开发者

getting windows username with javascript

I have a site which is built in ASP.net and C#. Let's call it webapp. it uses a Form system to log on into it, and cannot be changed easliy.

I got a request to change the log in to some kind of windows authentication. I'll explain. Our windows login uses active directory for users to log into their windows account. their login name is sXXXXXXX. X are numbers. in my webapp, I want to take the users numbers from their active directory login, and check if those exist in the webapp database. if it exists, they will automatically log in. If开发者_运维技巧 it doesn't, they will be referred to the regular login page for the webapp system which is currently in use.

I tried changing my IIS to disable anonymous login and enabling windows authentication, therefore making the user browser to send it's current logged in user name to my webapp. I changed the web config as well from "Forms" to "Windows", which made my whole webapp obsolete as the whole forms system did not work.

My question is this - is there a different way for the browser only to send the username to my webapp? I thought maybe javascript, I just don't know how to implement that, if it's even possible. I know it's not very secure, but all this platform and system is built outside the internet, it's on a private network.


<script language="javascript">
    var username = '<%HttpContext.Current.User.Identity.Name %>';

</script>


The only way you could get at the user's domain credentials via javascript would be by deploying some type of ActiveX component to expose that data to the browser. I wouldn't recommend that.

I would look at implementing a Login page for forms authentication that authenticates the user on the page load using HttpContext.Current.User.

The way forms works is that if an unauthenticated user attempts to access an access-controlled page and have not logged in (no cookie), they will be redirected to a login page that gives the facility to log in (this sets a cookie on the client-side). The user is then directed to the page they initially requested. You would simply be automating the login part.

If you have a mixture of pass-through and user who need to manually login you could check their client IP address to see if it matches one on your domain or not.


The solution I found for getting the username sent to the server was:

string winlogon = Request.ServerVariables["LOGON_USER"];

After enabled Windows Authentication Mode in IIS.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜