Jump to content

Archived

This topic is now archived and is closed to further replies.

Eiolon

Active Directory and sessions/cookies

Recommended Posts

Hello,

I am working on an intranet site and instead of making a membership system and having all employees remember two usernames/passwords, I am making IIS use the active directory database to protect files and directories that are restricted.  So here is my question:

Is there a way to treat active directory usernames as you would with sessions or cookies?  I would like to restrict pages to certain people but I still want to see who makes changes.

Thanks for your help!

Share this post


Link to post
Share on other sites
If your users have logged on to your network then you can get their username from
[code]
$domain_user = $_SERVER['LOGON_USER'];

echo $domain_user;  // --> domain\username.
[/code]
(Anonymous access must be disabled for this to work)

Share this post


Link to post
Share on other sites
Can this be then used within the header of index.php and passed to a database to find out what areas they can use (as long as their username is added exactly the same) and create a session for the duration and restrict thier usage throughout?  In one automated process?

Share this post


Link to post
Share on other sites
You can. I use it for access control and also for digging emails addresses out of the active directory.

Share this post


Link to post
Share on other sites
Wow, I've been looking for this for ages, and a stupid Microsoft Tech page told me php had no function for this, so stopped looking.

Also how can you get the e-mail addresses out, does that work to get all the other users on the network?

Share this post


Link to post
Share on other sites
How would I go about calling
[code]$domain_user = $_SERVER['LOGON_USER'];[/code]

Then taking of the prepend of the SERVER\ string to be left with just the user name, to query the Database for that user.

Or would it be easier but slower to retrive a list of the users from the database and compare it to the returned $domain_user to see if they exist in the database?

Share this post


Link to post
Share on other sites
If the domain name is always the same then you could substr() it

or explode it with / being the dilmeter and using the second index...

[code]
<?php
// domain user sample: MyDomainName/SharkBait
$domain_user = substr($_SERVER['LOGON_USER'], 0, 13);

// Or split it up
$domain_user = explode("/", $_SERVER['LOGON_USER']);
$domain_user = $domain_user [1];
?>
[/code]



Share this post


Link to post
Share on other sites
Cheers Sharkbait,

The first one only returns the Domain Name but the second array works well, I'm using Windows so had to change "/" to "\\" for anyone else interested.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.