Novell Integrated Authentication - Get local machine username on website

1
votes

First off, I know how to and has Integrated Windows Authentication in IIS7. This works great for seeing the Active Directory user logged on the computer.

But, the need is to get the username of a Novell authenticated user. I don't want the password or anything more than the username.

Other restrictions:

  • Can't install anything on the users computers
  • Can install things on the web server
  • Can setup trust between web server and Novell server
  • Its gonna be on a public website with anonymous access, I can tweek to have a section that requires authentication and thus getting the user from there.
  • The website is in C# .Net 2.0
  • If the method can provide also the password, I can use it to fully validate the user with Novell. That part (talking to Novell Server LDAP) has been already done.
  • Must work with IE6 and IE7

(Update) On the Novell website the only info about single-sign on there is shows how to log someone on Novell and in the conclusion tells this:

A way (there are other ways) to save our credentials inside global variables so the user does not have to authenticate for each and every form(single sign-on).

(Update) Also from Novell, they say to have a SSO solution. But, the content dates from 2000, and another one requires to install a plugin on the Novell Server and paying for it 49$ per user. So its not a valid solution.

1
c#.netiisauthenticationnovell
The last item you note for Single Sign On, Access Manager is more for an enterprise, not for your one off web page. It is meant to be a solution for many web apps.geoffc

1 Answers

1
votes

You say that you are unable to install anything on the users' computers, but you may find that there is already an ActiveX control you can use which may have been involved as part of the Novell client on the PC.

I have done this in the past, using the ActiveX control to identify the logged on user, pass that to the webserver, and then load the full user record using LDAP:

I have used one referred to as NWDir1 in the past, using the following syntax (with ColdFusion as the server-side language, but I'm sure you could translate):

   <cfoutput>
    <object classid="CLSID:4F021AE3-9E98-11D0-A808-00C04FDCD94A"id="NWDir1" width=32 height=32></object>
    <script language="VBScript">
    Dim vbuser
    Sub Window_OnLoad()
     On Error Resume next
     vbuser = NWDir1.LoginName
     vbuser = StrReverse(vbuser)
     initInd = InStr(vbuser, Chr(92))
     if initInd <> 0 Then
      vbuser = Left(vbuser, initInd-1) 
      vbuser = StrReverse(vbuser)
     End if
     // REDIRECTION
     document.location.href = "index.cfm?userid=" + vbuser
     Exit sub
    End Sub 
    </script>
    <cfabort> 
   </cfoutput>

This uses vbscript to control the activex client, which provides the novell logged in user. This value (vbuser) is then passed back to index.cfm where it can be processed.

This technique is obviously susceptible to url hacking, but I'm not aware of that happening in the 4+ years we used this technique.

I'm sure I found this on the Novell site originally - try a search for NWDir1 or the classid on that site.

I hope this helps