagine situation when this two values differ. but so what?
>
Because he specifically asked for the name of the user logged into the
client machine, not the server.
In my case, the login I use on my network is different than ANY login I
use on the internet.
> of course you can try and log out and then log in as different user than
> YOUR login to corporate network.
>
> but question was about displaing courent user of a local machine
> on web when the local machine is corporate network
>
Exactly.
> to do that you have to force automatic single sign on authentication to
> intranet web . what don't you understand?
>
No, you don't. An ActiveX control will work find for it. No login to
the server is necessary. What don't you understand?
>> Rik is correct. There is no way to get the name of the user logged
>> into the machine without ActiveX controls.
>
>
> HTTP server sends request for NTLM authentication and Windows
> workstation sends the sid back as a response. then you have to check the
> sid in Active Directory (or other LDAP server ) and youre done. this is
> that simple. no need to deny
>
That is one way to do it. But it requires the server to have access to
an LDAP server. That's not always the case. And even if it did, it may
not have access to the SAME LDAP server as the client machine - as is
not at all unusual in a large corporate intranet.
>
>> HTTP security prohibits the server from knowing such information -
>> which is a good thing.
>
> That's exactly the reason to use NTLM authentication not HTTP
> authentication.
>
And it isn't what he asked for.
You should learn to read what was asked for, not what you think he
should be doing. In this case they are two entirely different things.
>
>
> z.
>
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Gordon Burditt pisze:
> I understood the situation to be that the local machine is *on* the
> corporate network, not that it *is* the corporate network.
yes, sure, lost that word somewhere.
>
> What arguments does such a NTLM request require?
to make it simple:
serwer tells the browser: you need to authenticate using NTLM , valid
user is required. then browser sends the server id of a user.
something like:
S-1-5-21-3127170830-3942366122-3349335812-41005
now it is web serwers role to do something with it.
in most corporate enviroments - use ldap call to get real name
> Suppose: there are several people logged in on various machines
> on the local network. There are several people logged in on the
> same machine as user who's making the HTTP request (possible with
> terminal server or remote desktop on a Windows machine). What
> information does the HTTP server have to tell which user made the
> request?
the one who owns the task running web browser. the one that
started web browser, of course
> The IP address alone is NOT enough, and there's more than
> one user logged in on that machine.
but obviously any program run on a workstation can check who started it.
that is the point of ActivX solution too, isn't it?
z
>> What arguments does such a NTLM request require?
>
>to make it simple:
>serwer tells the browser: you need to authenticate using NTLM , valid
>user is required. then browser sends the server id of a user.
What *browsers* do that? If a browser does that when talking over
the Internet, especially without asking for confirmation, I consider
it a serious security hole. If the user is asked to enter a valid
user name, it rather defeats the purpose of not having to log in
for the web page after you've already logged in on the workstation.
And since anything that comes from a browser is easily faked, it
seems to make pretending to be someone else fairly easy. All I
have to do is get that magic number. I think for that all I have
to do is find a file that he owns that I can look at the permissions
on, which might be easy to find on a shared volume.
>something like:
>S-1-5-21-3127170830-3942366122-3349335812-41005
>now it is web serwers role to do something with it.
>in most corporate enviroments - use ldap call to get real name
>> Suppose: there are several people logged in on various machines
>> on the local network. There are several people logged in on the
>> same machine as user who's making the HTTP request (possible with
>> terminal server or remote desktop on a Windows machine). What
>> information does the HTTP server have to tell which user made the
>> request?
>
>the one who owns the task running web browser. the one that
>started web browser, of course
Unless, of course, the web browser LIES.
Gordon Burditt said:
>>> What arguments does such a NTLM request require?
>> to make it simple:
>> serwer tells the browser: you need to authenticate using NTLM , valid
>> user is required. then browser sends the server id of a user.
>
> What *browsers* do that?
MSIE based. it is an Microsoft thing anyway. an active x applet would
work in MSIE too, i guess
> If the user is asked to enter a valid
> user name, it rather defeats the purpose of not having to log in
> for the web page after you've already logged in on the workstation.
well , we are still taking about corporate solutions, right ?
>
> And since anything that comes from a browser is easily faked, it
> seems to make pretending to be someone else fairly easy.
>
I have a funny feeling ...
>> the one who owns the task running web browser. the one that
>> started web browser, of course
>
> Unless, of course, the web browser LIES.
>
.... that you just don't have an idea what this NTLM thing is, do you?
z.
"Gordon Burditt"
news:13j4kr7dmjm9u22@corp.supernews.com...
>>> What arguments does such a NTLM request require?
>>
>>to make it simple:
>>serwer tells the browser: you need to authenticate using NTLM , valid
>>user is required. then browser sends the server id of a user.
>
> What *browsers* do that?
MSIE, of course.
Been that way since the 20th century.
"Sanders Kaufman"
news:eOAYi.14796$4V6.7850@newssvr14.news.prodigy.net...
> "Gordon Burditt"
> news:13j4kr7dmjm9u22@corp.supernews.com...
>>>> What arguments does such a NTLM request require?
>>>
>>>to make it simple:
>>>serwer tells the browser: you need to authenticate using NTLM , valid
>>>user is required. then browser sends the server id of a user.
>>
>> What *browsers* do that?
>
> MSIE, of course.
> Been that way since the 20th century.
which was a reeeeaaaalllly long time ago, huh. :)
btw, NTLM authentication works in *any* browser. how ntlm works outside of
the client's browser is entirely a question of server configuration.
>>>> What arguments does such a NTLM request require?
>>> to make it simple:
>>> serwer tells the browser: you need to authenticate using NTLM , valid
>>> user is required. then browser sends the server id of a user.
>>
>> What *browsers* do that?
>
>MSIE based. it is an Microsoft thing anyway. an active x applet would
>work in MSIE too, i guess
>
>> If the user is asked to enter a valid
>> user name, it rather defeats the purpose of not having to log in
>> for the web page after you've already logged in on the workstation.
>
>well , we are still taking about corporate solutions, right ?
>
>>
>> And since anything that comes from a browser is easily faked, it
>> seems to make pretending to be someone else fairly easy.
> >
>
>I have a funny feeling ...
>
>>> the one who owns the task running web browser. the one that
>>> started web browser, of course
>>
>> Unless, of course, the web browser LIES.
>>
>
>... that you just don't have an idea what this NTLM thing is, do you?
Does the fact that I asked what arguments a NTLM request needs give
it away? You're right, I don't know much about it, but I have a
feeling that the people answering my questions know less about it.
A browser can't be trusted for anything involving HTTP server
security. In particular, a browser can be replaced with telnet
operated manually by someone wanting to break in to your system,
say, to find out who's on the promotion list or to get some juicy
blackmail to use against the boss. I'm sure Microsoft is not so
lame as to design an authentication system that has such a gaping
hole in it.
I have a feeling that either (a) the browser supplies a user ID and
password, which the HTTP server checks with the domain controller,
in which case the user has to log in on the web page in addition
to logging in to the local account, or (b) Windows provides some
other mechanism for the HTTP server to identify the user making the
request that doesn't involve trusting the browser.
Gordon Burditt:
>> I have a funny feeling
>> that you just don't have an idea what this NTLM thing is, do you?
>
> A browser can't be trusted for anything involving HTTP server
> security.
the thing is - it is not about *http* security. its not a *browser*
thing. it is about windows(smb) *workstation* authenticating against
windows (smb) server. and http server being able to know that it
happened thanks to ntlm authentication module
> I have a feeling that either
> (b) Windows provides some
> other mechanism for the HTTP server to identify the user making the
> request that doesn't involve trusting the browser.
see? it involves third party - a windows server. thats why you need this
additional module for.
z.