Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting Up Windows Authentication for Apache

To begin, I've been searching the internet for about an hour trying to find out how to do this with no success - therefore I'm writing this question.

I have an intranet site that requires to access the users Windows Username (not the server running Apache, but a user accessing the intranet site).

I have installed adLDAP and have it working where a user can log in by that, to check the group that the user is in. But, to have my site more secure I'd rather it access the Windows username.

I've saw that there's an apache module called mod_auth_sspi but I could not find how to install it or even implement (use) it in my code.

I am using Apache v2.4, PHP 5.6.8 on Windows Server 2008.

like image 245
Callum Luke Vernon Avatar asked Dec 07 '15 11:12

Callum Luke Vernon


People also ask

How do I set up Windows Authentication?

In Control Panel, click Programs and Features, and then click Turn Windows features on or off. Expand Internet Information Services, expand World Wide Web Services, expand Security, and then select Windows Authentication. Click OK. Click Close.

How do I enable Windows integrated authentication?

Open the Windows Control Panel and go to Network and Internet > Internet Options. On the Advanced tab, select Enable Integrated Windows Authentication.


1 Answers

So... I found out how to do this after a few more hours of Googling ... it should really be more straight forward to find an answer, but nevertheless, here it is:

1) Download the following module for your system (32 bit of 64 bit): https://www.apachehaus.net/modules/mod_authnz_sspi/

2) Paste the file into your modules folder. /apache/modules/

3) Edit the following configuration files:

3.1) php/php.ini: Uncomment extension=php_ldap.dll line.

3.2) apache/conf/httpd.ini: Add the following to the end of the LoadModules Section:

LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so

3.3) Find the <Directory tag and delete the opening and closing tag, along with its contents. Then paste in the following:

<Directory /> 
Options None 
AllowOverride All 
Order allow,deny 
Allow from all 
AuthName intranet
AuthType SSPI 
SSPIAuth On 
SSPIAuthoritative On 
SSPIOfferBasic On 
SSPIOmitDomain On 
Require valid-user 
</Directory>

Then after restarting Apache, it all should work. Obtain the user name of the Windows user via <?php echo $_SERVER['PHP_AUTH_USER'] ?>

like image 175
Callum Luke Vernon Avatar answered Sep 26 '22 15:09

Callum Luke Vernon