Is it possible to grab activedirectory credentials for the user on a client machine from within a web application?
To clarify, I am designing a web application which will be hosted on a client's intranet. There is a requirement that the a user of the application not be prompted for credentials when accessing the application, and that instead the credentials of the user logged onto the client machine should be grabbed automatically, without user interaction.
Maybe .NET has a more direct way to do it, but with PHP I just access our Active Directory server as an LDAP server.
I'm not sure what adjustments to the server are required to do this. I didn't setup the server, I just query it. I'm not suggesting you use PHP either. I just find it easier to deal with LDAP then trying to tie directly into Active Directory.
No, of course not. Can you imagine the havoc that would result in random web apps being able to get your AD username and password?
Now, if you just want the username - that's in REMOTE_USER if you're using integated windows auth. And, windows auth will auto login the user to your site - assuming you share a domain (or trust).
Edit: IWA works in an intranet scenario, since IE - by default - includes intranet sites in the Intranet security zone. Also, a sysadmin can use GPO to set other trusted sites. Firefox also supports NTLM, as does Opera and Chrome. All in all, it's not a bad way to setup an intranet.
Note, though - that you don't get credentials. You negotiate a token with the client, which is what keeps IWA secure (and my above point relevant).
Windows Integrated Authentication, user has to use IE, AND the site has to be in the user's trusted sites. If these things are true, then IE will pass your windows security token to the web site and it will authenticate with it. We do this with SharePoint on our intranet otherwise it's a pain to access anything restricted -- you'd get prompted every time you click on a document.