He indicated that he was using ASP.NET. In this case,
SystemInformation.UserName might not work becuase ASP.NET is running in a
special account.
As for the password, imagine how insecure the system would be if any program
at any time could read both the username and password. Trojan horses would
have a field day. So, no, it is probably not possible to read the password.
ASP.NET makes it relatively easy to impersonate the logged in user. It has
been a while since I had to do this but you might try turning anonymous off
and setting the @impersonate attribute on the <identity> tag to "true" in
the machine.config. That way the ASP.NET process takes on the identity of
the person who is sitting at the browser.
