Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Browser login with Windows domain login

RE: Browser login with Windows domain login

From: David Carroll <carroll_6106_at_msn.com>
Date: Fri, 09 Apr 2004 00:04:47 +0000

Sure is. Look up SPNEGO and you'll see that IIS is already enabled and that
there are modules for Apache.

http://www.wedgetail.com/technology/spnego.html

Is a good overview.

David Carroll

>From: <stevenr_at_mastek.com>
>To: <webappsec_at_securityfocus.com>
>Subject: Browser login with Windows domain login
>Date: Thu, 8 Apr 2004 18:51:38 +0530
>
>Hi
>
>I needed some pointers/links/tips from you folks on a problem.
>
>I have a web-based application. Is it possible to sign in a user into
>the browser based application transparently based on the windows NT
>domain login. By this I mean that when the user opens the browser and
>types in the URL, the client machine should automatically send the user
>credentials to the application. FYI, the windows domain login is
>authenticated against Microsoft Active Directory.
>
>If this is possible, can anyone point me to some sites/tutorials? I have
>googled but have not come up with anything useful, hence this mail.
>
>Are there any known vulnerabilites with this kind of approach for web
>based logins?
>
>Any help would be appreciated.
>
>Thanks
>Steve
>
>
>MASTEK
>"Making a valuable difference"
>Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
>In the US, we're called MAJESCO
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Opinions expressed in this e-mail are those of the individual and not that
>of Mastek Limited, unless specifically indicated to that effect. Mastek
>Limited does not accept any responsibility or liability for it. This e-mail
>and attachments (if any) transmitted with it are confidential and/or
>privileged and solely for the use of the intended person or entity to which
>it is addressed. Any review, re-transmission, dissemination or other use of
>or taking of any action in reliance upon this information by persons or
>entities other than the intended recipient is prohibited. This e-mail and
>its attachments have been scanned for the presence of computer viruses. It
>is the responsibility of the recipient to run the virus check on e-mails
>and attachments before opening them. If you have received this e-mail in
>error, kindly delete this e-mail from all computers.
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>

_________________________________________________________________
Limited-time offer: Fast, reliable MSN 9 Dial-up Internet access FREE for 2
months!
http://join.msn.com/?page=dept/dialup&pgmarket=en-us&ST=1/go/onm00200361ave/direct/01/
Received on Apr 09 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]