Using Windows Authentication with PHP

is it possible to have windows authentication on a php site?

You could use LDAP bindings for PHP to achieve this.

Here is an example implementing this using the ldap_bind PHP extension.

What this example achieves is using Active Directory to authenticate your clients against a directory service which is providing the list of the currently registered user on the Active Directory domain.

Can you get a Windows (AD) username in PHP?

Check the AUTH_USER request variable. This will be empty if your web app allows anonymous access, but if your server's using basic or Windows integrated authentication, it will contain the username of the authenticated user.

In an Active Directory domain, if your clients are running Internet Explorer and your web server/filesystem permissions are configured properly, IE will silently submit their domain credentials to your server and AUTH_USER will be MYDOMAIN\user.name without the users having to explicitly log in to your web app.

How to use the PHP built-in server with Windows Authentication (NTLM) to fill $_SERVER[LOGON_USER]?

This is a workaround, if anyone has a better/proper solution (i.e. enabling NTLM), please post it as an answer and I'll accept it.

I was able to fill that variable using a router script. According to the docs, this script is run at the start of each HTTP request, so I use it to set this variable when running locally.

Also in my case, my environment had these two variables set, USERDOMAIN and USERNAME, so I used them to form the LOGON_USER server variable.

routerCredentials.php

<?php
$_SERVER["LOGON_USER"] = getenv("USERDOMAIN") . "\\" . getenv("USERNAME");
return false; // serve the requested resource as-is.

To use it, you just have to point to that file when you start the PHP built-in server:

php -S localhost:8000 "c:\somepath\routerCredentials.php"

Windows authentication with PHP on IIS

Yes, IIS supports integrated Windows authentication. Access the 'Authentication' option for your website...

IIS1

...and change the 'Windows Authentication' item to 'enabled' (and perhaps 'Anonymous Authentication' to 'disabled' if you want to force users to authenticate)...

IIS2

More details are available on Technet.

In PHP the username should be populated in the $_SERVER superglobal. I think as AUTH_USER, but I can't confirm that right now. Use var_dump($_SERVER); to find the correct key.


Related Topics

PHP Simplexml + Get Attribute

Best Practice for Error Handling Using Pdo

Submit Multiple Forms with One Button

Disable Template Caching for Development in Opencart 3

Turkish Characters Are Not Displayed Correctly

Phpmailer Character Encoding Issues

How to Log in to PHPmyadmin with Wamp, What Is the Username and Password

PHP Curl Delete Request

Laravel Carbon Data Missing

Installing PHPunit via Pear

How to Bind Decimal/Double/Float Values with Pdo in PHP

PHP Include File in Webroot from File Outside Webroot

Getting Full Url with #Tag

PHP Sending Variables to File_Get_Contents()

"Warning: MySQL_Fetch_Array() Expects Parameter 1 to Be Resource, Boolean Given" Error While Trying to Create a PHP Shopping Cart

Laravel 5.3 New Auth::Routes()

PHP Function with Optional Parameters

Nginx Issues Http 499 Error After 60 Seconds Despite Config. (PHP and Aws)


Leave a reply



Submit