Legacy application (win32 clients + centralized db) has 40+ installations in a company & lacks the ability to be extended by plugins. Legacy authentication system relies on computer name, user name & user SID (there is no single DOMAIN server in a company, there are dozens of workgroups).
I'm going to build stand-alone intranet site that would provide additional functions to legacy ones. I want to use current authentication data - this way I have to pass SID from html browser somehow without prompting user to enter login/password e.t.c.
Does UserSID/WorkstationName/UserName are sendable via HTTP(s) protocol after being configured some way? If no what technologies would you suggest to use: May be I shall use Silverlight + WMI abilities or may be it's possible to access WMI from javascript (so I should consider traditional ajax).
Another question: what is the best practice to send UserName,WorkStationName,SID in terms of security. Shall I pass it as function params from client to server, or may be I shall configure this params sendable via communication protocol (if I'm going to use WCF communication and it's configurable this way)?
Thank you in advance!