Gettting the current windows user id

Hi

I have where users can enter title and description that gets stored in
the database.
since this will not give information on who has entered what…
I was thinking of haveing a filed say created_by to which I can insert
the current logged in windows user_id.

But I dont see a way of getting the current logged in user id.

Can you please throw some light on this ?

offcouse ENV[‘USER’] would give the id, but this will be the id on which
the server is running on it.

But the user can access the application from any browser rrunning on any
machine.

Thanks
Prasanna

On 7 Mar 2008, at 12:14, Prasanna kumar Nagasamudram wrote:

Hi

I have where users can enter title and description that gets stored in
the database.
since this will not give information on who has entered what…
I was thinking of haveing a filed say created_by to which I can insert
the current logged in windows user_id.

If you mean that you want to be able to use active directory
authentication then there’s some stuff out there on how to proceed:

If you mean how you you would get some random person’s on the
internet’s windows login name then that is quite obviously not going
to happen (and wouldn’t be very useful since anyone can set that to be
whatever they want to be, or not even be running windows at all).

Fred

If you’re talking about getting the username of the user account on
the client machine, your only hope of getting that would be though
client-side scripting. I don’t believe, and sure hope, that this is
not possible using JavaScript. I would see this as a major security
violation. JavaScript should be “sand-boxed” to only allow access to
information within the browser or cookies for the current site.

That being said, if you don’t mind limiting yourself to using Internet
Explorer, I’m guessing you could break free from this security policy
by using an ActiveX control, which we all know is dangerously
insecure. Of course, doing so would limit your users to Microsoft
Windows and Internet Explorer. Users of Firefox, or any other
platform, would properly protect themselves from this security
violation.

On Mar 10, 7:20 am, Prasanna kumar Nagasamudram <rails-mailing-

Frederick C. wrote:

On 7 Mar 2008, at 12:14, Prasanna kumar Nagasamudram wrote:

Hi

I have where users can enter title and description that gets stored in
the database.
since this will not give information on who has entered what…
I was thinking of haveing a filed say created_by to which I can insert
the current logged in windows user_id.

If you mean that you want to be able to use active directory
authentication then there’s some stuff out there on how to proceed:
Zorched / One-Line Fix | Active Directory Authentication for Ruby on Rails

If you mean how you you would get some random person’s on the
internet’s windows login name then that is quite obviously not going
to happen (and wouldn’t be very useful since anyone can set that to be
whatever they want to be, or not even be running windows at all).

Fred

Hi Fred

I just need the current loggied in user … I dont want to thow any
dialog box.

Say fro example i need to call create. I will call it as
create?userid=abcd

I just need to know where to get that abcd from ?

Thanks

Prasanna

You could implement an actual app login. If you use something like
restful authentication it gives you a current_user method.

On Mar 10, 8:25 am, Prasanna kumar Nagasamudram <rails-mailing-

Robert W. wrote:

If you’re talking about getting the username of the user account on
the client machine, your only hope of getting that would be though
client-side scripting. I don’t believe, and sure hope, that this is
not possible using JavaScript. I would see this as a major security
violation. JavaScript should be “sand-boxed” to only allow access to
information within the browser or cookies for the current site.

That being said, if you don’t mind limiting yourself to using Internet
Explorer, I’m guessing you could break free from this security policy
by using an ActiveX control, which we all know is dangerously
insecure. Of course, doing so would limit your users to Microsoft
Windows and Internet Explorer. Users of Firefox, or any other
platform, would properly protect themselves from this security
violation.

On Mar 10, 7:20?am, Prasanna kumar Nagasamudram <rails-mailing-

Any thoughts on this approach.

I will have two fields
Title and Description and I want to have a third field called create_by
for which i dont want the user to enter, but should get automatically
populated.

Please let me know if you can think of an alternative approach than
reading the user from the javascript(activex).

Thanks
Prasanna

The only reason i thought about the other approache was to eniminate the
resigration screen.
I kinda figured that was the case. Well don’t. It’s part of life on
the web. I’m suggestion is to just deal with it like the rest of us
have to. Security is important and until somebody comes up with a
better scheme than we have now web app users will have to deal with it
too.

That being said there are a number of great alternatives developing
that are actually more secure and a lot more convenient for your
users. The primary one being OpenID (http://openid.net). If you are
unfamiliar with it, check it out. I now cringe whenever I see a web
site that does not implement an OpenID login. And it’s now pretty easy
to do in Rails so there’s just no longer any excuse not to do it.

In the mean time I use a wonderful tool called 1password (http://
1passwd.com). This allow me to create random strong passwords for all
my various internet login forms and never have to worry about
remembering them. All I need to remember is my one master password…

“One Password to rule them all, One Password to find them, One
Password to bring them all and in the darkness bind them.”

On Mar 11, 12:52 am, Prasanna kumar Nagasamudram <rails-mailing-

Robert W. wrote:

You could implement an actual app login. If you use something like
restful authentication it gives you a current_user method.

On Mar 10, 8:25?am, Prasanna kumar Nagasamudram <rails-mailing-

The only reason i thought about the other approache was to eniminate the
resigration screen.