Scenario:
I have a area of a website that needs to be secure and accessible when offsite. I want the user to enter the username and password used to login at work in a web form. The form will send the username and password to authenticate it. If it works the user is logged in.
I need to use a form not a pop-up login box. PHP is preferred but I'm flexible. Any ideas to point me in the right direction?
My employer has a few secure areas they have set up that uses the "pop-up box". For what I need to accomplish I need to use a web form.
Try LDAP
http://www.devshed.com/c/a/PHP/Using-PHP-With-LDAP-part-1/
http://us2.php.net/ldap
I've written intranet web applications that use the local windows username and password to authenticate and LDAP is by far the best solution.
If you are using LDAP at work, go with that, if not, well you have to access it thru .NET.
Since there are several but not fully reliable .NET implementations for PHP, I would recommend using a WebService, which PHP would consume, that will pass the user and pass - encrypted would be nice - to it, and it will return if the credentials are valid or not.
You should be able to use LDAP, in your case it is most likely Windows Active Directory via IIS. There are php packages out there to interact with various types of LDAP implementations. Here is a link:
http://php.net/manual/en/book.ldap.php
use this http://pear.php.net/package/Auth and tie it in to ldap authentication at the back-end.
of especial interest to you would be the Auth::setShowLogin method...
Related
Our company has a mobile app. Until now we used LDAP authentication using PHP code to login on the app using the company's Active Directory user and password.
Now they tell me we have to stop using LDAP because there has been some security breach.
My question is, is there an equivalent of ldap_bind for Azure AD?
I've been looking for information and the answers I found are too complicated and elaborated.
Would be better to use a Native Azure App to link to our mobile App or is the PHP aproach better?
I don't need to get the Azure AD token and be able to do some operations or anything. I just want to check if user & password are correct and that's it.
Any guidance would be apreciated.
You will need to redirect the user to authenticate e.g. by using the OpenId Connect protocol.
LDAP is not supported in AAD.
The user may have e.g. Multi-Factor Authentication enabled and thus there is no way to surely authenticate programmatically.
So the right way is to register a Native app, and authenticate from your mobile app using ADAL or MSAL.
on my beaglebone i have installed hostapd, iscdhcp and lighttpd so i can build a router and webserver.
let say my network is not secured so every on can be connected to it, and will get an ip-address from the beaglebone-server.
After the person is connected to the network and he starts a browser he should be redirected to a homepage to give his password, if he is not authenticated yet.
do i need a webframe-work (like django) for this purpose?? if not what else??
i am familiar with programming in python, php, html and java.
thanks
You can use any of these framework since the have authetications nativly implemented but you don't need to, you can build your own authentication system: You will need a database/file to store credentails and a authentication program verifying credentials against this given storage in any language your webserver can use.
However I would strongly recommend you to use an established framework for authetication.
Recently I programmed a little app for my android device. As the datastorage for the app, Iam using a mysql database, which can be accessed via different php scipts. So all the app does, is it sends POST requests to the php scripts to communicate to the database.
But now I consider about the security aspect. These php scripts can be accessed by every webclient. So every webclient has the possibility to compromise my database, which is of course not the ideal case.
So I was wondering if there is a way to just allow authorized clients to use these php-webservices?
Does php provide any kind of authentification that can be used by an android client?
Cheers
You simply need to require an authentification when invoquing the service:
simple and dirty: http basic auth, like Twitter used to do
a better solution is OAuth, like Twitter now does
There are of course other possibilities (WS-Security, but you don't seem to use SOAP).
for security, you should prefer to interact through an API to your mysql...isn't it?
A few points:
Use a different port (i.e: not 80 or 8080) for the web access
Add authentication with a username and password. Inside your application, you can get these from a secure config file.
On the server side, you can also do some checking on user agents, IP addresses and maybe even device ids.
This is just a start
we have main server and sub-servers. and we can consider these sub server as separate applications. when user want to login at their application, the authentication must be perform at main server and it should return true or false. then user session is created at application side.
my problem is, just sending true or false is not safe. i want to generate token like how facebook does. I am not getting how to develop secured authentication system. pls can any one help me
You do not have to develop your own system.
Take a look at http://php.net/manual/en/book.oauth.php
and search for some oauth tutorials.
oauth is a token based system used by many webservices including
the services provided by google.
I recommend using a CAS server if you need to authenticate in one place to use a service in another, especially if you have several applications that need to authenticate from it. You can learn about it here: http://www.jasig.org/cas
We have a web-application, hosted externally. One client now asks for a SSO (single sign on) solution and suggested a LDAP link with our web-application.
Our website uses PHP. We prefer not to use something like VPN, but we have no experience at all with this stuff. Is it possible to use Windows authentication and somehow automatically login into our web application?
Any suggestions?
This can be done using NTLM authentication, but tying that to Windows credentials, is Internet Explorer spesific behaviour, and NTLM isn't that well supported in all browsers. I would reccomend you rather have an ldap authentication over ssl to your AD, and have a regular basic auth box pop up instead.
You then use PHP to bind with LDAP using the credentials supplied to determine if they're valid or not.