Windows 2000 Domain Authentication on IIS

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
skatestreet540
Forum Newbie
Posts: 4
Joined: Thu Feb 13, 2003 3:54 pm
Contact:

Windows 2000 Domain Authentication on IIS

Post by skatestreet540 »

I need help authenticating a user on the windows domain. It has to be able to run on IIS and PHP 4.3. It doesn't have to really do anything but tell me if it is a valid username and password on the domain.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

if you disable the anonymous login for that web-directory users must provide a valid login/password for that machine or the domain (depending on the configuration) to gain access to any content of the virtual directory.
You'll find this settings within the internet service manager or the mmc for IIS.
A brief overview can be found at http://www.trendmicro.fr/infoproduits/t ... sright.htm
skatestreet540
Forum Newbie
Posts: 4
Joined: Thu Feb 13, 2003 3:54 pm
Contact:

Post by skatestreet540 »

yes but could i get the user name from the browser so I can authenticate that user on my database just for priviledges. I already have a database, If i could verify that the user name and pass is correct then i can also match it with a username priv database. This code would have worked but not on 4.3.

<?

//Copyright 2002 Scott Dial
//scott@scottdial.com
//
//This code is free to modify, use, abuse, or whatever you like. It'd be interesting though to hear what you are using it for, so shoot me an email if you use this snippet.

//These values are pulled straight from winbase.h from the platform sdk

define("LOGON32_LOGON_INTERACTIVE", 2);
define("LOGON32_LOGON_NETWORK", 3);
define("LOGON32_LOGON_BATCH", 4);
define("LOGON32_LOGON_SERVICE", 5);

define("LOGON32_PROVIDER_DEFAULT", 0);
define("LOGON32_PROVIDER_WINNT35", 1);
define("LOGON32_PROVIDER_WINNT40", 2);
define("LOGON32_PROVIDER_WINNT50", 3);

//These aren't actually in winbase.h but are accurate
define("LOGON32_DOMAIN_LOCAL", ".");
define("LOGON32_DOMAIN_ALL", 0);


function NT_Validate_User($user, $domain, $pass)
{
w32api_register_function("kernel32.dll", "LocalAlloc", "long");
w32api_register_function("kernel32.dll", "LocalFree", "long");
w32api_register_function("kernel32.dll", "CloseHandle", "bool");
w32api_register_function("advapi32.dll", "LogonUserA", "bool");

$cleanup = w32api_register_function("deref.dll", "deref", "long");

$pHandle = LocalAlloc(0, 4); //Pointer to a HANDLE

$test = LogonUserA($user,
$domain,
$pass,
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
$pHandle);

if($test != 0)
{
return 1;
if($cleanup)
{
$handle = deref($pHandle);
CloseHandle($handle);
}
LocalFree($pHandle);
} else {
return 0;
}
}
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

should be working, maybe the answer is in viewtopic.php?t=511

But what kind of authentication do you want to perform, a domin login or a db-based login (refering to your pm)?
Post Reply