Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Using PHP to get a windows username

  • 27-02-2008 9:16am
    #1
    Closed Accounts Posts: 49


    Hi,

    I need to be able to get the windows username for automatic login to an intranet site. I've set up an IIS server (Windows 2003/IIS6.0), and installed PHP5 following the guidelines from tutorials like this one:
    http://www.design-ireland.net/index.php?http%3A//www.design-ireland.net/alpha/controller/view_article.php%3Foid%3D00000000041

    Note: MySQL has not been installed - doesn't seem like it's needed?

    PHP seems to be working fine. I have disabled anonymous authentication, but I'm still getting nothing back when I use any of these:
    $_SERVER["AUTH_USER"];
    $_SERVER["LOGON_USER"];
    $_SERVER["REMOTE_USER"];
    The IIS server is in the same domain as the machine I'm accessing it from. I'm pretty sure there's some small thing that needs to be done, any ideas?

    Before anybody mentiones it - I *have* to use windows for support reasons :/


Comments

  • Registered Users, Registered Users 2 Posts: 568 ✭✭✭phil


    If you're solely using IE/IIS6, "Integrated Windows Authentication" might solve all of your problems. http://en.wikipedia.org/wiki/Integrated_Windows_Authentication

    Apart from that as far as I know there's no way to do what you're suggesting automatically. Your browser will not pass domain credentials automatically to the webserver. In that scenario, PHP has no visibility over anything. You have a couple of options:

    1. Allow IIS to do the authentication (via NTLM). This will still prompt for a username/password option to the end-user. IIS will then pass those details along as environment variables

    2. Setup PHP to do NTLM authentication and then set a long-life cookie on the browser. This might be more user friendly, but requires more development on your side to do the authentication. Of course, the cookie based system allows more flexibility in terms of keeping users logged in across browser sessions.

    The third option, requiring the most amount of work would be to use an ActiveX control to do this. Personally I'd go for (1) and keep life simple.



    Phil.


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    phil wrote: »
    There's no way to do what you're suggesting automatically. Windows / IE will not pass domain credentials automatically to the webserver.
    Yep, it sure does actually. I use it all the time for providing custom content to domain users on our intranet. There's a security setting in IE (I think it's set by default for the Intranet zone) to automatically logon in that zone. $_SERVER will give you their username in the domain\username format.

    You seem to have done everything right. When you disable anonymous logon on IIS, make sure that this is inherited for all subfolders. You can set authentication mode on any subfolder or file, so some files may have anonymous authentication on, others may not.

    Check the NTFS permissions on the relevant folder. If the Anonymous user has access to that folder, it may not be logging in.

    Remove the anonymous user, add the everyone group (give then Read & Execute) and reboot the IIS server.


  • Registered Users, Registered Users 2 Posts: 568 ✭✭✭phil


    Oh I edited that a bit before you posted, see above :). "Intranet" was the magic keyword I missed originally :)


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    And you're right, he also needs to make sure that "Integrated Windows Authentication" is enabled for the relevant site/folders.


  • Closed Accounts Posts: 49 the_manchine


    Arrgghh - found the problem. Was down to some permissions!!

    PEBKAC :/

    Thanks for the replies.


  • Advertisement
Advertisement