Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Browser login with Windows domain login

Re: Browser login with Windows domain login

From: <m.delibero_at_comcast.net>
Date: Thu, 08 Apr 2004 15:27:59 +0000

Hello,

  Search on ADSI it is an object which ties in with AD, then use the server variable LOGON_USER (I believe that is what it is) or something similar.

  HTH.

  -Mike
> Hi
>
> I needed some pointers/links/tips from you folks on a problem.
>
> I have a web-based application. Is it possible to sign in a user into
> the browser based application transparently based on the windows NT
> domain login. By this I mean that when the user opens the browser and
> types in the URL, the client machine should automatically send the user
> credentials to the application. FYI, the windows domain login is
> authenticated against Microsoft Active Directory.
>
> If this is possible, can anyone point me to some sites/tutorials? I have
> googled but have not come up with anything useful, hence this mail.
>
> Are there any known vulnerabilites with this kind of approach for web
> based logins?
>
> Any help would be appreciated.
>
> Thanks
> Steve
>
>
> MASTEK
> "Making a valuable difference"
> Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
> In the US, we're called MAJESCO
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Opinions expressed in this e-mail are those of the individual and not that of
> Mastek Limited, unless specifically indicated to that effect. Mastek Limited
> does not accept any responsibility or liability for it. This e-mail and
> attachments (if any) transmitted with it are confidential and/or privileged and
> solely for the use of the intended person or entity to which it is addressed.
> Any review, re-transmission, dissemination or other use of or taking of any
> action in reliance upon this information by persons or entities other than the
> intended recipient is prohibited. This e-mail and its attachments have been
> scanned for the presence of computer viruses. It is the responsibility of the
> recipient to run the virus check on e-mails and attachments before opening them.
> If you have received this e-mail in error, kindly delete this e-mail from all
> computers.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
Received on Apr 08 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]