I'm Working on an Intranet application that is build in PHP on IIS. I want to authenticate against an AD by passing the username automatically from the browser to the IIS using windows authentication. Is there anyway to do that?
Asked
Active
Viewed 1.3k times
1 Answers
4
Yes, IIS supports integrated Windows authentication. Access the 'Authentication' option for your website...
...and change the 'Windows Authentication' item to 'enabled' (and perhaps 'Anonymous Authentication' to 'disabled' if you want to force users to authenticate)...
More details are available on Technet.
In PHP the username should be populated in the $_SERVER superglobal. I think as AUTH_USER, but I can't confirm that right now. Use var_dump($_SERVER); to find the correct key.
timclutton
- 12,682
- 3
- 33
- 43
-
Thanks a lot @timclutton, you saved my life, just one more question is it possible to pass the username instead of typing the name and the password? – Shirko Shwan Dec 02 '14 at 13:50
-
@ShirkoShwan That should happen automatically in IE and Chrome. For IE you might need to enable a preference: `Internet Options > Advanced > Enable Integrated Windows Authentication`. And you might have to add the server to either the `Local Intranet` or `Trusted Sites` group in `Internet Options > Security`. – timclutton Dec 02 '14 at 16:40
-
IIS does not support HTTP/2 when using Windows Authentication (NTLM). So is there a way to still authenticate to AD from PHP on IIS, without using NTLM and breaking HTTP/2 and giving up the speed? – TampaCraig Nov 12 '20 at 05:39
-
@TampaCraig I haven't used IIS in years. Perhaps a third-party library like [adLDAP](https://github.com/adldap/adLDAP) (although that no longer seems to be under active development) would work for you. – timclutton Nov 12 '20 at 15:02