First of all, sorry per my poor english, it’s not a primary language.
So, the context is: I'm working on a intranet site developed in php hosted at a windows 2012 server with IIS. This site should have the authentication system integrated with the Active Directory. I managed to integrate it using the ldap_bind function, which is perfect for when the user is out of the network. But, I also need it to automatically login when the user is already logged at the windows, how to get to this result? What to search for?
Thank you very much.
Related
I work on a Symfony application intranet.
I heard about the possibility of using the authentication window rather than having to log in using a conventional authentication window.
Could someone could give me 1 or 2 link addresses on the subject? I searched for myself but I can not find the right keywords.
Is he is WSSE?
Thank you in advance!
If you run your PHP application on an IIS instance on a windows server which is in an AD togheter with the other computers which uses this application you can turn off access for the website in your IIS interface for "Anonymous" users.
Afterwards you can check against one of the $_SERVER['AUTH_USER']/$_SERVER['PHP_AUTH_USER'] variables in PHP which contains domain\user information. You don't even need to show any login dialogue. So it's a SSO (single sign on) process then.
See the link below for more information about this:
http://www.iis.net/learn/application-frameworks/install-and-configure-php-on-iis/enable-php-applications-to-make-application-level-access-control-decisions
If what you call "identification window" is the small alert on which you must type id and pass rather than an HTML form, you just have to take a look in direction of htaccess and htpassword as this small windows is the result of a htacces protection.
See here (eg):
http://www.seas.upenn.edu/cets/answers/auth-htpasswd.html
Best regards
Peter
Further to TiMESPLiNTER's comment above
On our IIS setup (IIS 7.5) the relevant server variable is $_SERVER['AUTH_USER'] so if it doesn't work at first try using phpinfo() to find the right variable for your site.
I am developing a web application for my university project this summer and I am looking for some advice, The web application is to be deployed in to a windows environment that has around 500 users. The users will need to login before they can access the web application, this is where my first problem appears.
Do I need a way to export the users from active directory with their passwords on a daily basis. However I know that passwords are stored as a hash not clear text so id have to mimic the hashing in my web app. So do I use LDAP to authenticate the users for me? I would appreciate some advice of maybe a link to a resource that anyone knows that would be worth me reading.
Note.
The web application will be made in PHP with a sql database running on a windows server inside the same domain.
Thanks
PHP has an LDAP module that allows you to interface the Active Directory without exporting it.
Here is an example of implementing an LDAP authentication through php:
http://code.activestate.com/recipes/101525-ldap-authentication/
Since PHP has libraries to assist you with interacting with LDAP already then that might be the way to go. Exporting and managing users yourself sounds like reinventing the wheel.
Just contact the auth server using PHP::LDAP. This blog post shows a good example.
I'm currently developing an invite system that is to be integrated into other systems. This development is web based with PHP5. Now i've been looking and testing code for about two weeks but all examples are out-dated and do not work with the windows live 2011. The windows live website itself isn't much of a help.
The login and contacts access requests have to be done trough popup because in my case its not acceptable to let people leave the website to login etc.
So am I just lazy or what is this about?
No, actually I'm not lazy, I did google, I did test etc etc. Just to let you see what I've tried upto sofar:
Out-dated http://livecontactsphp.codeplex.com/
Followed all tutorials at http://msdn.microsoft.com/en-us/library/gg276466.aspx no luck.
Out-dated http://www.phphulp.nl/php/forum/topic/windows-live-contacts-api/47598/
Out-dated http://social.msdn.microsoft.com/Forums/en-US/wliddev/thread/0087c7f6-d6b7-498e-8c6c-dd95cd2165f8
This list continues for a while.
Anyway, I got a verified domain an full access etc.
Is their anyone with suggestions and/or examples?
Your help is really appreciated
As per my understanding , what you are trying to do in your web app is to allow the end user to login to his windows live account and after logging in your web app will access his account data .
You need to use Oauth . The tutorial provided here http://msdn.microsoft.com/en-us/library/gg276466.aspx , is working for me in local host .
But I am not able to access contacts
I'm working with a client's proprietary ASP.NET app, to which we added a PHP wiki to a subdirectory on the same server. The PHP app authenticates against the cookies that the .NET app uses. This all works fine.
When you login to the .NET app and then visit the PHP app (Dokuwiki), and then visit any page on the .NET app, it reports that the session is expired and asks you to log back in.
Both apps generate cookies, but none of them conflict in name. I stripped out the code in the PHP app that authenticates against the cookie to make sure I wasn't causing the issue with the PHP authentication, but the issue persisted.
With the exception of some front-end things, I have no control over the ASP.NET backend, but I did create a stray .ASPX page in one folder which successfully forces authentication if a user visits it. I created this page in a plaintext editor, not in Visual Studio, so it didn't generate any code behind files. If you visit this page after visiting the PHP app, it does not report the session as having been expired.
My question is that I'm trying to track down what is causing this behavior, first, and then looking at options for correcting it. I'm sorry for the dearth of more technical detail -- as mentioned, I only have limited access to the client's app. Any help would be very appreciated, and if any more information is needed to help troubleshoot, I'll gladly provide what I can.
I've had similar problems with classic ASP sites running on the same server as ASP.NET sites.
I'm usually able to fix the problem by creating 2 application pools under IIS: one for the ASP sites and one for the ASP.NET sites.
Do you have access to the server's IIS manager, or can you contact someone who does? If so, create 2 separate app pools: one for PHP sites and one for ASP.NET sites. Then move each site into the appropriate app pool. Restart IIS if you can, and then see if anything's changed.
Hope this helps!
I called in the original developer to troubleshoot this. He solved it by switching from SQL Server based session state to "In Process." That seems to have taken care of it.
We have a sharepoint instance on our network that we get automatically logged into by logging into Windows. (they do not get prompted to log in)
We have another web application that requires users to log in but it currently has it's own username/password setup.
Our goal is to get the other application (which we have built) to act the same way sharepoint does - if you are logged into windows it will log you right into the application.
Where do I start? (I assume this will require LDAP)
Any guidance would be greatly appreciated.
Our setup (windows):
Windows
IE7 & 8
Windows Active Directory managing users/password
Our setup (the other application):
RHEL (could be Windows Server if really necessary)
PHP 5
Apache
mySQL - username and password are stored in mySQL
Update:
Maybe a drawing would help: Look at this
You are looking to implement NTLM Authentication in the PHP application, see my prior answer on this:
Can a PHP intranet share Windows logins?
If your other web application uses Windows Integrated Authentication (NTLM or Kerberos authentication or even basic authentication) then it can act the same way. Depending on the browser, it can automatically remember and log into sites using one of these methods. Each browser may do it differently, though. IE has settings for automatically logging in based on the zone (Internet, Local intranet, trusted sites).
You would not necessarily need to have the have your other application use the same user store (AD/LDAP), but it would likely make sense.