Capturing Windows Username without popping challenge box in the browser

From: Raj Thakkar (rthakkar_at_theage.com.au)
Date: 12/08/04

Next message: Eliyahu Goldin: "Re: OpenWindow without toolbar"
Previous message: Tomislav Bartolin: "DataBind issue"
Next in thread: Joyjit Mukherjee: "Re: Capturing Windows Username without popping challenge box in the browser"
Reply: Joyjit Mukherjee: "Re: Capturing Windows Username without popping challenge box in the browser"
Reply: aa7im: "Re: Capturing Windows Username without popping challenge box in the browser"
Reply: Prodip Saha: "Re: Capturing Windows Username without popping challenge box in the browser"
Messages sorted by: [ date ] [ thread ]

Date: 8 Dec 2004 00:16:59 -0800

Hi,
I am currenty working on a site for intranet.
I have a user control in the header of every page that will be
displayed only if people with certain username are surfing the site.
These lists of usernames is stored on the server side in a xml based
file

So what I am doing at the moment is inside the user control pageload
method, i get the username of the current person logged in using
HttpContext.Current.User.Identity.Name and if the username is within
the list of 'allowed-access-usernames', I continue loading the
usercontrol else I set its visibility to false
so they can't see it.

It all works fine if I try to access the site from localhost.
The application grabs my windows username and verfies it against the
list, if i am present in the list, I see the control else I don't

The problem comes when I try to access the site from different machine.
As soon as i try to access the page, IE pops up a window asking for
username and password which I don;t want to.
I want to just grab the username of currenty logged in user on the
machine and give it to the server.

Can anyone help me how do i achieve this?

BTW, I am doing this using windows authentication.
In the IIS 5.1, I have
Anonymous Access unchecked
Integrated Windows Authentication checked

In web.config file
I have windows authentication
and
<identity impersonate="true" />

Thanks,
Raj

Next message: Eliyahu Goldin: "Re: OpenWindow without toolbar"
Previous message: Tomislav Bartolin: "DataBind issue"
Next in thread: Joyjit Mukherjee: "Re: Capturing Windows Username without popping challenge box in the browser"
Reply: Joyjit Mukherjee: "Re: Capturing Windows Username without popping challenge box in the browser"
Reply: aa7im: "Re: Capturing Windows Username without popping challenge box in the browser"
Reply: Prodip Saha: "Re: Capturing Windows Username without popping challenge box in the browser"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Capturing Windows Username without popping challenge box in the browser
... current username and password. ... Joyjit ... >> So what I am doing at the moment is inside the user control pageload ... I am doing this using windows authentication. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Capturing Windows Username without popping challenge box in the browser
... > displayed only if people with certain username are surfing the site. ... > These lists of usernames is stored on the server side in a xml based ... I am doing this using windows authentication. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Optimal wildcard search algorithm
... Then, for the second round, aa*, ab* ... after the two rounds of bruteforcing, ... error for a wildcarded username that does exist but can't be bound to, ... > or similar, some username/password combo lists, etc. ...
(Pen-Test)
Re: Problems signing request when using Windows Authentication
... Even though a web-based UI may be set up for Windows authentication, ... >>> In the client I add a username token to the request. ... >>> security tokens in the request.", ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Blank Emails
... Phonebook or dictionary attack on the mail server. ... number ) to get current lists of valid usernames. ... If the username is rejected, ... The list may then be sold to other spammers. ...
(alt.computer.security)