php:转发ntlm凭据卷曲
[英]php: forward ntlm credentials to curl
问题描述
I have a dynamic php page which I need to call with a get parameter. 
我有一个动态的PHP页面,我需要使用get参数调用。 I then want to put the generated html into a string and use it later ( I'm tryign out tonic framework for web services) 然后,我想将生成的html放入一个字符串中,稍后再使用它(我正在尝试使用tonic框架进行Web服务)
So this is similar to PHP - Read dynamically generated (and echoed) HTML into a string? 所以这类似于PHP - 将动态生成(和回显)的HTML读入字符串? and I tried the answer that uses cURL. 我尝试了使用cURL的答案。
The issue is that authentication is done with ntlm (apache mod_auth_sspi). 问题是使用ntlm(apache mod_auth_sspi)完成身份验证。 The php script executing curl is already authenticated, eg only valid users can ever execute it. 执行curl的php脚本已经过身份验证,例如,只有有效的用户才能执行它。 It is somehow possible to pass on these "credentials" to cURL? 以某种方式可以将这些“凭据”传递给cURL? (username is available but of course not the password) (用户名可用但当然不是密码)
Or a completely different approach would be fine too but only idea I had was to make a function that creates a string with html content. 或者一个完全不同的方法也可以,但我只想创建一个创建带有html内容的字符串的函数。
$response = new Response($request);
$format = $request->mostAcceptable(array(
'json', 'html', 'txt'
));
switch ($format) {
case 'html':
$response->addHeader('Content-type', 'text/html');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost/viewRecord.php?identifier=' . $identifier);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
$html = curl_exec($ch);
curl_close($ch);
$response->body = $html;
break;
//...
}
3 个解决方案
解决方案1
6 2013-03-21 15:47:34
I was able to get this to work by adding the following curl options: 我可以通过添加以下curl选项来实现此功能:
curl_setopt($curly[$id], CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($curly[$id], CURLOPT_UNRESTRICTED_AUTH, true);
curl_setopt($curly[$id], CURLOPT_USERPWD, ":");
There is a bug open for this depending on the version of php: https://bugs.php.net/bug.php?id=62195 根据php的版本,有一个错误: https : //bugs.php.net/bug.php? id = 62195
解决方案2
1 2019-02-11 10:37:14
This is what worked for me: 这对我有用:
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM|CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_UNRESTRICTED_AUTH, true);
curl_setopt($ch, CURLOPT_USERPWD, "YOUR_USER:YOUR_PWD");
解决方案3
0 已采纳 2012-02-12 14:34:03
The answer is simple: 答案很简单:
This is not possible. 这是不可能的。
A workaround is to put all the files (including php, JavaScript and CSS) in a directory that does not need require NTLM authentication. 解决方法是将所有文件(包括php,JavaScript和CSS)放在不需要NTLM身份验证的目录中。
To achieve this one either needs access to the Apache Configuration and if that is not possible only thing you can hope for is that the Apache Configuration allows overriding SSPI in .htaccess. 要实现这一点,要么需要访问Apache配置,如果不可能,那么只有Apache配置允许覆盖.htaccess中的SSPI。 Allow any authentication (=also none) but limit access to 127.0.0.0 since allrequest come from cURL on the same server. 允许任何身份验证(=也无),但限制对127.0.0.0的访问,因为allrequest来自同一服务器上的cURL。
For authorization, you can put the data in the php session an pass the session cookie on to cURL and then the session data can be used for authorization in the page called from cURL. 对于授权,您可以将php会话中的数据传递给会话cookie到cURL,然后会话数据可用于从cURL调用的页面中的授权。
EDIT: 编辑:
I've basically reduced NTLM usage even more. 我基本上减少了NTLM的使用量。 I now have 1 login page (authentication) and everything else is controlled by php session (authorization). 我现在有1个登录页面(身份验证),其他一切都由php session(授权)控制。 See 看到
Apache2, PHP: create automatic ntlm login page Apache2,PHP:创建自动ntlm登录页面
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.