Been searching for an answer to this but read some conflicting reports.
I have a asp.net website with forms authentication setup and I'm adding some php pages to a subfolder within the site. I want these pages to follow the same authentication as the rest of the site, ie be bounced to my asp.net login form if not logged in.
Currently if I access a file http://localhost/test/test.php it is serving it even if I'm not logged in. However if I just browse to the folder http://localhost/test/ it does bounce me to login page. Guess I need to force these PHP pages through the asp pipeline but is this possible in classic mode / iis6?
I seem to have got this working by doing the following:
Convert folder containing my app into an application in iis 6 manager
Click Configuration in the Directory tab of the properties dialog for the above folder and define a wildcard mapping pointing to c:\windows\microsoft.net\framework\v4.0.30319\aspnet_isapi.dll
Related
My web site is running two server side applications: application for logged-in users running on PHP (using Zend framework) and Wordpress application for the public, non-loggedin users.
I am using Apache.
I would like that requests from logged-in users Would be served by the index.php file of Zendframework and those from non-logged in users by Wordpress index.php file.
Note, I prefer not to have different URLs for the two frameworks. For example: mydomain.com should lead to both sites according to the log-in status.
One way I thought doing this, is by always starting at Zend, check if the user is not logged-in, and if so perform _forward or similar action to Wordpress.
Is that possible? Should I do something else?
Thanks.
I have got Trac installed as a subset of a larger website. Ideally I'd like to be able to log users into trac from the main site without having to use the trac interface itself. The main site is implemented in PHP on IIS. Additionally if the user is logged in via Trac then I'd like to be able to offer access to other features from some of the PHP pages based upon the user privileges.
Authentication uses an htpasswd file in trac and being able to administrate users via the trac interface is useful. Additionally the same user/pass would be used for subversion as this can use the htpasswd file. I can't use this with IIS to do the login via a virtual path and authentication role. I don't want to use LDAP/ActiveDirectory
It would be nice to be able to implement a login page in PHP that actually logs the user into Trac. However I an unsure how I would add an appropriate __FORM_TOKEN field in the PHP page. It would be fine to use the trac login page itself but after logging in, it goes to the trac wiki home page rather than the referer that I set in the form data if it is not a sub-url of the trac part of the site.
Also it would be handy to be able to query permissions for the user currently logged into trac from PHP. Presumably this is possible via the sqlite database, but how do I know who the current user is?
Ended up generating the trac_form_token cookie myself for my PHP login form, from a sub-url of the trac root (overriding that sub-url from within IIS so that it is not handled by trac but by php instead). Easy enough to do.
Checking the logged in user is easy enough to do if you configure trac to set the path of the trac_auth cookie to be the root of the site. You can then access this and query the trac sqlite database from PHP to get the user name and permissions.
Then for the PHP login, you generate the trac_form_token and do a POST curl request to trac and then pass on the cookies you need from the returned response header.
EDIT: change to trac.ini to make trac_auth cookie available site-wide and not just from /trac/
[trac]
auth_cookie_path = \
I have a multi-tenant SaaS platform and a customer wants to customize the look and feel of the login page and the dashboard page. I was able to successfully customize the dashboard page by storing the name of the CSS file to use in the ACCOUNTS table of my database. This works because I know which account to get from the database once they log in. However, I do not have this capability for the login page.
Is it possible to customize which CSS file or login page to use based on the DNS? For example, customerabc.server.com gets the generic login page. customerxyz.server.com gets their custom login page.
I am using Apache and PHP. Thanks.
Yes just configure an apache subdomain to the same docroot and react in your application on the different domains.
I was able to do this using apache vhosts. The ServerName property needs to match the root URL/URI and to ensure that all includes are being set properly, You have to have a copy of the php.ini file in the root directory so that you can make changes to the include_path here and not affect other install instances elsewhere.
I'm trying to create an UnderConstruction page for my new site.
I would like to retain all the core files (files that are part of the site) without modification while I try to implement this. This includes leaving the index.php intact.
Currently, I have an .htaccess setup to authenticate on any access to the site.
I want to redirect any user accessing any page (at least the index.php) to an UnderConstruction page and then leave a link there which my dev team could use to authenticate themselves and continue using the site as usual.
But in order to leave the core files intact, I would have to initiate the htaccess type authentication & then in index.php (assuming that index.php is excluded from the cuth) check the auth status.
I tried to play around with $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] but these (as I understand) requires me to manually implement the authentication scheme (ie checking against a list of username & passwords).
I'm working on an apache with php5 on a linux server.
Any ideas?
You should just mirror the dev version of the site to a subdomain like dev.mysite.com and then keep the under construction stuff on the main domain. This way you can secure the dev domain and still keep your under construction page going and the two will be isolated.
put this on htacces for each file u wanna lock
Redirect /file.extension http://www.uroot.com/index.php
I am web developer working on a wordpress landing page that will lead the user into an all silverlight page. Now my programmer says this can't be done and it's not supported php conflicts with silverlight/asp and so on.
My web address will be www.maddog.net... I need the wordpress and silverlight portions of the website to reside in the same URL.
One more note I had a a login developed for the wordpress site that will need to talk to the silverlight logon... is this possible?
Just have your PHP (wordpress) redirect to a .NET based subdomain application if need be. The silverlight elements need to be hosted by asp.net based pages so for example:
You should be able to set this up in IIS, PHP root level site and /Subsite as its own virtual directory hosting asp.net site.
User logs into php page, you can server transfer to next page with login details etc or any other way to want to pass the creds to the .NET page and automatically log the user in then display the silverlight component.