I've been wonderung for a while now if it possible to grant access to a local intranet by just reading the user's credentials.
The main idea is to allow certain groups to see different information based on who they are. I don't want to make the user log in, nor use cookies, but identify the user by his/her credentials meaning the user name (all nt clients).
Does anybody know a way to do this?
Thanks in advance.
Read user's credentials
Moderator: General Moderators
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Have a look at this thread:
http://www.devnetwork.net/forums/viewtopic.php?t=1174
Server side and client side solutions are both discussed.
Mac
http://www.devnetwork.net/forums/viewtopic.php?t=1174
Server side and client side solutions are both discussed.
Mac
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Client Side Issue
Well, have to check the server side details again, but i guess it won't work out. It is pretty much the same problem as Hebbs' ( thanks for the hint that there's already a thread, will probably contact Hebbs to how it worked.)
However the problem still exists - though it can be done in ASP and VBScript.
I got an apache webserver running on linux. All clients in the intranet use Win NT. There shall be at least 2 different groups of users: employees and admins. I could grant access using the IP# in Apache's .htaccess, but admins won't be able to acces from any client. Therefore using the logged on user's credentials would be the most effective method, since the use of cookies is a security hole. Unfortunately, there's no easy way to get user's hardware or software details on Win NT. Or am I wrong?
Keep looking...
However the problem still exists - though it can be done in ASP and VBScript.
I got an apache webserver running on linux. All clients in the intranet use Win NT. There shall be at least 2 different groups of users: employees and admins. I could grant access using the IP# in Apache's .htaccess, but admins won't be able to acces from any client. Therefore using the logged on user's credentials would be the most effective method, since the use of cookies is a security hole. Unfortunately, there's no easy way to get user's hardware or software details on Win NT. Or am I wrong?
Keep looking...
Hi guys,
The VBScript code is now also possible in JScript, which runs on IE5.5 and IE6, Im not sure about Netscape compatability though. But it still requires ActiveX to be enabled on the client machines browser.
I havent tested this properly but it works on my machine. Heres is the JScript version:
The VBScript code is now also possible in JScript, which runs on IE5.5 and IE6, Im not sure about Netscape compatability though. But it still requires ActiveX to be enabled on the client machines browser.
I havent tested this properly but it works on my machine. Heres is the JScript version:
Code: Select all
function GetUser(){
Platform=navigator.userAgent;
Sh = new ActiveXObject("WScript.Shell");
if (Platform.indexOf("Windows 98") >= 0){
RegKey = "HKEY_LOCAL_MACHINE\\Network\\Logon"e;;
UserName = Sh.RegRead (RegKey + "username");
Platform = "Windows 95";
}
if (Platform.indexOf("Windows 95") >= 0) {
RegKey = "HKEY_LOCAL_MACHINE\\Network\\Logon"e;;
UserName = Sh.RegRead (RegKey + "username");
Platform = "Windows 98";
}
if (Platform.indexOf("Windows 2000") >= 0 ) {
RegKey = "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"e;;
UserName = Sh.RegRead (RegKey + "Logon User Name");
Platform = "Windows 2000";
}
if (Platform.indexOf("Windows NT") >= 0 ) {
RegKey = "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"e;;
UserName = Sh.RegRead (RegKey + "Logon User Name");
Platform = "Windows NT/XP";
}
if (UserName != "") {
document.location = "Your.URL.Here?username=" + UserName; //auto login
} else {
document.location = "Your.URL.Here"; //prompt for login
}
}