[thelist] re: Getting Login Name & Password

Ken Schaefer Ken at adOpenStatic.com
Mon May 30 17:56:29 CDT 2005 

What exactly are you talking about? The OP asked to get the user's username
and password that they'd logged into their local (client) PC with. Without
the user's co-operation, this is generally not possible. 

At best, as I pointed out, you can get the user identity that the user
authenticated to the website with, which may, or may not, be the same
credentials they logged into their local PC with. 

Furthermore, even if these two usernames happen to be the same, Active
Directory isn't going to give you the second part of OP's request (the user's
password) unless you've manually configured storage of passwords using
reversible encryption.

Access control, which you mention in the first part of your email, is
something completely separate to what the OP was asking (in a technical
sense, though it may be related to what she's trying to achieve). That's an
authorization issue. At that point, all you need to an appropriate security
token to check against a defined ACL. There's no need for a password, or even
a username at this point as the authentication process is complete.

Cheers
Ken

--
www.adOpenStatic.com/cs/blogs/ken/ 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: thelist-bounces at lists.evolt.org [mailto:thelist-
: bounces at lists.evolt.org] On Behalf Of wayne
: Subject: RE: [thelist] re: Getting Login Name & Password
: 
: 
: Erm, there is... on windows at least, you can use the windows security
: context to manage access on a website, preferably intranets obviously. But
: you can even hook into the users active directory object to find the
: groups
: they are associated with to manage the level of access they have.
: 
: HTH
: 
: W
: 
: 
: 
: 
: -----Original Message-----
: From: thelist-bounces at lists.evolt.org
: [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Shawn K. Quinn
: Sent: 30 May 2005 08:50
: To: thelist at lists.evolt.org
: Subject: Re: [thelist] re: Getting Login Name & Password
: 
: On Thu, 2005-05-26 at 13:55 -0700, j s wrote:
: > Is there a way, on a web page(asp), to pick up the user's login name &
: > password that was used to login into their pc with?
: 
: There isn't, thank God. If there were, unauthorized access and even
: identity theft would be *way* too easy.

More information about the thelist mailing list