Page 1 of 1

Windows 2000 Domain Authentication on IIS

Posted: Thu Feb 13, 2003 3:54 pm
by skatestreet540
I need help authenticating a user on the windows domain. It has to be able to run on IIS and PHP 4.3. It doesn't have to really do anything but tell me if it is a valid username and password on the domain.

Posted: Thu Feb 13, 2003 5:37 pm
by volka
if you disable the anonymous login for that web-directory users must provide a valid login/password for that machine or the domain (depending on the configuration) to gain access to any content of the virtual directory.
You'll find this settings within the internet service manager or the mmc for IIS.
A brief overview can be found at http://www.trendmicro.fr/infoproduits/t ... sright.htm

Posted: Fri Feb 14, 2003 8:13 am
by skatestreet540
yes but could i get the user name from the browser so I can authenticate that user on my database just for priviledges. I already have a database, If i could verify that the user name and pass is correct then i can also match it with a username priv database. This code would have worked but not on 4.3.

<?

//Copyright 2002 Scott Dial
//scott@scottdial.com
//
//This code is free to modify, use, abuse, or whatever you like. It'd be interesting though to hear what you are using it for, so shoot me an email if you use this snippet.

//These values are pulled straight from winbase.h from the platform sdk

define("LOGON32_LOGON_INTERACTIVE", 2);
define("LOGON32_LOGON_NETWORK", 3);
define("LOGON32_LOGON_BATCH", 4);
define("LOGON32_LOGON_SERVICE", 5);

define("LOGON32_PROVIDER_DEFAULT", 0);
define("LOGON32_PROVIDER_WINNT35", 1);
define("LOGON32_PROVIDER_WINNT40", 2);
define("LOGON32_PROVIDER_WINNT50", 3);

//These aren't actually in winbase.h but are accurate
define("LOGON32_DOMAIN_LOCAL", ".");
define("LOGON32_DOMAIN_ALL", 0);


function NT_Validate_User($user, $domain, $pass)
{
w32api_register_function("kernel32.dll", "LocalAlloc", "long");
w32api_register_function("kernel32.dll", "LocalFree", "long");
w32api_register_function("kernel32.dll", "CloseHandle", "bool");
w32api_register_function("advapi32.dll", "LogonUserA", "bool");

$cleanup = w32api_register_function("deref.dll", "deref", "long");

$pHandle = LocalAlloc(0, 4); //Pointer to a HANDLE

$test = LogonUserA($user,
$domain,
$pass,
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
$pHandle);

if($test != 0)
{
return 1;
if($cleanup)
{
$handle = deref($pHandle);
CloseHandle($handle);
}
LocalFree($pHandle);
} else {
return 0;
}
}

Posted: Fri Feb 14, 2003 8:46 am
by volka
should be working, maybe the answer is in viewtopic.php?t=511

But what kind of authentication do you want to perform, a domin login or a db-based login (refering to your pm)?