PHP 内网可以共享 Windows 登录吗?
我创建了一些需要用户登录的基于 PHP 的 Intranet 资源.用户创建自己的登录名,我使用 cookie 验证他们是否已登录.
I have created some PHP-based intranet resources that require users to log in. The users create their own logins, and I verify that they are logged in using a cookie.
有人问我是否可以将该登录名与他们的 Windows 登录名联系起来.我最初的回答是网页无法访问您的 Windows 登录名 - 这将是一个安全风险."但是我们的一个部门使用了 Sharepoint,它实际上将自己与 Windows 登录绑定在一起.
I've been asked if I can tie that login to their Windows login instead. My initial response was "a web page cannot access your Windows login - that would be a security risk." But one of our departments uses Sharepoint, and it does in fact tie itself to the Windows login.
这是怎么做到的?我可以用 PHP 做吗?如果是这样,为什么它不是一个可怕的安全漏洞?
How is that done? Can I do it in PHP? If so, why is it not a horrible security hole?
推荐答案
您正在寻找的是针对 PHP 网站的 NTLM 身份验证,这是完全可行的,但在 PHP 中似乎没有单一方法可以做到这一点.
What you are looking for is NTLM authentication against the PHP website, which is perfectly doable but seems there is no single way in PHP to do it.
看看http://siphon9.net/loune/2007/10/simple-lightweight-ntlm-in-php/
您还需要将站点添加到 IE 中的受信任站点(或您使用的任何浏览器中的等效站点),并在受信任站点的设置中,启用发送当前用户名和密码".
You also need to add the sites to your trusted sites in IE (or the equivalent in whichever browser you are using) and in the settings for trusted sites, turn on 'send current username and password'.
这不是一个可怕的安全漏洞,因为凭据不是通过网络直接发送的,并且最终用户已明确告诉浏览器将凭据发送到相关网站.
Its not a horrible security hole because the credentials are not sent en clair over the wire, and the end user has specifically told the browser to send credentials to the website in question.
相关文章