I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).

for instance.
Jim logs into his workstation with the username "JimSmith"

I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)

the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.

Is this possible with Javascript? or HTML, or VBScript?
thanx for any replies :)
pht
http://jmcivor.com
phet@shaw.ca

: I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
:
: for instance.
: Jim logs into his workstation with the username "JimSmith"
:
: I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
:
: the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
:
: Is this possible with Javascript? or HTML, or VBScript?
: thanx for any replies :)
: pht
: http://jmcivor.com
: phet@shaw.ca
:
I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.

: : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
: :
: : for instance.
: : Jim logs into his workstation with the username "JimSmith"
: :
: : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
: :
: : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
: :
: : Is this possible with Javascript? or HTML, or VBScript?
: : thanx for any replies :)
: : pht
: : http://jmcivor.com
: : phet@shaw.ca
: :
: I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
:
there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
pht
http://jmcivor.com
phet@shaw.ca

: : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
: : :
: : : for instance.
: : : Jim logs into his workstation with the username "JimSmith"
: : :
: : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
: : :
: : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
: : :
: : : Is this possible with Javascript? or HTML, or VBScript?
: : : thanx for any replies :)
: : : pht
: : : http://jmcivor.com
: : : phet@shaw.ca
: : :
: : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
: :
: there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
: pht
: http://jmcivor.com
: phet@shaw.ca
:
:
It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm

: : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
: : : :
: : : : for instance.
: : : : Jim logs into his workstation with the username "JimSmith"
: : : :
: : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
: : : :
: : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
: : : :
: : : : Is this possible with Javascript? or HTML, or VBScript?
: : : : thanx for any replies :)
: : : : pht
: : : : http://jmcivor.com
: : : : phet@shaw.ca
: : : :
: : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
: : :
: : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
: : pht
: : http://jmcivor.com
: : phet@shaw.ca
: :
: :
: It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
:
thanx but this needs to be dynamic, no username entry forced onto the user. sorry for being stubborn :)
pht
http://jmcivor.com
phet@shaw.ca

: : : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
: : : : :
: : : : : for instance.
: : : : : Jim logs into his workstation with the username "JimSmith"
: : : : :
: : : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
: : : : :
: : : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
: : : : :
: : : : : Is this possible with Javascript? or HTML, or VBScript?
: : : : : thanx for any replies :)
: : : : : pht
: : : : : http://jmcivor.com
: : : : : phet@shaw.ca
: : : : :
: : : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
: : : :
: : : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
: : : pht
: : : http://jmcivor.com
: : : phet@shaw.ca
: : :
: : :
: : It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
: :
: thanx but this needs to be dynamic, no username entry forced onto the user. sorry for being stubborn :)
: pht
: http://jmcivor.com
: phet@shaw.ca
:
:
The I see only 1 solution, which is illegal: hack into the client and get the username. This is impossible using any of the script- or mark-up languages.

: : : : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
: : : : : :
: : : : : : for instance.
: : : : : : Jim logs into his workstation with the username "JimSmith"
: : : : : :
: : : : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
: : : : : :
: : : : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
: : : : : :
: : : : : : Is this possible with Javascript? or HTML, or VBScript?
: : : : : : thanx for any replies :)
: : : : : : pht
: : : : : : http://jmcivor.com
: : : : : : phet@shaw.ca
: : : : : :
: : : : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
: : : : :
: : : : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
: : : : pht
: : : : http://jmcivor.com
: : : : phet@shaw.ca
: : : :
: : : :
: : : It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
: : :
: : thanx but this needs to be dynamic, no username entry forced onto the user. sorry for being stubborn :)
: : pht
: : http://jmcivor.com
: : phet@shaw.ca
: :
: :
: The I see only 1 solution, which is illegal: hack into the client and get the username. This is impossible using any of the script- or mark-up languages.
:

are you sure? I thought the login name was just an easy piece of data that we could retrieve, like the ip address, screen resolution, etc.
pht
http://jmcivor.com
phet@shaw.ca

: : : : : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
: : : : : : :
: : : : : : : for instance.
: : : : : : : Jim logs into his workstation with the username "JimSmith"
: : : : : : :
: : : : : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
: : : : : : :
: : : : : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
: : : : : : :
: : : : : : : Is this possible with Javascript? or HTML, or VBScript?
: : : : : : : thanx for any replies :)
: : : : : : : pht
: : : : : : : http://jmcivor.com
: : : : : : : phet@shaw.ca
: : : : : : :
: : : : : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
: : : : : :
: : : : : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
: : : : : pht
: : : : : http://jmcivor.com
: : : : : phet@shaw.ca
: : : : :
: : : : :
: : : : It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
: : : :
: : : thanx but this needs to be dynamic, no username entry forced onto the user. sorry for being stubborn :)
: : : pht
: : : http://jmcivor.com
: : : phet@shaw.ca
: : :
: : :
: : The I see only 1 solution, which is illegal: hack into the client and get the username. This is impossible using any of the script- or mark-up languages.
: :
:
: are you sure? I thought the login name was just an easy piece of data that we could retrieve, like the ip address, screen resolution, etc.
: pht
: http://jmcivor.com
: phet@shaw.ca
:
:
I'm sure. The things you mention are (IP-address) or can be (resolution) necessary to display the page correctly. The username is not necessary for the correct display of HTML code and is also protected by the privacy rules. It would be similar thing, if you were in a store and needed to show your ID to buy a bread.

Hacking would be a dumb solution, IMO. First you need to find an exploit that everybody's got, then you've got to hope it doesn't get plugged once you've made the script. Besides, it needs a server-side language, which should be able to find out anyway.

I'm no expert on intranets (okay, I know almost nothing about them), but there are some environment variables that might give you the data you need, depending on the server. I think the more likely one to work is REMOTE_IDENT, if the server is configured to find it, but REMOTE_USER may be the one you want, or they might both work. I was looking in a Perl book for these, so they might be vaguely different (such and remoteIdent and remoteUser) in other languages. And remember that I only vaguely know what I'm talking about here.