To begin, I've been searching the internet for about an hour trying to find out how to do this with no success - therefore I'm writing this question.
I have an intranet site that requires to access the users Windows Username (not the server running Apache, but a user accessing the intranet site).
I have installed adLDAP and have it working where a user can log in by that, to check the group that the user is in. But, to have my site more secure I'd rather it access the Windows username.
I've saw that there's an apache module called mod_auth_sspi but I could not find how to install it or even implement (use) it in my code.
I am using Apache v2.4, PHP 5.6.8 on Windows Server 2008.
In Control Panel, click Programs and Features, and then click Turn Windows features on or off. Expand Internet Information Services, expand World Wide Web Services, expand Security, and then select Windows Authentication. Click OK. Click Close.
Open the Windows Control Panel and go to Network and Internet > Internet Options. On the Advanced tab, select Enable Integrated Windows Authentication.
So... I found out how to do this after a few more hours of Googling ... it should really be more straight forward to find an answer, but nevertheless, here it is:
1) Download the following module for your system (32 bit of 64 bit): https://www.apachehaus.net/modules/mod_authnz_sspi/
2) Paste the file into your modules folder. /apache/modules/
3) Edit the following configuration files:
3.1) php/php.ini
: Uncomment extension=php_ldap.dll
line.
3.2) apache/conf/httpd.ini
: Add the following to the end of the LoadModules Section:
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
3.3) Find the <Directory
tag and delete the opening and closing tag, along with its contents. Then paste in the following:
<Directory />
Options None
AllowOverride All
Order allow,deny
Allow from all
AuthName intranet
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
Require valid-user
</Directory>
Then after restarting Apache, it all should work. Obtain the user name of the Windows user via <?php echo $_SERVER['PHP_AUTH_USER'] ?>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With