PHP Intranet可以共享Windows登录名吗? [英] Can a PHP intranet share Windows logins?

问题描述

我已经创建了一些基于PHP的Intranet资源，这些资源要求用户登录.用户创建自己的登录名，并验证他们是否使用Cookie登录.

I have created some PHP-based intranet resources that require users to log in. The users create their own logins, and I verify that they are logged in using a cookie.

有人问我是否可以将该登录名与他们的Windows登录名绑定.我最初的回答是网页无法访问您的Windows登录名-这将带来安全风险".但是我们的部门之一使用Sharepoint，实际上它确实与Windows登录相关.

I've been asked if I can tie that login to their Windows login instead. My initial response was "a web page cannot access your Windows login - that would be a security risk." But one of our departments uses Sharepoint, and it does in fact tie itself to the Windows login.

那是怎么做的?我可以用PHP做到吗?如果是这样，为什么它不是一个可怕的安全漏洞?

How is that done? Can I do it in PHP? If so, why is it not a horrible security hole?

推荐答案

您正在寻找的是针对PHP网站的NTLM身份验证，这是完全可行的，但PHP中似乎没有唯一的方法.

What you are looking for is NTLM authentication against the PHP website, which is perfectly doable but seems there is no single way in PHP to do it.

看看 http://siphon9.net /loune/2007/10/simple-lightweight-ntlm-in-php/

您还需要将站点添加到IE中的受信任站点(或使用任何浏览器的等效站点)，并在受信任站点的设置中启用发送当前用户名和密码".

You also need to add the sites to your trusted sites in IE (or the equivalent in whichever browser you are using) and in the settings for trusted sites, turn on 'send current username and password'.

这不是一个可怕的安全漏洞，因为凭据不是通过有线方式发送的，并且最终用户已明确告知浏览器将凭据发送到有问题的网站.

Its not a horrible security hole because the credentials are not sent en clair over the wire, and the end user has specifically told the browser to send credentials to the website in question.

这篇关于PHP Intranet可以共享Windows登录名吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！