Adam's Awesome Anecdotes

We’ve had the desire for a while to find the username of the currently logged-in domain user who is requesting a jsp page on our Intranet without the need for IIS / ASP / Integrated Authentication.  Our theory is the user has already logged on to their computer on our network, so we want to find out who that person is (then we can query Active Directory to find group membership info for that user and alter the webpage accordingly).  We would also like this to work cross-browser and optionally over the VPN / Blackberry Enterprise Server.  I think we finally have a viable solution.  Here is how I did it:

1. Get the IP address viewing the JSP page… request.getRemoteAddr();
2. Convert the IP address to the system hostname… via a system call to nbtstat -A <ipAddr> (built into windows, excuted on application server)
3. Find all logged-in users on a host system on your network and extract the one you’re interested in… via a system call to psloggedon.exe /accepteula -l -x \<host>  (also executed on application server — this utility is avaiable for download from http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx

I ended up creating a custom JSP tag to do this, which also sets a Cookie with the username retrieved (so you only need the calls once per browser session) or if the system calls fail, it redirects to a separate webapp, which prompts for their username / password, authenticates against Active Directory and if successful sets the Cookie and returns the user to the calling page.

Perhaps not the most elegant solution, but we may get to finally retire IIS / ASP and the infamous Apache JK Connector.  Plus Chrome & Firefox no longer prompt for your username, so ultimately we can retire IE here at the office and reduce the number of malware infections!