Apache2、PHP:创建自动ntlm登录页面 [英] Apache2, PHP: create automatic ntlm login page

问题描述

我有带有 PyAuthenNTLM2 模块的 Apache2(参见 https://github.com/Legrandin/PyAuthenNTLM2).这个 Apache 模块将 windows 用户名放在 $_SERVER['REMOTE_USER'] 中.

I have Apache2 with PyAuthenNTLM2 module (see https://github.com/Legrandin/PyAuthenNTLM2). This Apache module put the windows user name in $_SERVER['REMOTE_USER'].

要启用此功能，您需要在 apache 配置(或 htaccess)中为文件或目录添加类似于以下内容的指令:

To enable this you need to put a directive similar to following in apache config (or htaccess) for a file or directory:

Order allow,deny
Allow from all

AuthType NTLM
AuthName "Test"
require valid-user

PythonAuthenHandler pyntlm
PythonOption Domain TESTDOMAIN
PythonOption PDC 192.168.0.10

问题是，只有浏览器提供了 NTLM 凭据，才能访问此类目录下的任何文件(包括 css、js).因此，在不是ntlm 保护"的页面中使用包含ntlm 保护"的包含将不起作用.

The thing is that any files under such a directory (including css, js) are only accessible if the NTLM credential are supplied by browser. So using a include that is "ntlm protected" in a page that is not will not work.

无论如何，我想要的是设置会话并使用会话完成进一步授权的单个页面.如果会话尚未设置或已过期，则用户会被无形地转移到自动登录页面，然后返回到实际请求的页面.

Anyway what I want is a single page that sets up a session and further authorization is done using the session. if session is not set yet or expired the user is invisibly transferred to the automatic login page and then back to the actual requested page.

我怎样才能做到这一点?

how can I achieve that?

推荐答案

我想出了以下脚本/解决方案:

I came up with following script / solution:

<?php

$validApplications = array("Application_1", "Application_2");
$baseUrl = 'http://' . $_SERVER["SERVER_NAME"] . '/';

if(!isset($_SERVER["REMOTE_USER"])){
    header('HTTP/1.1 401 Not Authorized', true, 401);
    //...display error page
    exit(0);
}

if(!isset($_GET["applicationName"]) 
        || !in_array($_GET["applicationName"], $validApplications) ){
    header('HTTP/1.1 400 Bad Request', true, 400);  
    //...display error page
    exit(0);
}

$application = $_GET["applicationName"];

if(!isset($_GET["returnTo"])){
    $returnTo = $baseUrl . $application . "index.php";
} else {
    $returnTo = $_GET["returnTo"];
}

$sessionName = "PHP" . $application . "Session";

session_name($sessionName);
session_start();

session_regenerate_id(TRUE);
/* erase data carried over from previous session */
$_SESSION=array();
$_SESSION['login'] = $_SERVER['REMOTE_USER'];
header("Location: " . $returnTo);
?>

这个脚本，让我们称之为 login.php 必须在一个相应的 Apache2 模块下，该模块可以设置 $_SERVER["REMOTE_USER"](我使用 PyAuthenNTLM2)，如我的问题所示.

This script, lets call it login.php must be under an according Apache2 module that can set $_SERVER["REMOTE_USER"] (I use PyAuthenNTLM2) like displayed in my Question.

应用程序中的每个网页都必须首先检查 $_SESSION['login'] 是否设置，如果没有重定向到此登录页面:

Each web page in ana application then must first check if $_SESSION['login'] is set or not and if not redirect to this login page:

if (!isset($_SESSION['login'])) {
    $queryString = "returnTo=" . urlencode($_SERVER["REQUEST_URI"]) . "&applicationName=Application_1";
    header ("location: " . $baseUrl . "login.php?" . $queryString);
    exit(0);
}

这篇关于Apache2、PHP:创建自动ntlm登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！