PHP - Windows Authentication

creativeartist · #1 (**permalink**) 07-08-08, 05:45 AM

I have PHP website running on an apache 2.2 webserver which is in a Windows Network. All users log in on their computers with a network account.

If this is the case I would need to get their network account user name for the each person's login.So the login to website will be authenticated using their username

How can I get this using php???.Please help me on this

<?Wille?> · #2 (**permalink**) 07-08-08, 05:58 AM

im pretty sure that cant be done with php alone. what you might be able to do is make a login script on the server and have that interact with something somewhere.

creativeartist · #3 (**permalink**) 07-08-08, 06:06 AM

how can I do this thats my question.What PHP or apache method need to be used for this??

<?Wille?> · #4 (**permalink**) 07-08-08, 06:20 AM

if you want a complete solution then Script requests is the correct forum to post in.
And when i mentioned login script i meant Visual Basic on the windows server that authenticates users as then log in on their computers. It Might be possible to have that talk to a database server that stores their logged in state and which computer that is on. Doing this with purely php is as far as i know impossible.

bizzar528 · #5 (**permalink**) 07-08-08, 07:15 AM

I've done something like this and there's a simple method I worked on early in my career. You'll need to know how AD works in order to properly authenticate with it.

The theory behind it is using the AD connection functions provided in PHP. Basically you'll use php to connect to AD and bind to it. If the binding succeeds, then the user account is valid. If the bind fails, then there's a problem with the login information. I'm not 100% sure what happens with user accounts that are disabled, but it's something to test for.

You can use a class like this... http://adldap.sourceforge.net/

Or build a custom solution like this guy...
http://bytes.com/forum/thread633375.html

This function is pretty much what your looking for...
http://www.php.net/ldap_bind

The hardest part for me was learning how LDAP worked, but once you figure it out, it's pretty easy to work with.

<?Wille?> · #6 (**permalink**) 07-08-08, 07:23 AM

I tought that he wanted a method to auto auth people for hes website based on the username provided on windows login

bizzar528 · #7 (**permalink**) 07-08-08, 08:10 AM

If that's the case, javascript could probably pull that info, but i can't imagine that being a secure solution for a website. If anyone doesn't lock their workstation, then anyone can sit down and access the site as that user.

Plus php is a server side language so there would need to be some sort of cross-over language like java or javascript to get that info.

creativeartist · #8 (**permalink**) 07-09-08, 12:04 AM

Thanks

But how can I use the javascript to do this.Do you know how to do this with javascript??

bizzar528 · #9 (**permalink**) 07-09-08, 10:40 AM

From what I was reading, sounds likeyou'll have to do it using an activex control.

But start here... should help...
http://www.google.com/search?hl=en&q...ndows+username

Kelvin · #10 (**permalink**) 07-09-08, 05:18 PM

I played about with this sometime ago, and found 2 solutions, also 1 very important piece of info is that Windows User details are only passed via IE (it will not work with Firefox) and the site MUST be defined in IE's Intranet zone.

First one is called Plexcel, which is an extension for PHP and works very well, the developer is also friendly and was very helpful. Note this is a commercial product, but its free if you have less than 50 users (PLEASE VERIFY THIS, it may be less or might have changed)

http://www.ioplex.com/

The other is an Apache module

http://adldap.sourceforge.net/wiki/d...h_ntlm_winbind

Cheers
Kelvin