is it possible to have windows authentication on a php site?
You could use LDAP
bindings for PHP to achieve this.
Here is an example implementing this using the ldap_bind
PHP extension.
What this example achieves is using Active Directory
to authenticate your clients against a directory service which is providing the list of the currently registered user on the Active Directory domain.
Can you get a Windows (AD) username in PHP?
Check the AUTH_USER
request variable. This will be empty if your web app allows anonymous access, but if your server's using basic or Windows integrated authentication, it will contain the username of the authenticated user.
In an Active Directory domain, if your clients are running Internet Explorer and your web server/filesystem permissions are configured properly, IE will silently submit their domain credentials to your server and AUTH_USER
will be MYDOMAIN\user.name
without the users having to explicitly log in to your web app.
How to use the PHP built-in server with Windows Authentication (NTLM) to fill $_SERVER[LOGON_USER]?
This is a workaround, if anyone has a better/proper solution (i.e. enabling NTLM), please post it as an answer and I'll accept it.
I was able to fill that variable using a router script. According to the docs, this script is run at the start of each HTTP request, so I use it to set this variable when running locally.
Also in my case, my environment had these two variables set, USERDOMAIN
and USERNAME
, so I used them to form the LOGON_USER
server variable.
routerCredentials.php
<?php
$_SERVER["LOGON_USER"] = getenv("USERDOMAIN") . "\\" . getenv("USERNAME");
return false; // serve the requested resource as-is.
To use it, you just have to point to that file when you start the PHP built-in server:
php -S localhost:8000 "c:\somepath\routerCredentials.php"
Windows authentication with PHP on IIS
Yes, IIS supports integrated Windows authentication. Access the 'Authentication' option for your website...
...and change the 'Windows Authentication' item to 'enabled' (and perhaps 'Anonymous Authentication' to 'disabled' if you want to force users to authenticate)...
More details are available on Technet.
In PHP the username should be populated in the $_SERVER
superglobal. I think as AUTH_USER
, but I can't confirm that right now. Use var_dump($_SERVER);
to find the correct key.
Related Topics
Best Practice for Error Handling Using Pdo
Submit Multiple Forms with One Button
Disable Template Caching for Development in Opencart 3
Turkish Characters Are Not Displayed Correctly
Phpmailer Character Encoding Issues
How to Log in to PHPmyadmin with Wamp, What Is the Username and Password
How to Bind Decimal/Double/Float Values with Pdo in PHP
PHP Include File in Webroot from File Outside Webroot
PHP Sending Variables to File_Get_Contents()
Laravel 5.3 New Auth::Routes()
PHP Function with Optional Parameters
Nginx Issues Http 499 Error After 60 Seconds Despite Config. (PHP and Aws)