6

In C# I can get the current user of a web app using the HttpContext, however, I can't figure out how to do this in Ruby. Is there any way of doing this?

FOR THOSE OF YOU SAYING IT IS IMPOSSIBLE, HERES PROOF:

http://www.codeproject.com/KB/aspnet/How_to_NT_User_Name.aspx

WedTM
  • 2,587
  • 5
  • 37
  • 54
  • 1
    what is your criteria for defining what a 'current user' is? – Jed Schneider Jul 15 '10 at 01:43
  • 1
    Try this: `%x(echo %USERNAME%)` – Adrian Jul 15 '10 at 01:52
  • My criteria is whatever the username is for the user that is currently logged into the windows machine that is accessing the web page. – WedTM Jul 15 '10 at 02:00
  • i dont think you will be able to get at the username for the machine, that is outside the scope of the browser security sandbox. – Jed Schneider Aug 21 '10 at 15:50
  • 1
    Impossible by "normal means". It would require a plugin to be installed on each client (be it Java, Flash, or a custom one). Why do you want to know the username used to login on the client system? Makes no sense to me. Are you sure C# gets that information from a remote client? – jweyrich Aug 23 '10 at 04:55
  • I was under the impression HttpContext pulled it from the HTTP headers as any other normal authentication middleware. Perhaps the current user uses the same name as his Windows login? Otherwise, I agree with jweyrich, I don't see how this could be passed through. – Kenny Peng Aug 23 '10 at 15:51
  • What webserver are you using? The link you provide implies that this information can be pulled from the AUTH_USER server environment variable. For some reason, I suspect it might be an IIS type thing. REMOTE_USER should be a bit more cross-platform (but I'm not confident). – Brian Aug 23 '10 at 20:41
  • @WedTM: The presented article/code uses an authentication mechanism (NTLM, etc), which you didn't mention in your original question. In fact, we had no clue about that, but now it makes sense. So, the authentication mechanism is already configured and working? – jweyrich Aug 24 '10 at 08:59

6 Answers6

16

Well, to get the current username, there's this:

puts ENV['USERNAME']

Or go to the Win32API.

require 'dl/win32'

def get_user_name
  api = Win32API.new(
    'advapi32.dll',
    'GetUserName',
    'PP',
    'i'
  )

  buf = "\0" * 512
  len = [512].pack('L')
  api.call(buf,len)

  buf[0..(len.unpack('L')[0])]
end

puts get_user_name

Edit: And I'm an idiot. This isn't what you asked for at all. Oh well, it took me time to dig this out of my code, so it might as well stay here for anyone else wondering :P

Edit again: OK, it turns out I'm not an idiot after all. This is what you want. When I went back and re-read your question, the HttpContext threw me off, and I thought it was the current username from HTTP auth or something.

AboutRuby
  • 7,936
  • 2
  • 27
  • 20
1

To get the username of the current user on client machine you can use this

ENV['USERNAME']

Rohit
  • 5,631
  • 4
  • 31
  • 59
0

[RUBY ON RAILS ONLY]

This is what worked for me but there are some limitations:

If you don't care about these issues, go ahead:

  1. In your rails application, add Rekado's gem to your Gemfile: gem 'ntlm-sso', '=0.0.1'

  2. Create an initialiser config/initializers/ntlm-sso.rb with:

    require 'rack'
require 'rack/auth/ntlm-sso'

class NTLMAuthentication
  def initialize(app)
    @app = app
  end

  def call(env)
    auth = Rack::Auth::NTLMSSO.new(@app)
    return auth.call(env)
  end
end

  3. On your application.rb file, add the line: config.middleware.use "NTLMAuthentication"

  4. Call request.env["REMOTE_USER"] on your view or controller to get current username.

PS: Let me know if you find anyway to make it work on Chrome or to validate user credentials.

Flavio Wuensche
  • 9,460
  • 1
  • 57
  • 54
0

If you're using Rails try: request.env['HTTP_REMOTE_USER']

YouMustLeaveNow
  • 19
  • 1
0

I think what you mean is how you can retrieve the username that the user used to login to the web application. That will differ depending on what authentication mechanism you're using. Some Apache authentication modules, for example, will pass REMOTE_USER (e.g. the Kerberos module), the CAS Single-Sign-On module passes CAS-USER, etc. Standard digest authentication and such uses the Authentication header. You should be able to access these using request.env[HEADER] as someone else pointed out above. Check out the documentation on how your authentication layer is passing on the user in the HTTP request.

Kenny Peng
  • 1,891
  • 4
  • 18
  • 26
0

Is your c# code running as a .NET plugin/client-side code or is it ENTIRELY server side? Your ruby code would be entirely server side. According to the MS docs, only stuff running in the CLR sandbox can really get to that information:

http://msdn.microsoft.com/en-us/magazine/cc163700.aspx (under Defining the sandbox).

One thing interesting to note is that sites registered under LocalIntranet have access to that information. I'm not sure off hand how this maps to security zones in IE though.

The thing to understand is that LOGON_USER is NOT visible to the browser sandbox anymore than the browser can see the contents of a filesystem path on your system. The fact that your c# code sees it almost certainly indicitive of some clientside component passing it upstream.

You have the option of implementing mod_ntlm under apache and pushing the headers downstream. I don't have the points to post a second link but google 'rails ntlm sso' and see the rayapps.com link.

but if your app isn't Rails based, you'll have to port that to your server code. You can also checkout rack-ntlm if your app is rack compliant.

lusis
  • 660
  • 4
  • 10
  • Nope, there is no client side code. I am sure of that. Here's a codeproject sample of what's going on. http://www.codeproject.com/KB/aspnet/How_to_NT_User_Name.aspx – WedTM Aug 23 '10 at 20:15