|
|
Posted by zdzisio on 11/07/07 07:00
Gordon Burditt pisze:
> I understood the situation to be that the local machine is *on* the
> corporate network, not that it *is* the corporate network.
yes, sure, lost that word somewhere.
>
> What arguments does such a NTLM request require?
to make it simple:
serwer tells the browser: you need to authenticate using NTLM , valid
user is required. then browser sends the server id of a user.
something like:
S-1-5-21-3127170830-3942366122-3349335812-41005
now it is web serwers role to do something with it.
in most corporate enviroments - use ldap call to get real name
> Suppose: there are several people logged in on various machines
> on the local network. There are several people logged in on the
> same machine as user who's making the HTTP request (possible with
> terminal server or remote desktop on a Windows machine). What
> information does the HTTP server have to tell which user made the
> request?
the one who owns the task running web browser. the one that
started web browser, of course
> The IP address alone is NOT enough, and there's more than
> one user logged in on that machine.
but obviously any program run on a workstation can check who started it.
that is the point of ActivX solution too, isn't it?
z
Navigation:
[Reply to this message]
|