Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pickup on current logged in user #10

Closed
Arcath opened this issue Jul 29, 2011 · 5 comments
Closed

Pickup on current logged in user #10

Arcath opened this issue Jul 29, 2011 · 5 comments
Assignees
@Arcath
Labels
Idea
Milestone
2.0.1

Comments

@Arcath
Copy link
Owner

Arcath commented Jul 29, 2011

As bought up on reddit by mikefh.

When pitching a Rails solution for intranet projects, I've regularly hit the same hurtles... some person always pitches SharePoint because of the ability to "pickup on the user currently logged into the Windows PC." I was hoping that Adauth could assist this exact point.

I'm not really sure how this could work but its worth looking to see if there is someway Adauth can be used to provide this functionality.

My current line of thinking is that share point must use some kind of javascript or activex object to pickup on the user via some kind of token that can't be forged, so if that could be passed to adauth somehow then it maybe possible to find the current user.

I'm not assigning this to 1.1.0 (yet) until I have some idea how to achieve it but any input on this issue would be greatly appreciated.
@crftr
Copy link

crftr commented Jul 29, 2011

...thank you again for considering the concern!

It would appear that IE will allow ActiveX (via JavaScript) to return simple properties concerning the current connected domain, username, and computername.

http://stackoverflow.com/questions/1441209/grab-username-from-ie-to-authenticate-against-ldap
http://msdn.microsoft.com/en-us/library/s6wt333f(v=VS.85).aspx

Getting closer...

@Arcath
Copy link
Owner Author

Arcath commented Jul 30, 2011

Seems like it maybe possible to pickup the current user via a param

http://stackoverflow.com/questions/168610/can-you-get-a-windows-ad-username-in-php

It looks like for this to work adauth is going to require the details of an account capable of doing ldap queries, that way it can see the DOMAIN\User param and then login and query ldap to see if DOMAIN\User exists and is allowed to login.

I will do some testing soon and see how it goes.

@Arcath
Copy link
Owner Author

Arcath commented Aug 31, 2011

See issue #16 for the in-adauth part of this issue

@mattscilipoti
Copy link

Here is some related information: http://www.zorched.net/2007/06/04/active-directory-authentication-for-ruby-on-rails/. Still researching, but it looks like this is the case: when apache is configured correctly and your browser can pass your credentials, then your AD account name is available in the request (request.env["REMOTE_USER"] || request.env['HTTP_REMOTE_USER'] || request.headers['X-Forwarded-User']). IE passes credentials. Firefox can (with some configuration). Others? Unknown.

@ghost ghost assigned Arcath Jan 9, 2012
@Arcath
Copy link
Owner Author

Arcath commented Jun 19, 2013

It does look like it is upto your webserver to request it and not adauth to pick up on it.

The solution as I see it is to setup something similar to the solution in @mattscilipoti's post and then modify the sessions controller to handle the case of that param existing.

I will look at working something out in the future but for now it doesn't seem like its a code/setup change in Adauth that's needed.

@Arcath Arcath closed this as completed Jun 19, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Arcath Arcath

Labels
Idea
Projects
None yet
Milestone
2.0.1
Development

No branches or pull requests
3 participants
@Arcath @mattscilipoti @crftr