How to get the username, without login prompt?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am posting this for the lack of a better newsgroup, and for the
knowledge of people here, and because its only partially OT.

We have a bunch of users with their computers at work. There are
reports that the users need, which could be in html, php, asp, jsp,

Now I am trying to eliminate the login window entirely. In an html
request, the client (firefox, ie, etc) sends the clients hostname, IP,
a bunch of other stuff, but never the username. If the server-side
scripts could know which user is logged in, it could display only the
reports that user has access to. Ideally the process should work
across browsers... else I could compile firefox to send the username
in the header somewhere...

So I ask all the skilled developers here, this intriguing question.
How do you pass the username to the server without the login prompt???

(1) A fixed cookie
(2) ActiveX somehow.
(3) An applet is loaded that somehow gets the username, and the page
redirects in 1 sec, sending the username to the server.
(4) Firefox compiled to somewhere in the header include the username
(5) An initial page that runs an applet or something, that puts the
username into a cookie, and the page redirects in 1 sec, sending the

Is there any programming language, api, COM (Activex? applets?) or
other method to do this cleanly??

will it work if I exclusively use IIS and IE instead of firefox and

Re: How to get the username, without login prompt?

Ghazan Haider wrote:
Quoted text here. Click to load it
Quoted text here. Click to load it

If you use IIS and IE, there is a setting in IIS... under "Directory
Security"... to disable Anonymous access and turn on "Integrated
Windows Authentication".

When this is enabled, IIS will talk to IE using a proprietary
challenge-response protocol to determine the username without the user
having to type it in.  Within PHP then, $_SERVER["AUTH_TYPE"] will say
"Negotiate" and the username will appear in $_SERVER["AUTH_USER"],
$_SERVER["LOGON_USER"] and $_SERVER["REMOTE_USER"].  I'm not sure what
the difference between the three are.

As per:
Firefox can also be setup to do transparent NTLM authentication, by
twiddling a config setting.

I've also set something up before within a LAN to do transparent
username identification to Apache ( similar to your ideas 2 & 3 ), but
the browser must be IE, and you need to be able to control the IE
security settings to allow the scripting of ActiveX Controls.  Also
note that while this allows you to get the username transparently, it
offers basically NO security.  A mildly tech-saavy user could certainly
spoof their username.

// Set wshShell
function GetTheId() {
  var wshShell = new ActiveXObject("WScript.Shell");

  // Pull Environment variables for domain\user
  domain = wshShell.ExpandEnvironmentStrings("%USERDOMAIN%");
  userName = wshShell.ExpandEnvironmentStrings("%USERNAME%");

  document.all.item('username').value = userName;
  document.all.item('domain').value = domain;
<body onLoad="GetTheId();">

<form name="GetUserId" method="post" action="/login/refreshpage.php">
<input type="hidden" name="username" value="">
<input type="hidden" name="domaind" value="">
<input type="hidden" name="action" value="<?=$action;?>">
Gathering your User Info.<br>Please wait.<br><br>
If it fails to continue, please click <a
href="/login/manuallogin.php">here</a> to login.<br>

Re: How to get the username, without login prompt?

Thanks Ramius, that helped lots.

I think I'll just go with IIS, since we've been trying to push out
firefox for everyone. I dont really care about high levels of
security, just identifying the users, so this will work for me, with a
little config change of firefox.

Re: How to get the username, without login prompt?

Ghazan Haider wrote:
Quoted text here. Click to load it

Quick couple of questions before I ponder.

1) Is this an internal network (192.168) style
2) Straight in access from any IP connection ie visible from the web or
intranet ?
3) Roaming logins in that a user a may login from any machine or is user
fixed to one specific machine and hence a fixed internal IP ?

Re: How to get the username, without login prompt?

Quoted text here. Click to load it

Yes... it shouldnt matter though. Would like the flexibility of the
Internet too.

Quoted text here. Click to load it

Currently yes, but if we go Internet, it'll probably pass through an
openbsd firewall. Once again, currently I'll take anything.

Quoted text here. Click to load it

A user may login from any machine.

I thought of cookies on each machine or authenticating by IP. Bad
idea, we have DHCP and IPs have gotten shuffled around (maybe
hostnames, but those change too). I thought of login batch files that
create the cookies, which contain usernames. That gets pretty close.
Anything along the lines of COM or ActiveX should be cleaner, if they
can scoop up usernames from the client to put into a query, link or
form. Not having to touch each machine would be one step forward,
browser independence would be another.

All machines however are win32. The win32 API couldnt work since they
interface with the server's DLLs, I'm at pains to wonder how they
could touch a client's DLLs or windows outside of COM, .NET or

Any ideas how to get the username without touching each machine, or
without login scripts or recompiling firefox?

Re: How to get the username, without login prompt?

NSpam wrote:
Quoted text here. Click to load it

Oh and by are client machines running Windows or Linux. If Windows and
we are talking PHP based web pages it should be possible to get the
windows user id/password via the PHP win32 api. Can't speak for Perl. I
don't know if this would answer as you may have different login
requirements for different reporting engines.

Re: How to get the username, without login prompt?

(Ghazan Haider) wrote:
Quoted text here. Click to load it

Anyone trying to do this with apache might have a look at:

It should get you the username in an open standard sort of way. I wouldn't
rely on it for high security, but it is an open standard, simple approach
for obtaining just the username. Has the advantage of being cross platform,
disadvantage is that it is possible, nearly trivial, to forge identd.

For higher security, you might try: looks promising (I've heard
of high security applications using it, though I personally haven't, too much
overhead for any of my projects thus far) Using client certificates was said to
be the most secure authentication available.  Also the most overhead, seems to
me it would be tied to the browser, not the person.

Yea, I know.. SSL is usually thought of as a way to send data securely, not
authentication.. I've been told it can do both, so I keep it in my category of
possibly/maybe solutions to problems encountered possibly/maybe some day.

--                     Custom web programming
guhzo_42@lnubb.pbz (rot13)                User Management Solutions

Re: How to get the username, without login prompt?

They both look promising... I couldnt find an indentd service/daemon
in my XP client. Might still work since ident is standard.

I'm not looking for high security at all, just default identification
of windows domain usernames, from default windows2000/xp
installations. I've several options here now, you added two. Will
investigate further...

Re: How to get the username, without login prompt?

Hi Ramius

I have a similiar problem: I need to know the local IP / MAC adress of

the client from which the user logs on, as the configuration of some

applications is dependent on the HW configuration (peripherals). the

usual remote_addr thing does not work, as client in intranet or

internet (remote from home), webserver from where the application

runs is internet (1 client W98, all other XP, all IE).

In a lot of js forums  / docs I found statements that I can get ip /

mac with js / activex, but no reasonable info on how to. (what

happens on a notebook with LAN/WLAN nic?)

can you help?


trombone -php- web design

Re: How to get the username, without login prompt?

trombone wrote:
Quoted text here. Click to load it


You can't get my local IP address with PHP - PHP is service side, and my
system is behind a firewall (using NAT). Nothing on the Internet side of
the firewall knows my system's address; all they know is the firewall's.

Additionally, you know nothing about what's connected to my machine -
that would be a very severe security violation.  For instance, can you
imagine if any website you visited could find out what was connected to
your local machine?

Since these are all IE/Windows, you might be able to do something with
ActiveX controls - get the info you need with the control and send it
into your web page.  The same might be true with Javascript.  It all
depends on the exact details you need (and the security settings on the
user's system).

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: How to get the username, without login prompt?

Quoted text here. Click to load it

You can't know the MAC address unless the client is on the same
wire as the server.  Otherwise what you get is the MAC address of
your router.

You can know the public IP address of the client as $_SERVER['REMOTE_ADDR']
but this may be the public IP address of a proxy, NAT gateway, etc.
and it's not guaranteed that this address will stay the same between
one web request and the next (e.g. load-balanced proxies).

Also, do you realize how many machines out there have the local IP
address of ?

Quoted text here. Click to load it

What possible connection does either the MAC address or IP address
have to hardware configuration?  Are you trying to collect an
inventory list of the location of hardware so you can steal it to
order or sell it to someone who does?

Quoted text here. Click to load it

PHP runs on the SERVER, not the client.  And it's exactly this sort
of crap with Javascript that makes people want to turn it off.

                    Gordon L. Burditt

Re: How to get the username, without login prompt?

Following on from Ghazan Haider's message. . .
Quoted text here. Click to load it

I don't know, but would have thought that a multi-user PC would have
multiple 'profiles' for things like cookies, browser history etc.  If
not IE then it is a feature I'd expect in /some/ browser.

PETER FOX Not the same since the bra business went bust
2 Tees Close, Witham, Essex.
Gravity beer in Essex  <

Site Timeline