Can I call upon the username of someone logged into the pc, and use it in a web link?
Access control, ASP, ASP.NET, Browsers, filtering, Microsoft Internet Information Server, Microsoft Office, Servers, SSL/TLS, Web, Web development tools, Web security, Web site design & management
Hi all,
Basically, I've got a webpage I'm working on, and I'd like to be able to provide a link in that page, that will take a user into their home folder on the network.
Since it'll be different for each user, but it uses their username as their home folder, I'm thinking there must be a way, to create a link (ServerUsername) and simply call for the username from the active Windows session, right?
Anyone done this?
Software/Hardware used:
Software/Hardware used:
ASKED:
August 24, 2006 2:01 PM
UPDATED:
February 22, 2008 2:37 AM
Answer Wiki:
You can get the username from Request.ServerVariables("AUTH_USER"), however, this only works if the page is not allowed anonymous access-- other wise you will always get IUSR_[Computername] or IWAM_[Computername] depending on how you've configured the IIS application.
This is, however, the only way to get the username from a serverside only page.
You could use a clientside script to pull the envirinment variable %username% into a hidden field and post it back to the server in a form to do this-- or optionally you might be able to simply build the link to thier home directory as a link on the page with the same script and a little DHTML.
To see all answers submitted to the Answer Wiki: View Answer History.
Try this servername%username%
Yes as MrSamm said, you can do that serverside from the authorized logon name if you use individual NT authentication for access to the webserver. That can be pretty transparent to the end user if set up correctly. Without user by user NT authorization the logon name won’t be matched to the domain user viewing the site (most likely the anonymous service account for that site to everyone).
What you originally asked about doing things client side can also be done — but shouldn’t. By default IE and other web browsers are configured to avoid allowing such things so that websites can’t perform malicious acts. So invoking %username% clientside is actually a marked lowering of security. It has been a while so I am not sure it is easy to do that just for a given Intranet website as oppsed to having more global effects on all websites. You’d need to research that. However you should still avoid that if the Intranet server also serves external Internet uses as many multipurpose webserver do. It is possible that an external breach could leapfrog to a breach of internal users even though the websites were originally sepearately configured.
One more approach would be the use of environment variables. Each user at our company has a set of environment variables set up on their PC during bootup. One of the environment variables is $HOME which refers to a folder on a server that is specific to their username.
cwillit –
can you tell me how you setup that $HOME environment variable? is it assigned in the login script or part of a group policy?