Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: get network user name

RE: get network user name

From: Auri Rahimzadeh <auri_at_auri.net>
Date: Thu, 9 Mar 2006 21:42:57 -0500

Yeah, with ASP.NET it's easy. Of course, if you're using another language
you can query the HTTP headers for username, if it's passed (I recall IE
passes it, but it *can be spoofed very easily that way*). You want to use
Windows authentication and NTLM or similar authentication to guarantee the
username (which you can set up in IIS).

Best,

Auri Rahimzadeh
Author, Hacking the PSP
www.hackingpsp.com

-----Original Message-----
From: Josh [mailto:its.josh_at_verizon.net]
Sent: Thursday, March 09, 2006 8:01 PM
To: John Bond
Cc: webappsec_at_securityfocus.com
Subject: Re: get network user name

What language are you using and what type of server are you running?
I've built a few apps that do what you are looking for with .NET and IIS.

John Bond wrote:
> I am trying to write an intranet program which will get the
> network/domain login name of a user visiting my site. As this site is
> going to be an intranet site it can be said their is a high level of
> trust betwwen the user and the application. The application will need
> to run with multible browsers and (i hope) be able to query the
> username from multible OS's.
>
> Does anyone have any ideas on the best way to implment this and the
> possible secutity considerations which should be considered.
>
> Thanks for your help
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Watchfire's AppScan is the industry's first and leading web application
> security testing suite, and the only solution to provide comprehensive
> remediation tasks at every level of the application. See for yourself.
> Download AppScan 6.0 today.
>
> https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1
> --------------------------------------------------------------------------
>
>
>
>

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1
--------------------------------------------------------------------------

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1
--------------------------------------------------------------------------
Received on Mar 09 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]