Get machine login info using ASP .NET?

Toggle sidebar Toggle sidebar
clamum

clamum

Lifer
Feb 13, 2003
26,256
406
126
Well I have an update. As it turns out, I won't need the user's password. Just whatever username they used to log into the machine with.

The problem is getting. The code I wrote so far only gets the ASPNET account, and when I turn Impersonate on, I get IUSR_<machinename>. But what I need is the actual username that the current user is logged on with (for example, ACarlson for me on this machine).

Is that possible? I sort of need it explicitly (as a String) because the validation checks that String against a local database and/or Active Directory.

Any help would be greatly appeciated.
 
A

Atheus

Diamond Member
Jun 7, 2005
7,313
2
0
I don't think you can retrieve their password though, just the username that is currenty logged into the PC
Click to expand...

You can dump the LM hash though, a la pwdump, and match it to a hash in the database.
 
clamum

clamum

Lifer
Feb 13, 2003
26,256
406
126
Originally posted by: Atheus
I don't think you can retrieve their password though, just the username that is currenty logged into the PC
Click to expand...

You can dump the LM hash though, a la pwdump, and match it to a hash in the database.
Click to expand...

Really? Awesome. I'll do some reading, thanks a million man.
 
clamum

clamum

Lifer
Feb 13, 2003
26,256
406
126
Well I have an update. As it turns out, I won't need the user's password. Just whatever username they used to log into the machine with.

The problem is getting. The code I wrote so far only gets the ASPNET account, and when I turn Impersonate on, I get IUSR_<machinename>. But what I need is the actual username that the current user is logged on with (for example, ACarlson for me on this machine).

Is that possible? I sort of need it explicitly (as a String) because the validation checks that String against a local database and/or Active Directory.

Any help would be greatly appeciated.
 
Snapster

Snapster

Diamond Member
Oct 14, 2001
3,916
0
0
If you want to get the logged in user, you need to turn on integrate windows authentication on the application dir in IIS and not use identity impersonate. Then you can use Request.ServerVariables["LOGON_USER"] to get the current logged in user, so you can validate against active directory etc anyway, pretty common for company intranets.
 
clamum

clamum

Lifer
Feb 13, 2003
26,256
406
126
Originally posted by: Snapster
If you want to get the logged in user, you need to turn on integrate windows authentication on the application dir in IIS and not use identity impersonate. Then you can use Request.ServerVariables["LOGON_USER"] to get the current logged in user, so you can validate against active directory etc anyway, pretty common for company intranets.
Click to expand...
I LOVE YOU

Haha, seriously you made my day man. Thanks a lot. Dunno why I couldn't find that in my trillion Google searches. I tended to focus on the WindowsPrincipal object I guess, though.

Just as a side note, for anyone else that may be interested, at first it returned a blank string. I turned off "Allow Anonymous Access" (just in the Web.config file rather than IIS) and she worked.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom