This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
You can NOT have a Windows (or any other) login screen appear on a client by issueing any command from a server in a web application. If you could I could also create a web application that shuts down your computer or formats its harddisk.
Joined: Feb 16, 2005
sorry. I did not explain correctly. The login panel is not for windows login but web login.??? When you fallow the steps mentioned in the question in IIS it asks for username/password and If I enter a domain username/password web page opens.
As far as I'm aware, that particular authentication mechanism stores hashed credentials for an authenticated user in Active Directory (or possibly against the Domain Controller, can't remember which). So the only place you can get them is from AD, except of course they will be hashed so no use to you. You can get the username if you use basic authentication (but of course, the password is send in clear text), or you could use NTLM. The vagueries of how to do that are dotted about the Security forum.
It is possible with HTTP Basic Authentication. You need to declare the protected resources in web.xml file and specify the Basic Authentication. When a user tries to access the protected resources, the browser will prompt for the username/password. You can authenticate the user using the specified relam.