The site I'm currently developing has a page where visitors can post updates to projects. There's a space for them to put in their login name, which is the same they use to log into the system (WinNT 4). I'd like to grab the login ID of who is signed into the computer so we'll know who really posted the update as well as who they say they are. I tried using CGI.auth_user, but that's coming up as not existing. Is there somewhere in the registry that I can snag this and if so, what would the CF code look like?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Capturing login name
- Thread starter diggy8
- Start date
CGI.auth_user will only work if you've disabled anonymous access to the web site. It represents the user name that was successfully authenticated using HTTP access control.
If (and this is a big "if"
you're running IIS on a Windows server and are serving only Internet Explorer clients, this would be very easy to implement because IE can automatically pass the users' own authentication information from their Windows logon (the option is in the Security settings and is called "Automatically log on with current username and password" and the HTTP access control in IIS is designed to get its access lists from the domain.
If that doesn't describe your environment, then you've got a much harder problem. No decent browser exposes anything about the client's environment (including the registry) to the web server. I think you would still be looking along the lines of using HTTP access control and synchronizing the user list on your web server with your network's Windows accounts. In this case I think it would almost certainly be easier and quicker to improve your own authentication system to the point that you could trust that the user logging in is who they say they are.
If (and this is a big "if"
you're running IIS on a Windows server and are serving only Internet Explorer clients, this would be very easy to implement because IE can automatically pass the users' own authentication information from their Windows logon (the option is in the Security settings and is called "Automatically log on with current username and password" and the HTTP access control in IIS is designed to get its access lists from the domain. If that doesn't describe your environment, then you've got a much harder problem. No decent browser exposes anything about the client's environment (including the registry) to the web server. I think you would still be looking along the lines of using HTTP access control and synchronizing the user list on your web server with your network's Windows accounts. In this case I think it would almost certainly be easier and quicker to improve your own authentication system to the point that you could trust that the user logging in is who they say they are.
- Thread starter
- #3
- Status
Similar threads
