Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

.NET ServerVariables("AUTH_USER") and a non ASP page

Tags:

javascript

.net

node.js

I'm going to be running a node.js server in a Windows environment (via Cygwin) on an internal network that needs access to the Windows login information of the client. The best method I've come up with is to have an iFrame with an ASP page that just does

Response.Write(Request.ServerVariables("AUTH_USER"))

Then, get the contents of the iFrame on load and store it in Javascript. It should contain something like "MANAGER/HisLogin", and I can store that variable. I could possibly sha1/salt it for security purposes.

Couple questions:

  1. Are there any inherent security risks in doing something like this? IIS and Node.js will be running on the same server, but different ports. If required I could make IIS listen to localhost only.

  2. Is there a better route rather than having the iFrame contents picked up by Javascript and relied upon? I realize the client can change the contents of the iFrame and the Javascript variable, but the contents are only read once and I could create a self-destructing function in a Javascript closure that is called upon iFrame load, something like:

Example:

var login = function() {
    var loginInfo = null;
    return {
        init: function(theLogin) {
            loginInfo = theLogin;
            this.init() = function() {};
        },
        getLogin: function() {
            return loginInfo;
        }
    };
}();

This is the header node.js is reporting

headers: {
    host: '/*Removed*/',
    connection: 'keep-alive',
    accept: 'application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
    'user-agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7',
    'accept-encoding': 'gzip,deflate,sdch',
    'accept-language': 'en-US,en;q=0.8',
    'accept-charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3',
    cookie: 'socketio=websocket'
},

Edit 2

Another alternative that I thought of was to post the results from the iFrame loading the page instead of Response.Write. I'd have to find a way to correlate the message to eachother.

like image 870
A Wizard Did It Avatar asked Nov 20 '25 06:11

A Wizard Did It

1 Answers

As long as you working in a company intranet or internal network and security on the browser allows it. This may work using JavaScript

var wshshell=new ActiveXObject("wscript.shell"); 
var username=wshshell.ExpandEnvironmentStrings("%username%");
like image 116
John Hartsock Avatar answered Nov 21 '25 19:11

John Hartsock
Sign in to Comment

Related questions

recharts scatterplot, set colour for specific value?
Import 3rd party JS lib into Angular 12 Library
Having javascript act on only one item in a list
JSZip Read Zip File and Execute from an Existing Zip File
AngularJS ng-repeat grid of two divs per row
Node.js weird encoding on response?
How I can use a CustomMarker with MarkerClustererPlus?
Can I add to the format pulldown in tinyMCE within wordpress
Determine if Silverlight CAN be installed

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!