Re: Getting Remote Windows Username on Intranet

On Sat, 29 Sep 2007 14:03:36 -0700, Bruno Barros <ragearc@xxxxxxxxx> wrote:

Hey there. I'm currently working on an intranet, and would like to
know how I can get the windows usernames of the visitors.

You can get their IP with $_SERVER['REMOTE_ADDR'];

But what about their Windows Username? Is there any way of doing so?
Through the Intranet?

Well, yes, sort of, with limitations, and it's not exactly recommended. Look
up "NTLM".

If you're running IIS on Windows, turn on "Integrated Windows Authentication"
for the particular directory.

For Apache, there are a couple of other options, further depending on whether
you're on Windows or UNIX, for example, http://mod-auth-sspi.sourceforge.net/
or http://modntlm.sourceforge.net/ . (I've not been able to get the latter to
work at all with Apache 2.2 on Linux, but YMMV).

IE will respond automatically to the authentication challenge this sends, and
you'll get Windows username as one of the $_SERVER variables.

Firefox supports method, but users would have to manually modify the
"network.automatic-ntlm-auth.trusted-uris" option in about:config to trust your
intranet site, otherwise they get a prompt to re-enter their Windows username
and passwords.

Last time I checked Opera eitehr didn't have support for this, or it was still
beta, and disabled by default (and only re-enable-able through a hidden
option), so you'd better have a fallback.

If you go this route then bear in mind that it's not very widely used so you
won't have as much support from the community. The implementations are all
reverse-engineered (other than the native Windows/IIS one, obviously), so may
well have weird quirks.

Even if you did get this working, it's almost certainly best not to rely on
this as your authentication method on every page, instead to have it as an
*option* on your login page to identify and authenticate the user, and then use
your own method to keep the user logged in (sessions, cryptographically signed
cookies, the usual suspects here).

--
Andy Hassall :: andy@xxxxxxxxxxx :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
.

Relevant Pages

  • Get the client PC Windows user name and PC Name.
    ... I am trying to get the Windows username and PC name from the client PC ... I am using 'forms' authentication and 'anonymous access' in IIS. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Basic authentication help needed
    ... authentication on a webpage running IIS 6? ... get prompted for their windows username and password ... their username and passwrd (we dont want that option to ...
    (microsoft.public.inetserver.iis.security)
  • x re: Remote Windows Login
    ... > identifying the windows username of each remote user of the system and ... > with the Windows Username of the server. ... If you have Windows domain authentication turned on, ...
    (comp.lang.php)
  • RE: Forms authentication <-> Windows user?
    ... you can authenticate against the Active Directory by using Forms. ... > I'm new in ASP.NET and I've got a question about authentication in an ... > I want to authentify and authorize the user by a database. ... evaluate the windows username ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Getting Remote Windows Username on Intranet
    ... the Windows Username to be the username to be used inside the intranet ... (kind of automatic login). ... You could have a look at the proprietary NTLM authentication mechanism. ...
    (comp.lang.php)