Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: Browser login with Windows domain login
From: m.delibero () comcast net
Date: Thu, 08 Apr 2004 15:27:59 +0000

Hello,

  Search on ADSI it is an object which ties in with AD, then use the server variable LOGON_USER (I believe that is what 
it is) or something similar.  

  HTH.

  -Mike
Hi

I needed some pointers/links/tips from you folks on a problem. 

I have a web-based application. Is it possible to sign in a user into
the browser based application transparently based on the windows NT
domain login. By this I mean that when the user opens the browser and
types in the URL, the client machine should automatically send the user
credentials to the application. FYI, the windows domain login is
authenticated against Microsoft Active Directory.

If this is possible, can anyone point me to some sites/tutorials? I have
googled but have not come up with anything useful, hence this mail.

Are there any known vulnerabilites with this kind of approach for web
based logins?

Any help would be appreciated.

Thanks
Steve


MASTEK
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCO

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not that of 
Mastek Limited, unless specifically indicated to that effect. Mastek Limited 
does not accept any responsibility or liability for it. This e-mail and 
attachments (if any) transmitted with it are confidential and/or privileged and 
solely for the use of the intended person or entity to which it is addressed. 
Any review, re-transmission, dissemination or other use of or taking of any 
action in reliance upon this information by persons or entities other than the 
intended recipient is prohibited. This e-mail and its attachments have been 
scanned for the presence of computer viruses. It is the responsibility of the 
recipient to run the virus check on e-mails and attachments before opening them. 
If you have received this e-mail in error, kindly delete this e-mail from all 
computers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]