|
 |
asp_web_howto thread: Impersonation/GetUserName
Message #1 by "Sertial, Sam" <2495XX2@a...> on Tue, 19 Jun 2001 10:09:11 -0400
|
|
To get the user name from NT4 Log on, you have to set the security to
challenge/response.
If you set the security to "Anonymous Request", you can't find who logged in
?
When you run "SET" command " c:\set" from Dos, you can see the NTUserName .
Is any way to get the value of USERNAME in ASP page from the Registry or
from SET command, while setting the security to "Anonymous Request".
Thanks,
Message #2 by "Alex Shiell, ITS, EC, SE" <alex.shiell@s...> on Tue, 19 Jun 2001 15:14:31 +0100
|
|
Well no... what you are suggesting is a contradiction in terms.
Anonymous access means that users do not have to identify themselves to
gain
access to the page/site. If you need to know who they are, then they
need
to log in in one form or another. Challenge/Response authentication
allows
NT logon credentials to passed accross without the user having to type
their
username and password again. If Anonymous access is enabled, then
these
logon credentials are not passed on.
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: 19 June 2001 15:09
To: ASP Web HowTo
Subject: [asp_web_howto] Impersonation/GetUserName
To get the user name from NT4 Log on, you have to set the security to
challenge/response.
If you set the security to "Anonymous Request", you can't find who
logged in
?
When you run "SET" command " c:\set" from Dos, you can see the
NTUserName .
Is any way to get the value of USERNAME in ASP page from the Registry
or
from SET command, while setting the security to "Anonymous Request".
Thanks,
Message #3 by "Sertial, Sam" <2495XX2@a...> on Tue, 19 Jun 2001 10:49:08 -0400
|
|
Thanks Alex for your quick response as usual, I agree with you because
IIS
use IUSR_MACHINENAME,
but I am looking for some VB/COM or API32 where we can activate
"GetUserName" functions from VB.
Ex.:
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA"
(ByVal
lpBuffer As String, nSize As Long) As Long
Dim X&, i&
Dim lpBuffer As String * 30
Dim gsUserId As String
On Error GoTo HandleError
X =3D GetUserName(lpBuffer, 30)
gsUserId =3D Trim(lpBuffer)
gsUserId =3D Trim(Left(gsUserId, InStr(1, gsUserId, Chr(0)) - 1))
GetUserId =3D gsUserId
Thanks again,
-----Original Message-----
From: Alex Shiell, ITS, EC, SE [mailto:alex.shiell@s...]
Sent: Tuesday, June 19, 2001 10:15 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Well no... what you are suggesting is a contradiction in terms.
Anonymous access means that users do not have to identify themselves to
gain
access to the page/site. If you need to know who they are, then they
need
to log in in one form or another. Challenge/Response authentication
allows
NT logon credentials to passed accross without the user having to type
their
username and password again. If Anonymous access is enabled, then
these
logon credentials are not passed on.
Message #4 by ssteward@a... on Tue, 19 Jun 2001 10:00:21 -0500
|
|
The GetUserName function will give you the User that's running whatever
process you're calling it from. In most cases, it will be
IUSR_MACHINENAME
when calling it from IIS.
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: Tuesday, June 19, 2001 9:49 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Thanks Alex for your quick response as usual, I agree with you because
IIS
use IUSR_MACHINENAME,
but I am looking for some VB/COM or API32 where we can activate
"GetUserName" functions from VB.
Ex.:
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA"
(ByVal
lpBuffer As String, nSize As Long) As Long
Dim X&, i&
Dim lpBuffer As String * 30
Dim gsUserId As String
On Error GoTo HandleError
X =3D GetUserName(lpBuffer, 30)
gsUserId =3D Trim(lpBuffer)
gsUserId =3D Trim(Left(gsUserId, InStr(1, gsUserId, Chr(0)) - 1))
GetUserId =3D gsUserId
Thanks again,
Message #5 by "Alex Shiell, ITS, EC, SE" <alex.shiell@s...> on Tue, 19 Jun 2001 16:08:56 +0100
|
|
Thing is, if you're going to be running this on the server, it will
give you
who is logged on at the server, e.g. 'Administrator' or whoever. If
you
want to find out who's logged on at the client machine, it would need
to be
some kind of activeX control, and I'm not sure if security would even
allow
an activeX control access to that kind of thing.
Much easier just to use challenge/response!
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: 19 June 2001 15:49
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Thanks Alex for your quick response as usual, I agree with you because
IIS
use IUSR_MACHINENAME,
but I am looking for some VB/COM or API32 where we can activate
"GetUserName" functions from VB.
Ex.:
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA"
(ByVal
lpBuffer As String, nSize As Long) As Long
Dim X&, i&
Dim lpBuffer As String * 30
Dim gsUserId As String
On Error GoTo HandleError
X =3D GetUserName(lpBuffer, 30)
gsUserId =3D Trim(lpBuffer)
gsUserId =3D Trim(Left(gsUserId, InStr(1, gsUserId, Chr(0)) - 1))
GetUserId =3D gsUserId
Thanks again,
Message #6 by Pieter Schutte <psc@a...> on Tue, 19 Jun 2001 17:21:46 +0200
|
|
Would this help
Function GetUser()
If Instr(1,Request.ServerVariables("LOGON_USER"),"\") <> 0
Then
Pos =3D
Instr(1,Request.ServerVariables("LOGON_USER"),"\")
GetUser =3D
Right(Request.ServerVariables("LOGON_USER"),Len(Request.ServerVariables(
"LOG
ON_USER")) - Pos)
Else=09
GetUser =3D Request.ServerVariables("LOGON_USER")
End if
End Function
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: Tuesday, June 19, 2001 4:49 PM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Thanks Alex for your quick response as usual, I agree with you because
IIS
use IUSR_MACHINENAME,
but I am looking for some VB/COM or API32 where we can activate
"GetUserName" functions from VB.
Ex.:
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA"
(ByVal
lpBuffer As String, nSize As Long) As Long
Dim X&, i&
Dim lpBuffer As String * 30
Dim gsUserId As String
On Error GoTo HandleError
X =3D GetUserName(lpBuffer, 30)
gsUserId =3D Trim(lpBuffer)
gsUserId =3D Trim(Left(gsUserId, InStr(1, gsUserId, Chr(0)) - 1))
GetUserId =3D gsUserId
Thanks again,
-----Original Message-----
From: Alex Shiell, ITS, EC, SE [mailto:alex.shiell@s...]
Sent: Tuesday, June 19, 2001 10:15 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Well no... what you are suggesting is a contradiction in terms.
Anonymous access means that users do not have to identify themselves to
gain
access to the page/site. If you need to know who they are, then they
need
to log in in one form or another. Challenge/Response authentication
allows
NT logon credentials to passed accross without the user having to type
their
username and password again. If Anonymous access is enabled, then
these
logon credentials are not passed on.
Message #7 by "Alex Shiell, ITS, EC, SE" <alex.shiell@s...> on Tue, 19 Jun 2001 16:52:33 +0100
|
|
problem is that Request.ServerVariables("LOGON_USER") is empty when
anonymous access is enabled, as the logon credentials are not sent.
-----Original Message-----
From: Pieter Schutte [mailto:psc@a...]
Sent: 19 June 2001 16:22
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Would this help
Function GetUser()
If Instr(1,Request.ServerVariables("LOGON_USER"),"\") <> 0
Then
Pos =3D3D
Instr(1,Request.ServerVariables("LOGON_USER"),"\")
GetUser =3D3D
Right(Request.ServerVariables("LOGON_USER"),Len(Request.ServerVariables(
=3D
"LOG
ON_USER")) - Pos)
Else=3D09
GetUser =3D3D Request.ServerVariables("LOGON_USER")
End if
End Function
Message #8 by "Sertial, Sam" <2495XX2@a...> on Tue, 19 Jun 2001 12:39:38 -0400
|
|
Alex, you are right because any script will be running on the server
side
and will populate
the Log0n_user or Auth_user from the server, which is the IUSR_Machine.
However, just wonder if we can get any value from the registry
HKEY_LOCAL_MACHINE
or from running "c:\set ~", to find who logged in NT?
The reason I can't use Authenticate/NT Challenge is: Getting users from
2
different domains
One domain we have ACL and the other is not out Main domain where we
can't
authenticate the users.
Thank a lot to Alex, Pieter, Stewards.
-----Original Message-----
From: Alex Shiell, ITS, EC, SE [mailto:alex.shiell@s...]
Sent: Tuesday, June 19, 2001 11:53 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
problem is that Request.ServerVariables("LOGON_USER") is empty when
anonymous access is enabled, as the logon credentials are not sent.
-----Original Message-----
From: Pieter Schutte [mailto:psc@a...]
Sent: 19 June 2001 16:22
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Would this help
Function GetUser()
If Instr(1,Request.ServerVariables("LOGON_USER"),"\") <> 0
Then
Pos =3D3D
Instr(1,Request.ServerVariables("LOGON_USER"),"\")
GetUser =3D3D
Right(Request.ServerVariables("LOGON_USER"),Len(Request.ServerVariables(
=3D
"LOG
ON_USER")) - Pos)
Else=3D09
GetUser =3D3D Request.ServerVariables("LOGON_USER")
End if
End Function
Message #9 by ssteward@a... on Tue, 19 Jun 2001 12:01:11 -0500
|
|
Are you trying to find out who's logged in on your webserver, or the
client's machine?
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: Tuesday, June 19, 2001 11:40 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Alex, you are right because any script will be running on the server
side
and will populate
the Log0n_user or Auth_user from the server, which is the IUSR_Machine.
However, just wonder if we can get any value from the registry
HKEY_LOCAL_MACHINE
or from running "c:\set ~", to find who logged in NT?
The reason I can't use Authenticate/NT Challenge is: Getting users from
2
different domains
One domain we have ACL and the other is not out Main domain where we
can't
authenticate the users.
Thank a lot to Alex, Pieter, Stewards.
-----Original Message-----
From: Alex Shiell, ITS, EC, SE [mailto:alex.shiell@s...]
Sent: Tuesday, June 19, 2001 11:53 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
problem is that Request.ServerVariables("LOGON_USER") is empty when
anonymous access is enabled, as the logon credentials are not sent.
-----Original Message-----
From: Pieter Schutte [mailto:psc@a...]
Sent: 19 June 2001 16:22
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Would this help
Function GetUser()
If Instr(1,Request.ServerVariables("LOGON_USER"),"\") <> 0
Then
Pos =3D3D
Instr(1,Request.ServerVariables("LOGON_USER"),"\")
GetUser =3D3D
Right(Request.ServerVariables("LOGON_USER"),Len(Request.ServerVariables(
=3D
"LOG
ON_USER")) - Pos)
Else=3D09
GetUser =3D3D Request.ServerVariables("LOGON_USER")
End if
End Function
Message #10 by "Sertial, Sam" <2495XX2@a...> on Tue, 19 Jun 2001 14:59:17 -0400
|
|
I am trying to find out who logged in client's machine.
The INTRANET Application is installed on IIS4 Server, and every one is
logged on NT4 WORKSTATION.
-----Original Message-----
From: ssteward@a... [mailto:ssteward@a...]
Sent: Tuesday, June 19, 2001 1:01 PM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Are you trying to find out who's logged in on your webserver, or the
client's machine?
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: Tuesday, June 19, 2001 11:40 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Alex, you are right because any script will be running on the server
side
and will populate
the Log0n_user or Auth_user from the server, which is the IUSR_Machine.
However, just wonder if we can get any value from the registry
HKEY_LOCAL_MACHINE
or from running "c:\set ~", to find who logged in NT?
The reason I can't use Authenticate/NT Challenge is: Getting users from
2
different domains
One domain we have ACL and the other is not out Main domain where we
can't
authenticate the users.
Thank a lot to Alex, Pieter, Stewards.
-----Original Message-----
From: Alex Shiell, ITS, EC, SE [mailto:alex.shiell@s...]
Sent: Tuesday, June 19, 2001 11:53 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
problem is that Request.ServerVariables("LOGON_USER") is empty when
anonymous access is enabled, as the logon credentials are not sent.
-----Original Message-----
From: Pieter Schutte [mailto:psc@a...]
Sent: 19 June 2001 16:22
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Would this help
Function GetUser()
If Instr(1,Request.ServerVariables("LOGON_USER"),"\") <> 0
Then
Pos =3D3D
Instr(1,Request.ServerVariables("LOGON_USER"),"\")
GetUser =3D3D
Right(Request.ServerVariables("LOGON_USER"),Len(Request.ServerVariables(
=3D
"LOG
ON_USER")) - Pos)
Else=3D09
GetUser =3D3D Request.ServerVariables("LOGON_USER")
End if
End Function
Message #11 by ssteward@a... on Tue, 19 Jun 2001 14:11:33 -0500
|
|
I'm not sure you'll be able to get the client's login name if you're
not
using NT Authentication.... I'm sure the others who have been
contributing
to this thread would know more about that than I would...
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: Tuesday, June 19, 2001 1:59 PM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
I am trying to find out who logged in client's machine.
The INTRANET Application is installed on IIS4 Server, and every one is
logged on NT4 WORKSTATION.
-----Original Message-----
From: ssteward@a... [mailto:ssteward@a...]
Sent: Tuesday, June 19, 2001 1:01 PM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Are you trying to find out who's logged in on your webserver, or the
client's machine?
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: Tuesday, June 19, 2001 11:40 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Alex, you are right because any script will be running on the server
side
and will populate
the Log0n_user or Auth_user from the server, which is the IUSR_Machine.
However, just wonder if we can get any value from the registry
HKEY_LOCAL_MACHINE
or from running "c:\set ~", to find who logged in NT?
The reason I can't use Authenticate/NT Challenge is: Getting users from
2
different domains
One domain we have ACL and the other is not out Main domain where we
can't
authenticate the users.
Thank a lot to Alex, Pieter, Stewards.
-----Original Message-----
From: Alex Shiell, ITS, EC, SE [mailto:alex.shiell@s...]
Sent: Tuesday, June 19, 2001 11:53 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
problem is that Request.ServerVariables("LOGON_USER") is empty when
anonymous access is enabled, as the logon credentials are not sent.
-----Original Message-----
From: Pieter Schutte [mailto:psc@a...]
Sent: 19 June 2001 16:22
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Would this help
Function GetUser()
If Instr(1,Request.ServerVariables("LOGON_USER"),"\") <> 0
Then
Pos =3D3D
Instr(1,Request.ServerVariables("LOGON_USER"),"\")
GetUser =3D3D
Right(Request.ServerVariables("LOGON_USER"),Len(Request.ServerVariables(
=3D
"LOG
ON_USER")) - Pos)
Else=3D09
GetUser =3D3D Request.ServerVariables("LOGON_USER")
End if
End Function
Message #12 by "Alex Shiell, ITS, EC, SE" <alex.shiell@s...> on Wed, 20 Jun 2001 09:52:07 +0100
|
|
Sam,
To clarify what I've been trying to say: If you want the username to
be
sent from the client to the server, then you've got to disable
anonymous
access. Otherwise, no username is sent, and the server will use
IUSER_xxxx
as the username.
So what you are suggesting would require the username to be somehow
captured
at the client side, and then send down in a form submission or
something.
Capturing the username is not something that can be done with
scripting, so
some sort of activeX control or Java Applet would be required.
However, I'm
fairly certain that the browser security model would prevent a control
from
accessing security information.
-----Original Message-----
From: ssteward@a... [mailto:ssteward@a...]
Sent: 19 June 2001 20:12
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
I'm not sure you'll be able to get the client's login name if you're
not
using NT Authentication.... I'm sure the others who have been
contributing
to this thread would know more about that than I would...
-----Original Message-----
From: Sertial, Sam [mailto:2495XX2@a...]
Sent: Tuesday, June 19, 2001 1:59 PM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
I am trying to find out who logged in client's machine.
The INTRANET Application is installed on IIS4 Server, and every one is
logged on NT4 WORKSTATION.
Message #13 by "Sertial, Sam" <2495XX2@a...> on Wed, 20 Jun 2001 09:25:42 -0400
|
|
Thanks Alex, I build com/dll and didn't work and went through the MSDN
but
was no answer and
Microsoft acknowledged that and claimed that a solution will be
available
with Windows NT 5(2000).
Can you suggest any nice Login.asp form from Wrox books to help
creating
and verifying
Username and password( the logon.asp should be showing only when you
click
"SAVE", and not
at the beginning of the application)
Thanks again,
-----Original Message-----
From: Alex Shiell, ITS, EC, SE [mailto:alex.shiell@s...]
Sent: Wednesday, June 20, 2001 4:52 AM
To: ASP Web HowTo
Subject: [asp_web_howto] RE: Impersonation/GetUserName
Sam,
To clarify what I've been trying to say: If you want the username to
be
sent from the client to the server, then you've got to disable
anonymous
access. Otherwise, no username is sent, and the server will use
IUSER_xxxx
as the username.
So what you are suggesting would require the username to be somehow
captured
at the client side, and then send down in a form submission or
something.
Capturing the username is not something that can be done with
scripting, so
some sort of activeX control or Java Applet would be required.
However, I'm
fairly certain that the browser security model would prevent a control
from
accessing security information.
|
|
|
View Cart
