Automatic authentication on NT network???

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Hebbs
Forum Commoner
Posts: 43
Joined: Mon Apr 22, 2002 9:34 pm
Location: Perth, Western Australia

Automatic authentication on NT network???

Post by Hebbs »

I would like to find a way of doing authentication on my work site automatically, by way of authentication of the users NT network logon against a table of users in MYSql.

What I want to do is bypass the need for another logon. Put simply if the user is logged on to the network he/she would be authenticated by the application and granted the appropriate level of access

I have seen this operate in ASP (although not the source code), does anyone know of PHP code that can help with this?

Regards

Hebbs
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

There's a whole bunch of variables which on my system at work contain my network logon info:
  • $_SERVER['AUTH_INFO']
  • $_SERVER['LOGON_USER']
  • $_SERVER['REMOTE_USER']
Run,

Code: Select all

<?php
phpinfo(32);
?>
To see what you've got set.

Mac
Hebbs
Forum Commoner
Posts: 43
Joined: Mon Apr 22, 2002 9:34 pm
Location: Perth, Western Australia

Post by Hebbs »

Thanks Mac,

That provided me with all the system and server info I could ever need except those you posted.

I have browsed through the php.ini file but cant seem to find a route to this info through here either.

I wonder why this wouldnt post?

Hebbs
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

According to the manual bit about $_SERVER
php manual wrote:$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the webserver. There is no guarantee that every webserver will provide any of these; servers may omit some, or provide others not listed here.
The thing to do would be to search the information provided when you run the file containing phpinfo() and see if you can spot your network login ID. If it's not there at all you might want to talk to whoever administers your webserver.

Mac
Hebbs
Forum Commoner
Posts: 43
Joined: Mon Apr 22, 2002 9:34 pm
Location: Perth, Western Australia

Post by Hebbs »

Mac,

I wonder.....

Please tell me if Im off the mark here but I think the problem is that PHP is sitting on my machine and not within the entire network.

The application Im creating sits on the network but is managed by myself and accessed by other limited users.

If this is the case should the network info im looking for show up upon the execution of the phpinfo() command? I think I may be running off in the wrong direction here...

Hebbs
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Sorry, I assumed that you were running off of a networked web server. No you won't get that network login info off of your local machine. From my quick check on localhost it would appear that your local machine knows nothing about you. I'm assuming (but remember I'm a web developer and not a network admin) that you need to be accessing the pages from a networked drive in order to get the auth info.

Mac
Hebbs
Forum Commoner
Posts: 43
Joined: Mon Apr 22, 2002 9:34 pm
Location: Perth, Western Australia

Post by Hebbs »

Not your fault, I should have thought to highlight that to start with.

There must be a way to do this, will try and track down a network guru in our department.

In the meantime will leave this up in the hope someone else has worked a way around the problem.

Thanks for the try tho.

Hebbs
User avatar
Wayne
Forum Contributor
Posts: 339
Joined: Wed Jun 05, 2002 10:59 am

Post by Wayne »

I know its not the most ideal way to do it, but you could always use VBScript to check the username on the clients machine and pass that to the php script to validate against the MySQL table.

The only problem with this is the security policies on the clients web browser will have to enable the VBScripts/ActiveX to run, shouldn't be a problem on a local network though.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

The autologon on NT-networks works because IE is responding to an NTML authentication challenge with the login of the currently logged on user and it's hashed password.
User avatar
Wayne
Forum Contributor
Posts: 339
Joined: Wed Jun 05, 2002 10:59 am

Post by Wayne »

You can have an html page with embedded VBScript that will check the USERNAME used to log onto the machine in the registry, and redirect to a php page with the USERNAME as the logon variable.

Note this will only bring back the network logon, not the users password.
Hebbs
Forum Commoner
Posts: 43
Joined: Mon Apr 22, 2002 9:34 pm
Location: Perth, Western Australia

Post by Hebbs »

Thanks guys,

Wayne - Unfortunately I havent done any scripting in VB. Any chance you can point me in a general direction where I might find an example of what you're describing?

Volka - Any idea on how I can introduce this functionaility into my php?

Hebbs
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

assuming that you are using a win32-network with IIS as webserver I googled a little bit around, but the only resource I found (this is not going to be my day :( ) was http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnvid/html/msdn_visecure.asp.
It's for MS InterDev and the subject is hidden well in the text ;)
Hebbs
Forum Commoner
Posts: 43
Joined: Mon Apr 22, 2002 9:34 pm
Location: Perth, Western Australia

Post by Hebbs »

Unfortunately Im running Apache, although that article was a good case for IIS, I thought.

Thanks for the reply, Im closer now than what I was but still a long way off.

Hebbs
User avatar
Wayne
Forum Contributor
Posts: 339
Joined: Wed Jun 05, 2002 10:59 am

Post by Wayne »

This is the VBScript I wrote. You just need to put it in a script file. You may need to change the registry variable that are used! I haven't test this on Windows95 and NT desktops, but it works on 98,2000 & XP so it should work.

Code: Select all

<script TYPE="text/vbscript" language="VBScript" src="scripts.vbs">
Then put this line in your header tags on your HTML page. And use a

Code: Select all

<BODY onLoad="User();">

Code: Select all

sub User()

Dim WSHShell, RegKey, UserName, Result, Platform, OS

Set WSHShell = CreateObject("WScript.Shell")
 
	Platform=navigator.userAgent
	if inStr(Platform,"Windows 95") > 0 then
		RegKey = "HKEY_LOCAL_MACHINE\Network\Logon"
		UserName = WSHShell.RegRead (regkey & "username")
		Platform = "Windows 95"
	elseif inStr(Platform,"Windows 98") > 0 then
		RegKey = "HKEY_LOCAL_MACHINE\Network\Logon"
		UserName = WSHShell.RegRead (regkey & "username")
		Platform = "Windows 98"
	elseif inStr(Platform,"Windows 2000") > 0 then
		RegKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer"
		UserName = WSHShell.RegRead (regkey & "Logon User Name")
		Platform = "Windows 2000"
	elseif inStr(Platform,"Windows NT") > 0 then
		RegKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer"
		UserName = WSHShell.RegRead (regkey & "Logon User Name")
		Platform = "Windows NT/XP"
	else
		UserName = "Unknown" 
	end if

	if UserName <> "Unknown" then
		document.location = "autologon.php?username=" & UserName
	else
		Result = MsgBox("User :  " & chr(9) & UserName & chr(13) & "OS    : " & chr(9) & Platform)
	end if

End sub
:wink: hope it helps.
Hebbs
Forum Commoner
Posts: 43
Joined: Mon Apr 22, 2002 9:34 pm
Location: Perth, Western Australia

Post by Hebbs »

Thanks Wayne,

Will give it a try!

Hebbs
Post Reply