0

I am working on a very old web application(only for intranet usage). In the code, the developer is obtaining the logged in account via this

var wshNetwork = new ActiveXObject("WScript.Network"); document.getElementById('userId').value = wshNetwork.UserName;

This works only in IE. How can I get the logged in account in Firefox/chrome?

I have looked in to other thread (ex: Finding the currently logged in user from a Firefox extension) but that's only for extension.

Are there any other ways to get the domain logged in username in Firefox/Chrome?

Community
  • 1
  • 1
KK99
  • 1,971
  • 7
  • 31
  • 64
  • Can you do some server-side coding as well; or is this limited to client (html, javascript) ? – Ondrej Svejdar Jun 24 '13 at 08:15
  • server side is possible I presume but that means lots of code change has to happen. Since this a legacy application, it is tough to modify :( – KK99 Jun 24 '13 at 08:23

2 Answers2

2

No, this is severely security-sensitive information - the main attack vector for compromising your computer. In IE it also only works for trusted websites such as localhost, or with special configuration for the local network - never on internet without additional configuration. Sandboxed JS will never be able to access this information - extensions are considered elevated.

Niels Keurentjes
  • 41,402
  • 9
  • 98
  • 136
0

This is something that I would do on server side. Providing you're using IIS, I would set the page to be using only Windows Authentication, read the current user on server side, and send it back to client via hidden field or javascript variable.

Ondrej Svejdar
  • 21,349
  • 5
  • 54
  • 89
  • These are JSP based running on Webshpere – KK99 Jun 24 '13 at 08:24
  • 1
    Sorry - I'm no expert in JSP, but according to google, it is possible even there - you can set sso-kerberos authentication, and read user like this - http://stackoverflow.com/questions/16167646/get-windows-username-using-java-or-jsp . This approach is browser-independent (read: supported by all major browsers). – Ondrej Svejdar Jun 24 '13 at 08:31