In IIS -> Directory Security -> Authentication Methods, I set the "Digest Auth. for windows domain servers" checkbox so that users can log on by domain username/passwords.
When user wants to enter the site windows login panel appears, after entering the domain username/password user can login.
But I could not found a way to get the username in my jsp/servlet. Is it possible? how?
You can NOT have a Windows (or any other) login screen appear on a client by issueing any command from a server in a web application. If you could I could also create a web application that shuts down your computer or formats its harddisk.
sorry. I did not explain correctly. The login panel is not for windows login but web login.??? When you fallow the steps mentioned in the question in IIS it asks for username/password and If I enter a domain username/password web page opens.
As far as I'm aware, that particular authentication mechanism stores hashed credentials for an authenticated user in Active Directory (or possibly against the Domain Controller, can't remember which). So the only place you can get them is from AD, except of course they will be hashed so no use to you. You can get the username if you use basic authentication (but of course, the password is send in clear text), or you could use NTLM. The vagueries of how to do that are dotted about the Security forum.
It is possible with HTTP Basic Authentication. You need to declare the protected resources in web.xml file and specify the Basic Authentication. When a user tries to access the protected resources, the browser will prompt for the username/password. You can authenticate the user using the specified relam.
I hope it gives the answer to your question.
Anil Sadineni.
Today you are you, that is turer than true. There is no one alive who is youer than you! - Seuss. Tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss