Page 1 of 1

Not sure what to search for

Posted: Thu Apr 05, 2007 4:15 pm
by RobertGonzalez
Ok, I am at a total loss for what to search for, so I turn it over to this fine community.

I want to implement a single login system for my corporate internet. Basically if you are logged onto the network, whatever machine you are logged in to will, when opening IE, know who you are based on your network credentials and authenticate you with your network authentication.

What term should I be Googling for? I tried single sign-on, NT authentication, LDAP authentication, Active Directory Authentication (all with PHP) but I am having no luck finding what I am looking for. I am not necessarily looking for code or tutorials (I won't turn it away, but that is really not what I am after) so much as I am looking for the term I need to Google for in order to find what I want.

As always, any help you can offer is greatly appreciated.

Posted: Thu Apr 05, 2007 4:29 pm
by pickle
So you want IE to submit credentials that a user used to log in to a computer?

Posted: Thu Apr 05, 2007 4:38 pm
by nickvd
Search MSDN for an activex solution to grab the username/domain and do ldap based on that.

Posted: Thu Apr 05, 2007 4:38 pm
by RobertGonzalez
Yes. So once you are authenticated to the network via your PC login, you are logged in. Opening IE (any browser really, though I know IE integrates well with this process and FF/Opera require secondary login credential passing) should then serve up your intranet home page based on who you are as described by the network.

Posted: Thu Apr 05, 2007 4:42 pm
by pickle
I wish you the best of luck ;) I've never heard of this being done before for a web based program.

Posted: Thu Apr 05, 2007 4:46 pm
by RobertGonzalez
We have an application that does it already, but it is in ASP and not on our servers (in fact it is on an IIS machine, which I didn't realize until now). I know there is a way to do this, I am just not sure what to search for.

@nickvd, I will give that a shot momentarily.

Posted: Thu Apr 05, 2007 5:06 pm
by feyd
I remember something about a variable (or two) being set in $_SERVER or $_ENV when requesting via IE over a LAN.

Posted: Thu Apr 05, 2007 7:22 pm
by RobertGonzalez
I will into that tonight. I'd really like to be able to offer this, though the more I think about it the more it seems that it might not be the best way to go, what with have constant authenticated access to the intranet on your machine open all day long and people forgetting to lock their computers. That could go a long way in making my intranet app insecure from the physical access level

Posted: Fri Apr 06, 2007 11:55 am
by thiscatis
And Shibboleth + LDAP?
That's how they do it at my university