Obtain Windows Logon

J

jccorner

Centurion
Joined
Jan 31, 2004
Messages
144
Would anyone know how to get the logon name when someone logs onto Windows??

I don't want them to have to use a logon when they open the app but I need to know which user is opening the application. Thanks.
 
Be Carefull if security is an issue, how do you know the the person starting the app is the person who is logged on.
 
Thanks. As for security, shouldn't be an issue since the program verifies that a valid user is accessing the SQL server.
 
You have missed the point,

The person that is logged onto the computer may not be the person trying to access your app. Such a security hole may not be a problem for your app, but there may also be a valid case for someone wanting to avoid logging off/on to acccess your sstem and then back to the original user when they could have done it with a login to your app.

Again this may not be an issue for you..
 
donnacha said:
You have missed the point,

The person that is logged onto the computer may not be the person trying to access your app. Such a security hole may not be a problem for your app, but there may also be a valid case for someone wanting to avoid logging off/on to acccess your sstem and then back to the original user when they could have done it with a login to your app.

Again this may not be an issue for you..
Click to expand...

What donnacha is trying to say (I believe) is that what if the person logged onto the computer and the person currently using it is different. Wouldn't they have two different data values in the database? For example if Molly was in accounting and Jan was in research, Jan couldn't access her research data from Molly's computer because Molly is logged in. So Jan would have to log Molly out and log back in as herself. Restart you're program and would waste much time in the process.

If I am correct in my assumption it would make more practical sense to have space for a username instead of obtaining the person who is currently logged on (besides the huge security hole there).
 
The problem with that scenario is that users now have to remember 2 user name / password combinations (one for the domain, one for the application) and keep them in sync when one or other forces a change. Also if Molly is using the system she would still have to at least close the application and re-run it to logon as herself anyway...

This also imposes another security weaknes as now there is a second copy of username / password pairs to be maintained, stored, backed up etc. If this second copy is stored using a weaker form of hashing or encryption or stored in a less secure area (including backups) than the domain then this becomes a simpler target for would be hackers.

If a person is using the PC they should be logged in as themselves so auditing etc can easily be done, if this can be integrated within your application all the better. When finished logout and others can use the PC.
 
Back
Top