如何在 laravel 中将此代码用于 ntlm sso?
[英]How can I use this code for ntlm sso in laravel?
问题描述
<?php
$headers = apache_request_headers();
if (!isset($headers['Authorization'])){
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: NTLM');
exit;
}
$auth = $headers['Authorization'];
if (substr($auth,0,5) == 'NTLM ') {
$msg = base64_decode(substr($auth, 5));
if (substr($msg, 0, 8) != "NTLMSSP\x00")
die('error header not recognised');
if ($msg[8] == "\x01") {
$msg2 = "NTLMSSP\x00\x02\x00\x00\x00".
"\x00\x00\x00\x00". // target name len/alloc
"\x00\x00\x00\x00". // target name offset
"\x01\x02\x81\x00". // flags
"\x00\x00\x00\x00\x00\x00\x00\x00". // challenge
"\x00\x00\x00\x00\x00\x00\x00\x00". // context
"\x00\x00\x00\x00\x00\x00\x00\x00"; // target info len/alloc/offset
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: NTLM '.trim(base64_encode($msg2)));
exit;
}
else if ($msg[8] == "\x03") {
function get_msg_str($msg, $start, $unicode = true) {
$len = (ord($msg[$start+1]) * 256) + ord($msg[$start]);
$off = (ord($msg[$start+5]) * 256) + ord($msg[$start+4]);
if ($unicode)
return str_replace("\0", '', substr($msg, $off, $len));
else
return substr($msg, $off, $len);
}
$user = get_msg_str($msg, 36);
$domain = get_msg_str($msg, 28);
$workstation = get_msg_str($msg, 44);
// print "You are $user from $domain/$workstation";
print "$user";
}
}
When I use this code I have response - user Login and I need to catch it and try to authorize with userLogin, I already use ldap auth in my site and I need just use this login for auth.
当我使用此代码时,我有响应 - 用户登录,我需要捕获它并尝试使用 userLogin 进行授权,我已经在我的站点中使用了 ldap 身份验证,我只需要使用此登录进行身份验证。
But I have a problem, when I use this code if I am not in domain and try to use header request I have alert modal what trying to ask me about login.但是我有一个问题,当我使用此代码时,如果我不在域中并尝试使用 header 请求,我有警告模式试图询问我有关登录的信息。 How to do right?怎么做才对?
1 个解决方案
解决方案1
0 2019-10-14 18:05:29
You'll need to configure a Middleware to validate requests on NTLM network.您需要配置一个中间件来验证 NTLM 网络上的请求。
On my company we have the Employee table with field 'matricula', same value used to login on windows.在我的公司,我们有 Employee 表,字段为“matricula”,用于登录 windows 的值相同。
So, I replaced App\User Model for App\Employee and put 'matricula' field as ID in my case, but you can use App\User with ID因此,我将 App\User Model 替换为 App\Employee 并在我的情况下将“matricula”字段作为 ID,但您可以使用带有 ID 的 App\User
Step 1: Configure route Middleware第一步:配置路由中间件
File app\Http\Kernel.php add at array $routeMiddleware value文件app\Http\Kernel.php添加到数组 $routeMiddleware 值
protected $routeMiddleware = [
...
'ntlm' => \App\Http\Middleware\NTLMAuth::class,
]
Step 2: Create a Middleware file第 2 步:创建中间件文件
Create a Middleware file at 'app\Http\Middleware\NTLMAuth'.在“app\Http\Middleware\NTLMAuth”创建一个中间件文件。 (Laravel 5.7) (Laravel 5.7)
//app\Http\Middleware\NTLMAuth.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class NTLMAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$auth = $request->header("Authorization");
$user = ' ';
if ($auth == null || strlen($auth) < 4 ){
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: NTLM');
exit;
}
if (substr($auth,0,5) == 'NTLM ') {
$msg = base64_decode(substr($auth, 5));
if (substr($msg, 0, 8) != "NTLMSSP\x00"){
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: NTLM');
exit;
}
if ($msg[8] == "\x01") {
$msg2 = "NTLMSSP\x00\x02\x00\x00\x00".
"\x00\x00\x00\x00". // target name len/alloc
"\x00\x00\x00\x00". // target name offset
"\x01\x02\x81\x00". // flags
"\x00\x00\x00\x00\x00\x00\x00\x00". // challenge
"\x00\x00\x00\x00\x00\x00\x00\x00". // context
"\x00\x00\x00\x00\x00\x00\x00\x00"; // target info len/alloc/offset
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: NTLM '.trim(base64_encode($msg2)));
exit;
}else if ($msg[8] == "\x03") {
function get_msg_str($msg, $start, $unicode = true) {
$len = (ord($msg[$start+1]) * 256) + ord($msg[$start]);
$off = (ord($msg[$start+5]) * 256) + ord($msg[$start+4]);
if ($unicode)
return str_replace("\0", '', substr($msg, $off, $len));
else
return substr($msg, $off, $len);
}
$user = get_msg_str($msg, 36);
$domain = get_msg_str($msg, 28);
$workstation = get_msg_str($msg, 44);
}
$employee = \App\Model\Employee::where('matricula', $user)->first();
if( $employee != null ){
Auth::loginUsingId( $employee->matricula );
}
$user = ( Auth::check() )? Auth::user()->nome : 'Not Found';
$request->attributes->set('user', $user);
return $next($request);
}
}
}
Basically, I extract the user on NTLM, search on Employee table and set in Auth::loginUsingId基本上,我在 NTLM 上提取用户,在 Employee 表上搜索并在 Auth::loginUsingId 中设置
$employee = \App\Model\Employee::where('matricula', $user)->first();
Auth::loginUsingId( $employee->matricula );
After configured you can use on controllers配置后,您可以在控制器上使用
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Model\Employee;
use Auth;
class HomeController extends Controller
{
public function __construct()
{
$this->middleware('ntlm');
}
public function index()
{
return view('home');
}
public function welcome()
{
$employees = Employee::take(5)->get();
return view('welcome', compact('employees') );
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.