I had to do this exact thing, too. My solution involves Javascript + ActiveX objects, which creates a dependency on Microsoft's Internet Explorer. If you don't want to impose that requirement, then this solution won't work for you. Perhaps something similar using a Java applet could be done.

The way it works is this: Say you have a form on a page with code like

  <form action="submit.cgi" name="submit_form" id="submit_form">
    <input type=submit name=submit value="Press to submit request">
    <input type=hidden name=username value="">
  </form>
[download]

What you'd like to do is set that hidden form field to contain the actual username, gotten from the user's environment. Add this snippet of Javascript code at the bottom (after the </body>):

  <script language="JScript">
    var netw = new ActiveXObject("WScript.Network");
    document.forms["submit_form"].username.value = netw.UserName;
  </script>
[download]

That bit of Javascript code has to execute after the html which defines the form has already been "executed". Otherwise the form (forms["submit_form"]) won't exist.

Thanks jdporter.

The example you provided worked like a charm. The only thing I had to do was change some of my Internet Explorer options for ActiveX controls. Unfortunately, our security folks will not be pleased with this. So, I don't think I'm going to be able to use it.

Did you experience the same issues with having to update the ActiveX options for IE?

Thanks
ETP

oops; see my reply below.

Yes, precisely. I was doing this for a secure intranet, so it was no big deal from security's standpoint; but I wanted to get the sysadmins to push out the settings change to everyone, and they said "It can't be done" — meaning, "We can't be bothered." So I had to post a little explanation on how to modify one's own IE settings for this feature to work. Which means, It doesn't work. :-/

Wouldn't cookies do the trick?

Update: Sorry - you would need to rely on the cookie being set a the time of entry to the domain - which you obviously don't want to do...

Cookies would work after the initial login. I just wanted to see if there was a way to do it, without having them login ever. Because they've already authenticated on the domain, I don't need to repeat the step of authentication.

It looks like I'm going to have to initially reauthenticate them, and then use as you suggest....the cookie.

Sorry - I've started obtuse, so I'll continue...

Surely to make use of the username you would have to have access to the main entrance db. If you have their trust then you could just explain the problem to them and ask them to place a cookie with the info you need on entry to the main domain. If you don't have access to the db are you just using the username as a label to bunch multiple requests together? In which case you could just assign your own label and set the cookie seamlessly - the same user will then be recognised on entry.

Just trying to get a handle on what's going on here...