PHP NTLM身份验证到Active Directory +保持会话
[英]PHP NTLM Authentication to Active Directory + keeping session
问题描述
I've got NTLM (Active Directory) based service, and I need to write a PHP application. 
我有基于NTLM(活动目录)的服务,我需要编写一个PHP应用程序。 Normally, users are logging in to website with Activre Directory credentials, and it's ok. 通常,用户使用Activre Directory凭据登录网站,这没关系。 But what I want to do, is to let them type in their credentials to PHP-written site, which in next step will use cURL to authenticate users to that Active Directory based site where they normally log in. 但是我想做的是让他们在PHP编写的站点中输入其凭据,在下一步中,它将使用cURL来对用户通常登录的基于Active Directory的站点进行身份验证。
And this part is hard. 这部分很难。 I need then to keep session of users that through PHP cURL script authenticated to Active Directory based site in order to use them again later (CRON querying site to determine that it has changed and automatically do some operations when this happens, which normally user has do manually). 然后,我需要保持通过PHP cURL脚本对基于Active Directory的站点进行身份验证的用户会话,以便以后再次使用它们(CRON查询站点确定它已更改,并在发生这种情况时自动执行一些操作,通常用户已执行此操作)手动)。 In order to NOT store their credentials to authenticate again when this change happens, I somehow need to store NTLM session in PHP cURL site to every user that authenticated to that site through this PHP cURL site. 为了避免在发生此更改时不存储其凭据以再次进行身份验证,我不知何故需要在PHP cURL站点中将NTLM会话存储到通过此PHP cURL站点向该站点进行身份验证的每个用户。 My question is: Is that even possible? 我的问题是:那有可能吗?
Thanks in advance. 提前致谢。
@Willem Mulder @威廉·穆尔德
The code you've posted actually does cookie-storing, but that is not my point becouse I've already done that (sorry for not writing it before). 您发布的代码实际上可以存储cookie,但这并不是我的意思,因为我已经做到了(很抱歉以前没有编写过代码)。 What I got so far is: 到目前为止,我得到的是:
$cookie_file_path = dirname(__FILE__) . '/cookies.txt';
$ch = curl_init();
//==========================================================================
curl_setopt($ch, CURLOPT_USERPWD, $username. ':' . $password);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, 100);
//==========================================================================
$ret = curl_exec($ch);
By using options CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR , cURL does the cookie storing in local file "cookies.txt". 通过使用选项CURLOPT_COOKIEFILE和CURLOPT_COOKIEJAR ,cURL会将cookie存储在本地文件“ cookies.txt”中。 The problem is, that when I comment CURLOPT_USERPWD option (after authenticating and storing cookie, so theoretically I have session), I cannot authorize to website. 问题是,当我评论CURLOPT_USERPWD选项(在身份验证和存储cookie之后,从理论上讲,我有会话)时,我无法授权到网站。 Perhaps it reinitializes NTLM Handshake authorisation and is expecting username and password, which I don't want to store. 也许它会重新初始化NTLM握手授权,并希望输入我不想存储的用户名和密码。
I want to store session info only, to provide service this session info and omit second authentication, but cURL seems to not take this data from cookie file, and REWRITES it with not relevant data send to me from service as response to NOT AUTHRORISED access request. 我想只保存会话信息,提供服务这个会话信息,而忽略第二身份验证,但卷曲似乎没有采取从cookie文件这个数据,并与不相关的数据重写发送给我从服务的响应不AUTHRORISED访问请求。
1 个解决方案
解决方案1
1 已采纳 2013-02-27 09:39:49
Well, yes you could 好吧,是的,你可以
$ch = curl_init('http://www.google.com/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Get headers too with this line
curl_setopt($ch, CURLOPT_HEADER, 1);
$result = curl_exec($ch);
// Get cookie
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $m);
var_dump(parse_url($m[1]));
// And then of course store it somewhere :-)
As seen here how to get the cookies from a php curl into a variable 如此处所示, 如何将Cookie从php curl变成变量
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.