使用本地用户帐户PHP基于表单的身份验证的Windows [英] PHP Forms-Based Authentication on Windows using Local User Accounts
问题描述
我运行PHP,Apache和Windows操作系统。我没有一个域设置,所以我想我的网站的基于表单的身份验证使用本地用户帐户内置在Windows数据库(我认为这就是所谓的SAM)。
我知道,如果Active Directory是设置,您可以使用PHP LDAP模块连接,并在你的脚本进行身份验证,但没有广告就没有LDAP。相当于为独立的机器是什么?
我还没有找到一个简单的解决方案无论是。有使用的CreateObject和WINNT ADSI提供范例。但最终他们都碰到
与Active Directory服务接口WinNT提供用户身份验证的问题。我不是100%肯定,但我猜的WSH /网络连接方法有同样的问题。
据如何验证Microsoft操作系统上的你应该使用的LogonUser或SSPI用户凭据。
它还说,
的LogonUser的Win32 API不需要在Microsoft Windows Server TCB特权2003,但是,对于下层的兼容性,这仍然是最好的办法。在Windows XP中,它不再需要一个过程有SE_TCB_NAME特权才能调用LogonUser。因此,以验证用户的Windows XP上的凭据最简单的方法,是调用LogonUser的API。
所以,如果我是一定的Win9x / 2000不需要支持,我会写暴露的LogonUser到PHP扩展。
您可能也有兴趣的nofollow的>用户认证。它使用w32api延伸,需要一个支持DLL ...我宁愿写小LogonUser的扩展;-)
如果这不可行我大概看看IIS的FastCGI模块以及如何稳定是,让IIS处理身份验证。编辑:
我也试着利用 System.Security.Principal。 的WindowsIdentity和PHP的 COM / .NET扩展。但是,DOTNET构造似乎并没有让传递参数的对象构造函数和我的实验得到的组件(和它的CreateInstance())从的GetType()失败与未知变量容器的错误。I'm running PHP, Apache, and Windows. I do not have a domain setup, so I would like my website's forms-based authentication to use the local user accounts database built in to Windows (I think it's called SAM).
I know that if Active Directory is setup, you can use the PHP LDAP module to connect and authenticate in your script, but without AD there is no LDAP. What is the equivalent for standalone machines?
解决方案I haven't found a simple solution either. There are examples using CreateObject and the WinNT ADSI provider. But eventually they all bump into User authentication issues with the Active Directory Service Interfaces WinNT provider. I'm not 100% sure but I guess the WSH/network connect approach has the same problem.
According to How to validate user credentials on Microsoft operating systems you should use LogonUser or SSPI.
It also saysLogonUser Win32 API does not require TCB privilege in Microsoft Windows Server 2003, however, for downlevel compatibility, this is still the best approach.On Windows XP, it is no longer required that a process have the SE_TCB_NAME privilege in order to call LogonUser. Therefore, the simplest method to validate a user's credentials on Windows XP, is to call the LogonUser API.
Therefore, if I were certain Win9x/2000 support isn't needed, I would write an extension that exposes LogonUser to php.
You might also be interested in User Authentication from NT Accounts. It uses the w32api extension, and needs a support dll ...I'd rather write that small LogonUser-extension ;-)
If that's not feasible I'd probably look into the fastcgi module for IIS and how stable it is and let the IIS handle the authentication.edit:
I've also tried to utilize System.Security.Principal.WindowsIdentity and php's com/.net extension. But the dotnet constructor doesn't seem to allow passing parameters to the objects constructor and my "experiment" to get the assembly (and with it CreateInstance()) from GetType() has failed with an "unknown zval" error.这篇关于使用本地用户帐户PHP基于表单的身份验证的Windows的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
