Posted by Gordon Burditt on 11/07/07 00:51

>I can imagine situation when this two values differ. but so what?
>
>> And the same is
>> true with IIS. This is not necessarily the same as the person logged
>> into the machine.
>
>I can imagine situation when this two values differ. but so what?
>
>of course you can try and log out and then log in as different user than
>YOUR login to corporate network.
>
>but question was about displaing courent user of a local machine
>on web when the local machine is corporate network

I understood the situation to be that the local machine is *on* the
corporate network, not that it *is* the corporate network.

>to do that you have to force automatic single sign on authentication to
>intranet web . what don't you understand?
>
>> Rik is correct. There is no way to get the name of the user logged into
>> the machine without ActiveX controls.
>
>
>HTTP server sends request for NTLM authentication and Windows

What arguments does such a NTLM request require? You haven't got
a user name at the HTTP server; that's what is desired. You
presumably don't have a password, either. The point of using the
local login is usually to avoid having to repeat that information
into a web page.

Suppose: there are several people logged in on various machines
on the local network. There are several people logged in on the
same machine as user who's making the HTTP request (possible with
terminal server or remote desktop on a Windows machine). What
information does the HTTP server have to tell which user made the
request? The IP address alone is NOT enough, and there's more than
one user logged in on that machine.

>workstation sends the sid back as a response. then you have to check the
>sid in Active Directory (or other LDAP server ) and youre done. this is
>that simple. no need to deny
>
>
>> HTTP security prohibits the
>> server from knowing such information - which is a good thing.
>
>That's exactly the reason to use NTLM authentication not HTTP
>authentication.
>
>
>
>z.

[Back to original message]