发表新帖
发表新帖

NTLM Authentication - Get Windows login, domain and host in PHP

前端 未结
关注
2 1755
余生分开走
余生分开走 2020-12-15 21:28

I am working on a Single Sign-On (SSO) PHP application.
Users log in their Windows session, and they want to be automatically logged in the application with their Win

相关标签:
2条回答
  • 迷失自我
    2020-12-15 22:11

    The mod_authnz_sspi module handles all aspects of the authentication process transparently, meaning that there is no need for your PHP authentication script. If the module is configured correctly you should simply be able to reference $_SERVER['REMOTE_USER'] in your script. Any user that cannot be authenticated will receive a standard Apache 403 - Forbidden error.

    I suspect the problem is with your httpd.conf since you are using the Apache 2.2 allow/deny syntax and this won't work in Apache 2.4 (unless you have the mod_access_compat module enabled). You should read Upgrading to 2.4 from 2.2 in the Apache documentation.

    Ensure that E:/_PATH_ is the exact folder from which your PHP script is running and every request to that path will require authentication.

    The following works for me on Apache 2.4:

    <Directory "/path/to/webroot">
    AllowOverride     All
    Options           ExecCGI
    # since I run PHP via mod_fcgi; should also work as 'Options none'.

    AuthName          "SSPI Authentication"
    AuthType          SSPI
    SSPIAuth          On
    SSPIAuthoritative On
    SSPIOmitDomain    On
    Require           valid-user
    Require           user "NT AUTHORITY\ANONYMOUS LOGON" denied
</Directory>
    0 讨论(0)
  • 小鲜肉
    2020-12-15 22:14

    When I try with Firefox, I get a prompt for a login and a password. When I post the prompt, the script gets the login from the prompt, but this is not what I want to do : I have to get this to work with IE, and I don't want to type again login and password. I want the login of the current Windows session.

    You can remove the prompt, by changing the Firefox settings:

    • Type: "about:config" in the addressbar
    • Check for network.automatic-ntlm-auth.trusted-uris
    • Set the value to your domain, or part of the domain e.g mycompany.com (seperate with comma multiple values)

    For IE you need to set the security settings for your page (intranet) lower than for the rest of the internet. Please see https://superuser.com/questions/148063/why-does-internet-explorer-keep-asking-me-for-ntlm-credentials-in-an-intranet-zo

    0 讨论(0)
 看不清?
提交回复
热议问题