Setting Up Windows Authentication for Apache

Question

To begin, I've been searching the internet for about an hour trying to find out how to do this with no success - therefore I'm writing this question.

I have an intranet site that requires to access the users Windows Username (not the server running Apache, but a user accessing the intranet site).

I have installed adLDAP and have it working where a user can log in by that, to check the group that the user is in. But, to have my site more secure I'd rather it access the Windows username.

I've saw that there's an apache module called mod_auth_sspi but I could not find how to install it or even implement (use) it in my code.

I am using Apache v2.4, PHP 5.6.8 on Windows Server 2008.

Answer 1

So... I found out how to do this after a few more hours of Googling ... it should really be more straight forward to find an answer, but nevertheless, here it is:

1) Download the following module for your system (32 bit of 64 bit): https://www.apachehaus.net/modules/mod_authnz_sspi/

2) Paste the file into your modules folder. /apache/modules/

3) Edit the following configuration files:

3.1) php/php.ini: Uncomment extension=php_ldap.dll line.

3.2) apache/conf/httpd.ini: Add the following to the end of the LoadModules Section:

LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so

3.3) Find the <Directory tag and delete the opening and closing tag, along with its contents. Then paste in the following:

<Directory /> 
Options None 
AllowOverride All 
Order allow,deny 
Allow from all 
AuthName intranet
AuthType SSPI 
SSPIAuth On 
SSPIAuthoritative On 
SSPIOfferBasic On 
SSPIOmitDomain On 
Require valid-user 
</Directory>

Then after restarting Apache, it all should work. Obtain the user name of the Windows user via <?php echo $_SERVER['PHP_AUTH_USER'] ?>