Can I call upon the username of someone logged into the pc, and use it in a web link?

Access control
Microsoft Office
Web development
Web security
Web site design & management
Hi all, Basically, I've got a webpage I'm working on, and I'd like to be able to provide a link in that page, that will take a user into their home folder on the network. Since it'll be different for each user, but it uses their username as their home folder, I'm thinking there must be a way, to create a link (ServerUsername) and simply call for the username from the active Windows session, right? Anyone done this?

Answer Wiki

Thanks. We'll let you know when a new response is added.

You can get the username from Request.ServerVariables(“AUTH_USER”), however, this only works if the page is not allowed anonymous access– other wise you will always get IUSR_[Computername] or IWAM_[Computername] depending on how you’ve configured the IIS application.

This is, however, the only way to get the username from a serverside only page.

You could use a clientside script to pull the envirinment variable %username% into a hidden field and post it back to the server in a form to do this– or optionally you might be able to simply build the link to thier home directory as a link on the page with the same script and a little DHTML.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Ciro711
    Try this servername%username%
    0 pointsBadges:
  • Mortree
    Yes as MrSamm said, you can do that serverside from the authorized logon name if you use individual NT authentication for access to the webserver. That can be pretty transparent to the end user if set up correctly. Without user by user NT authorization the logon name won't be matched to the domain user viewing the site (most likely the anonymous service account for that site to everyone). What you originally asked about doing things client side can also be done -- but shouldn't. By default IE and other web browsers are configured to avoid allowing such things so that websites can't perform malicious acts. So invoking %username% clientside is actually a marked lowering of security. It has been a while so I am not sure it is easy to do that just for a given Intranet website as oppsed to having more global effects on all websites. You'd need to research that. However you should still avoid that if the Intranet server also serves external Internet uses as many multipurpose webserver do. It is possible that an external breach could leapfrog to a breach of internal users even though the websites were originally sepearately configured.
    0 pointsBadges:
  • Cwillott
    One more approach would be the use of environment variables. Each user at our company has a set of environment variables set up on their PC during bootup. One of the environment variables is $HOME which refers to a folder on a server that is specific to their username.
    0 pointsBadges:
  • Buddyfarr
    cwillit - can you tell me how you setup that $HOME environment variable? is it assigned in the login script or part of a group policy?
    6,850 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: