I mean't enable integrated authentication for the web site in the web site
properties in IIS. So long as internet explorer is enabled to use
integrated authentication (tools, options, advanced) the NT username will be
sent to the web server automatically without the user doing anything. The
user name can be retrieved if needed using server variables:
USERNAME: Request.ServerVariables("AUTH_USER")
Here's some info cut from iis help:
Integrated Windows Authentication
Integrated Windows authentication (formerly called NTLM or Windows NT
Challenge/Response authentication) is a secure form of authentication
because the user name and password are not sent across the network. When you
enable integrated Windows authentication, the user's browser proves its
knowledge of the password through a cryptographic exchange with your Web
server, involving hashing.
Integrated Windows authentication can use both the Kerberos v5
authentication protocol and its own challenge/response authentication
protocol. If Directory Services is installed on the server, and the browser
is compatible with the Kerberos v5 authentication protocol, both the
Kerberos v5 protocol and the challenge/response protocol are used; otherwise
only the challenge/response protocol is used.
The Kerberos v5 authentication protocol is a feature of the Windows 2000
Distributed Services architecture. In order for Kerberos v5 authentication
to be successful, both the client and server must have a trusted connection
to a Key Distribution Center (KDC) and be Directory Services compatible. For
more information about the protocol, see the Windows documentation.
Integrated Windows authentication proceeds as follows:
1.. Unlike Basic authentication, it does not initially prompt users for a
user name and password. The current Windows user information on the client
computer is used for the integrated Windows authentication.
Note Internet Explorer, version 4.0 and later, can be configured to
initially prompt for user information if needed. For more information, see
the Internet Explorer documentation.
2.. However, if the authentication exchange initially fails to identify
the user, the browser will prompt the user for a Windows user account user
name and password, which it will process by using integrated Windows
authentication.
3.. Internet Explorer will continue to prompt the user until the user
enters a valid user name and password, or closes the prompt dialog box.
Although integrated Windows authentication is secure, it does have two
limitations.
1.. Only Microsoft Internet Explorer, version 2.0 or later, supports this
authentication method.
2.. Integrated Windows authentication does not work over HTTP Proxy
connections.
Therefore, integrated Windows authentication is best suited for an intranet
environment, where both user and Web server computers are in the same
domain, and where administrators can ensure that every user has Microsoft
Internet Explorer, version 2.0 or later.
Regards
Paul