I have a website with PHP and 3 different .Net apps in 3 different subfolders. All is working well.
The PHP app has authentication builtin with ye old "include security_check.php" on top. The PHP app also has the user editor (logins) and is the star of the show.
I would like to extend the PHP security scheme to include the .Net apps. To do this I am thinking something in the direction of a web.config placed in the root with .Net forms auth configured. This should include all subfolders.
How would this affect web.config inheritence in subfolders?
Can I use PHP to handle the logins directly? Or do I have to use ASPX to check for cookie containing username (set on successful auth in PHP), then redirect to PHP login if it is missing?
Related
I have a simple php script for hwid checks on a c# app i made it just checks if the hwid and email match and sends it to the app again. But i've looked through websites to see how i should add more security and i've come across multiple where they are sending POST requests to www.site.com/api/login and there's no file extension. how is this done?
What are you using for your backend
if you are using framework like laravel or etc
you can define your own route to handle the url request
https://laravel.com/docs/5.6/routing
if you are using native you can use .htaccess for that
https://stackoverflow.com/a/32140158/9590296
My web site is running two server side applications: application for logged-in users running on PHP (using Zend framework) and Wordpress application for the public, non-loggedin users.
I am using Apache.
I would like that requests from logged-in users Would be served by the index.php file of Zendframework and those from non-logged in users by Wordpress index.php file.
Note, I prefer not to have different URLs for the two frameworks. For example: mydomain.com should lead to both sites according to the log-in status.
One way I thought doing this, is by always starting at Zend, check if the user is not logged-in, and if so perform _forward or similar action to Wordpress.
Is that possible? Should I do something else?
Thanks.
I am building a prototype of a web app for a client, using axure - which is all front-end code (html/css/js files) - no php at all, so i can't use php authentication (sessions, etc) within the prototype itself.
So to protect it, the prototype is in a password-protected directory on my server (using htaccess / basic HTTP Authentication), so my client must login to review it.
But instead of requiring him to login through the ugly browser-based login-box, I'd LOVE to somehow use PHP to login for him, since he'll already be logged into my client-portal (Wordpress) site.
I setup a PHP page outside the prototype directory, and used cURL to hit the prototype's start-page (/project04/start.html) -- and successfully authenticate. But I can't then use cURL to load and display the content from start.html onto that php page, because all the paths (for assets and links) in the prototype become wrong (and there's a ton of JS that might be problematic too).
I tried using header(Location: project04/start.html) in the php, after the cURL login, but that didn't work - the redirect just triggered the ugly http-auth login box again.
Is there any way to use PHP to login, and then let the user into the protected directory, to browse around the prototype?
Alternatively, the prototype works great embedded into an iframe (on a php page of my Wordpress site). But then the prototype directory itself is not actually protected from direct viewing - it's just hidden. I tried moving it outside my document-root, as a way to protect it without htaccess-auth, but then the paths are all bad again.
Any help super appreciated.
Thanks!
Been searching for an answer to this but read some conflicting reports.
I have a asp.net website with forms authentication setup and I'm adding some php pages to a subfolder within the site. I want these pages to follow the same authentication as the rest of the site, ie be bounced to my asp.net login form if not logged in.
Currently if I access a file http://localhost/test/test.php it is serving it even if I'm not logged in. However if I just browse to the folder http://localhost/test/ it does bounce me to login page. Guess I need to force these PHP pages through the asp pipeline but is this possible in classic mode / iis6?
I seem to have got this working by doing the following:
Convert folder containing my app into an application in iis 6 manager
Click Configuration in the Directory tab of the properties dialog for the above folder and define a wildcard mapping pointing to c:\windows\microsoft.net\framework\v4.0.30319\aspnet_isapi.dll
so I am moving a small app from Winforms to a web app, and I am doing this mainly in PHP (since it is the only web scripting language I know).
So in Winforms (C#) I use this code to grant access to users (everything is done through a W2K8 server)
WindowsPrincipal principal = new WindowsPrincipal(identity);
principal.IsInRole("CKT.DEL.W_IT_RW")
Deepending on false or true, the app grants access to specif forms inside the app.
It is very simple from my point of view.
Now, I have PHP and IIS 7.5 inside said server, with Windows Authentication enabled.
I am able to get the logged username automatically from IE inside PHP (which is already super useful) using
$_SERVER['LOGON_USER']
I've seen lots of questions about LDAP integration with PHP and so, but it seems way too big for me since I don't want any other thing from AD but the group auth.
So I was thinking, could it be possible to make a single page of ASP.net (or meybe classic) to authenticate the user, then send soe value in a POST variable, read it with PHP and the create a SESSION variable to keep the user authenticated?