Home > IT Answers > Microsoft Windows > Can I call upon the username of someone logge...
Help

Question

  Asked: Aug 24 2006   2:01 PM GMT
  Asked by: Linger1974

Can I call upon the username of someone logged into the pc, and use it in a web link?


Microsoft Internet Information Server, Microsoft Office, Web security, access control, Browsers, SSL/TLS, filtering, Servers, ASP, ASP.NET, Web, Web development tools, Web site design & management

Hi all,

Basically, I've got a webpage I'm working on, and I'd like to be able to provide a link in that page, that will take a user into their home folder on the network.

Since it'll be different for each user, but it uses their username as their home folder, I'm thinking there must be a way, to create a link (\ServerUsername) and simply call for the username from the active Windows session, right?

Anyone done this?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Feb 22 2008  1:42 AM GMT  by Jlees


Latest Contributors: MrSamm


You can get the username from Request.ServerVariables("AUTH_USER"), however, this only works if the page is not allowed anonymous access-- other wise you will always get IUSR_[Computername] or IWAM_[Computername] depending on how you've configured the IIS application.

This is, however, the only way to get the username from a serverside only page.

You could use a clientside script to pull the envirinment variable %username% into a hidden field and post it back to the server in a form to do this-- or optionally you might be able to simply build the link to thier home directory as a link on the page with the same script and a little DHTML.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Microsoft Windows, Security and DataCenter.

Looking for relevant Microsoft Windows Whitepapers? Visit the SearchWinIT.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

ciro711  |   Aug 25 2006  6:51PM GMT

Try this servername%username%

 

mortree  |   Aug 27 2006  7:03PM GMT

Yes as MrSamm said, you can do that serverside from the authorized logon name if you use individual NT authentication for access to the webserver. That can be pretty transparent to the end user if set up correctly. Without user by user NT authorization the logon name won’t be matched to the domain user viewing the site (most likely the anonymous service account for that site to everyone).

What you originally asked about doing things client side can also be done — but shouldn’t. By default IE and other web browsers are configured to avoid allowing such things so that websites can’t perform malicious acts. So invoking %username% clientside is actually a marked lowering of security. It has been a while so I am not sure it is easy to do that just for a given Intranet website as oppsed to having more global effects on all websites. You’d need to research that. However you should still avoid that if the Intranet server also serves external Internet uses as many multipurpose webserver do. It is possible that an external breach could leapfrog to a breach of internal users even though the websites were originally sepearately configured.

 

mortree  |   Aug 27 2006  7:21PM GMT

Yes as MrSamm said, you can do that serverside from the authorized logon name if you use individual NT authentication for access to the webserver. That can be pretty transparent to the end user if set up correctly. Without user by user NT authorization the logon name won’t be matched to the domain user viewing the site (most likely the anonymous service account for that site to everyone).

What you originally asked about doing things client side can also be done — but shouldn’t. By default IE and other web browsers are configured to avoid allowing such things so that websites can’t perform malicious acts. So invoking %username% clientside is actually a marked lowering of security. It has been a while so I am not sure it is easy to do that just for a given Intranet website as oppsed to having more global effects on all websites. You’d need to research that. However you should still avoid that if the Intranet server also serves external Internet uses as many multipurpose webserver do. It is possible that an external breach could leapfrog to a breach of internal users even though the websites were originally sepearately configured.

 

cwillott  |   Aug 28 2006  12:44PM GMT

One more approach would be the use of environment variables. Each user at our company has a set of environment variables set up on their PC during bootup. One of the environment variables is $HOME which refers to a folder on a server that is specific to their username.

 

Buddyfarr  |   Feb 22 2008  2:37AM GMT

cwillit -

can you tell me how you setup that $HOME environment variable? is it assigned in the login script or part of a group policy?