Does anyone know how I can retreive a users domain username and password from a Windows 2003 server using classic ASP? I have an Intranet and don't want my users to have to log into the Intranet using a different username and password, I want them to just be able to log into their windows account and thats it. Does anyone know if this is possible? I'm using DW2004, Windows XP, Windows 2003 server, APS VB, IIS5.

Thanks,
J

try using the request.servervariables command, you will find a username field that you can retrieve.

Regards
Vince

Visit my home: www.chez-vince.com

VBScript | ASP | HTML | SQL | Oracle | Hosting

Thanks Bakerv!

I figured out how to retrieve the usernames, but now how to I pass that along to a login?

Thanks again for your help.
J

can you post how you have got the values, then I can explain how to use them as a login method

Regards
Vince

Visit my home: www.chez-vince.com

VBScript | ASP | HTML | SQL | Oracle | Hosting

I hate to butt in, but (assuming this is an intranet setting) wouldn't their domain login be enough? Open the intranet site to anybody, because only those who successfully logged in could access it.

On the otherhand, if you are trying to obtain a remote login (the NT authentication from some other server) I do not think that is possible. It would be a huge security hole.

Anyway I use this (all the time) to get the users NT authentication:

Dim arrSomething, strNTUser
arrSomething = split(Request.ServerVariables("LOGON_USER","\"
strNTUser = arrSomething(1)

strNTUser will return their username

good comments wdglide; but i have done a lot of work on intranets and for some reason, managers always want far more security than is needed!....

it is also helpful to have a username to personalise pages and data for that user, and for that you need something to identify the user

Regards
Vince

Visit my home: www.chez-vince.com

VBScript | ASP | HTML | SQL | Oracle | Hosting

Then wouldn't a simple table containing all users work? just pull the login and compare it to that table...

I manage aNT intranet that works precisely this way.

Edited by - wdglide on 30 Apr 2004 03:42:48

thqt was my choice, i didnt want to make things complicated....

great minds.......

Regards
Vince

Visit my home: www.chez-vince.com

VBScript | ASP | HTML | SQL | Oracle | Hosting

Here is the code I used to access a users domain username. (It returns a value or firstname.lastname)
<%@ LANGUAGE = VBScript %>
<% Option Explicit %>

<%
'Force Authentication if the LOGON_USER Server Variable is blank
'by sending the Response.Status of 401 Access Denied.

'Finish the Page by issuing a Response.End so that a user
'cannot cancel through the dialog box.

If Request.ServerVariables("LOGON_USER" = "" Then
Response.Status = "401 Access Denied"
Response.End
End If
%>

<HTML>
<HEAD>
<TITLE>Login Screens</TITLE>
</HEAD>

<BODY BGCOLOR="White" TOPMARGIN="10" LEFTMARGIN="10">


<!-- Display header. -->

<FONT SIZE="4" FACE="ARIAL, HELVETICA">
<B>Login Screens</B></FONT><BR>

<HR SIZE="1" COLOR="#000000">


<!-- Display LOGON_USER Server variable. -->

You logged in as user:<B> <%= Request.ServerVariables("LOGON_USER" %></B>


<!-- Display AUTH_TYPE Server variable. -->

<P>You were authenticated using:<B> <%= Request.ServerVariables("AUTH_TYPE" %></B> authentication.</P>

</BODY>
</HTML>

Can you show me how to pass the value on in a form?

J

You could put the value in a hidden form field to send on like the following:

<form name="form1" method="post" action="">
<input name="hiddenUserName" type="hidden" id="hiddenUserName" value="<%= Request.ServerVariables("LOGON_USER" %>">
</form>

just add
<%= Request.ServerVariables("LOGON_USER" %> to the value part of a form field.


Regards
Vince

Visit my home: www.chez-vince.com

VBScript | ASP | HTML | SQL | Oracle | Hosting

I followed the steps above and I am getting an empty logon user id as the result. I am using ASP. any suggestion? thanks