我的Apache2中PyAuthenNTLM2模块(请参阅 github/Legrandin/PyAuthenNTLM2 ) 。此Apache模块将Windows用户名在$ _ SERVER ['REMOTE_USER']
I have Apache2 with PyAuthenNTLM2 module (see github/Legrandin/PyAuthenNTLM2). This Apache module put the windows user name in $_SERVER['REMOTE_USER'].
要启用此,你需要把类似的指令,在Apache的配置(或htaccess的)文件或目录如下:
To enable this you need to put a directive similar to following in apache config (or htaccess) for a file or directory:
Order allow,deny Allow from all AuthType NTLM AuthName "Test" require valid-user PythonAuthenHandler pyntlm PythonOption Domain TESTDOMAIN PythonOption PDC 192.168.0.10问题是,这样一个目录下的任何文件(包括CSS,JS)仅可访问如果NTLM凭据是由浏览器提供。因此,使用一个包含在一个页面,是不是就不会工作NTLM保护。
The thing is that any files under such a directory (including css, js) are only accessible if the NTLM credential are supplied by browser. So using a include that is "ntlm protected" in a page that is not will not work.
反正我要的是建立一个会话单页,并进一步授权使用该会话完成。如果会议尚未设定或过期的用户不可见的转移到自动登录页面,然后再返回到实际的请求的页面。
Anyway what I want is a single page that sets up a session and further authorization is done using the session. if session is not set yet or expired the user is invisibly transferred to the automatic login page and then back to the actual requested page.
我怎么能做到这一点?
推荐答案我想出了下面的脚本/解决方案:
I came up with following script / solution:
<?php $validApplications = array("Application_1", "Application_2"); $baseUrl = '' . $_SERVER["SERVER_NAME"] . '/'; if(!isset($_SERVER["REMOTE_USER"])){ header('HTTP/1.1 401 Not Authorized', true, 401); //...display error page exit(0); } if(!isset($_GET["applicationName"]) || !in_array($_GET["applicationName"], $validApplications) ){ header('HTTP/1.1 400 Bad Request', true, 400); //...display error page exit(0); } $application = $_GET["applicationName"]; if(!isset($_GET["returnTo"])){ $returnTo = $baseUrl . $application . "index.php"; } else { $returnTo = $_GET["returnTo"]; } $sessionName = "PHP" . $application . "Session"; session_name($sessionName); session_start(); session_regenerate_id(TRUE); /* erase data carried over from previous session */ $_SESSION=array(); $_SESSION['login'] = $_SERVER['REMOTE_USER']; header("Location: " . $returnTo); ?>本脚本,让我们把它称为login.php中必须是按照模块的Apache2下,可以设置$ _ SERVER [REMOTE_USER]像显示在我的问题。(我用PyAuthenNTLM2)
This script, lets call it login.php must be under an according Apache2 module that can set $_SERVER["REMOTE_USER"] (I use PyAuthenNTLM2) like displayed in my Question.
在全日空的应用程序的每个网页,则必须先检查是否$ _SESSION ['登录']设置与否,如果不重定向到这个登录页面:
Each web page in ana application then must first check if $_SESSION['login'] is set or not and if not redirect to this login page:
if (!isset($_SESSION['login'])) { $queryString = "returnTo=" . urlencode($_SERVER["REQUEST_URI"]) . "&applicationName=Application_1"; header ("location: " . $baseUrl . "login.php?" . $queryString); exit(0); }更多推荐
的Apache2,PHP:创建自动NTLM登录页面
发布评论