Getting computer name/current user from Dashboard from where the browser session is running

Is there a way to get the computer name/current user from where the dashboard browser session is being run ? i am able to get the ip address with socketip from ui control widget.

I am not certain, but I suspect that is not possible. Would you want a random website that you happen to visit to be able to find your computer name and user id?

2 Likes

Hmm...I suspected this would/should be the case.
thanks for the response

You may wish to describe what you are trying to achieve since there may well be other ways of achieving it.

I was just wondering if I am able to see the IP address, why not the username. so that i can check who is viewing the dashboard at a given time.
not a critical requirement.

The server knows the ip address of the browser, otherwise how would it be able to send back the web page data? That is defined in the network protocol.

And that IP address is external and public - provided by the ISP or router not by the client device. The device logged in userid is for private not public use. Revealing it publicly would expose private security details.

I understand it now.
by the way, I have user authentication before the browser opens the dashboard, can i get that user id ? so in below image, can i get the string ' Supervisor ' to get logged in somewhere or into a flow/global context variable anywhere?

and what happens if two different users log into the same dashboard from two different sessions.

image

The client instance is not the same as the logged in user. Unless prevented by security settings at the server, many client instances could be logged into the same user id. To properly identify an individual client instance, you need to provide an instance id of some kind.

A typical modern method to manage this additional security metadata would be to use a JSON web token (JWT). This is a cryptographically signed (not necessarily encrypted) string, normally passed as an HTTP header. Initially added by the security service but included then by both server and client in all further interactions. A JWT can embed any data, it is rather like an assured cookie (assured by being signed so it cannot be altered without that being noted by a checker function). Note that a JWT is NOT itself a security feature (there are thousands of articles on the web that make this mistake), rather it is a convenience feature that can be used by security services. Similarly a cookie isn't either. Think of a JWT more like a signed cookie rather than anything else.

Depends on the mechanism used. Typically, the username and password will be consumed by the security mechanism. For example, using the httpNodeAuth with a simple user/pass object does not reveal the user to the flow. The flow will not trigger if a valid id/password combination isn't provided.

Using more feature rich logins would allow you to pass more information from the authentication interaction. To achieve that with node-red and http-in/-out nodes alone would need you to set up your own middleware. Better still, you can use an external proxy server such as NGINX to do the authentication with it setting appropriate headers.

You may find some more potentially useful information here: How to use NGINX as a reverse proxy with TLS and identity authentication (totallyinformation.github.io)


Here is a snippet of NGINX configuration that secures a specific path with basic auth:

  location /authbasic/ {
    # sudo htpasswd -c /etc/nginx/.htpasswd me # thisisme
    satisfy all;
    auth_basic "Auth Basic"; # relm, any text you like
    auth_basic_user_file /etc/nginx/.htpasswd;
    add_header X-JK-Proxy "Basic Auth Test";
    add_header X-JK-User $remote_user;  # Returns the logged in username

    proxy_pass https://localhost:1880/authbasic/;
  }

Note the use of a custom header that sends the logged in username upstream. You don't get it by default.

Also note that you cannot do digest auth with the default build of NGINX as it isn't considered secure enough.

1 Like

I appreciate you giving so much time and energy for my question. i would need maybe a weeks time to process the information you provided.

Its OK, I've been meaning to work up some NGINX examples anyway and your question got me working on them :slight_smile:

Started working on a more interesting example using sub-request auth as well. Initially using just http-in/-out nodes to service the auth and login. Eventually I'll work up through uibuilder API's and finally onto external OAuth. Long overdue.

1 Like

As always I look forward your examples, and I've been meaning to setup NGINX for a bit now.

1st couple already shared.