Your company’s IIS servers are most likely using Windows authentication.
There are Apache modules for doing the same thing. Look for
mod_auth_ntlm or whatever it’s called, and/or mod_auth_sspi or google
apache and “active directory” for starters.
I’m not an IIS person, so I don’t know whether IIS can pick up usernames
passively, but that alone would seem to be very lax security. Most
likely the app is logging people in (even if doing so invisibly).
If making users log in separately to your apps is a concern even once
you’re logging them in using a domain or AD, one way to go would be to
deploy your apps with Mongrel and proxy them through one of the
authorized IIS servers, letting IIS handle the authentication, but in
this case you’d be running the app itself with no security, so locking
down access to ir from everything but the authorized IIS server would be
Cayce B. wrote:
Not sure I understand what you mean. The ServerVariables collection is
added into the request object by IIS. IIS is somehow able to determine
who the logged in user making the browser request is, and adds that into
the header request.
My rails application is on a Linux box. What environment variable do I
access to determine who the logged in user making the browser request
Berin L. wrote:
Cayce B. wrote:
object. I need something equivalent in Rails, or I’ll never be able to
get traction with RoR here.
Server variables are just a derivative of Environment variables. Those
are accessible through Ruby, and hence Rails.
Email: [email protected] mailto:[email protected]
IM: [email protected] (MSN)
20044 Great Falls Forest Dr.
Great Falls, VA 22066
See who we know in common http://www.linkedin.com/e/wwk/5678360/ Want
a signature like this? http://www.linkedin.com/e/sig/5678360/