Apache2,PHP:创建自动ntlm登录页面
[英]Apache2, PHP: create automatic ntlm login page
问题描述
I have Apache2 with PyAuthenNTLM2 module (see https://github.com/Legrandin/PyAuthenNTLM2 ). 
我有Apache2和PyAuthenNTLM2模块(参见https://github.com/Legrandin/PyAuthenNTLM2 )。 This Apache module put the windows user name in $_SERVER['REMOTE_USER']. 这个Apache模块将windows用户名放在$ _SERVER ['REMOTE_USER']中。
To enable this you need to put a directive similar to following in apache config (or htaccess) for a file or directory: 要启用此功能,您需要在apache config(或htaccess)中为文件或目录添加类似于以下的指令:
Order allow,deny
Allow from all
AuthType NTLM
AuthName "Test"
require valid-user
PythonAuthenHandler pyntlm
PythonOption Domain TESTDOMAIN
PythonOption PDC 192.168.0.10
The thing is that any files under such a directory (including css, js) are only accessible if the NTLM credential are supplied by browser. 问题是只有在浏览器提供NTLM凭证时才能访问此类目录下的任何文件(包括css,js)。 So using a include that is "ntlm protected" in a page that is not will not work. 因此,在页面中使用“ntlm protected”的包不会起作用。
Anyway what I want is a single page that sets up a session and further authorization is done using the session. 无论如何,我想要的是一个设置会话的页面,并使用该会话进一步授权。 if session is not set yet or expired the user is invisibly transferred to the automatic login page and then back to the actual requested page. 如果会话尚未设置或已过期,则用户将被无形转移到自动登录页面,然后返回到实际请求的页面。
how can I achieve that? 我怎么能实现这一目标?
2 个解决方案
解决方案1
2 已采纳 2012-08-07 10:39:57
I came up with following script / solution: 我想出了以下脚本/解决方案:
<?php
$validApplications = array("Application_1", "Application_2");
$baseUrl = 'http://' . $_SERVER["SERVER_NAME"] . '/';
if(!isset($_SERVER["REMOTE_USER"])){
header('HTTP/1.1 401 Not Authorized', true, 401);
//...display error page
exit(0);
}
if(!isset($_GET["applicationName"])
|| !in_array($_GET["applicationName"], $validApplications) ){
header('HTTP/1.1 400 Bad Request', true, 400);
//...display error page
exit(0);
}
$application = $_GET["applicationName"];
if(!isset($_GET["returnTo"])){
$returnTo = $baseUrl . $application . "index.php";
} else {
$returnTo = $_GET["returnTo"];
}
$sessionName = "PHP" . $application . "Session";
session_name($sessionName);
session_start();
session_regenerate_id(TRUE);
/* erase data carried over from previous session */
$_SESSION=array();
$_SESSION['login'] = $_SERVER['REMOTE_USER'];
header("Location: " . $returnTo);
?>
This script, lets call it login.php must be under an according Apache2 module that can set $_SERVER["REMOTE_USER"] (I use PyAuthenNTLM2) like displayed in my Question. 这个脚本,让我们称之为login.php必须在一个相应的Apache2模块下,可以设置我的问题中显示的$ _SERVER [“REMOTE_USER”](我使用PyAuthenNTLM2)。
Each web page in ana application then must first check if $_SESSION['login'] is set or not and if not redirect to this login page: 然后,ana应用程序中的每个网页都必须首先检查是否设置了$ _SESSION ['login'],如果没有重定向到此登录页面:
if (!isset($_SESSION['login'])) {
$queryString = "returnTo=" . urlencode($_SERVER["REQUEST_URI"]) . "&applicationName=Application_1";
header ("location: " . $baseUrl . "login.php?" . $queryString);
exit(0);
}
解决方案2
0 2012-07-31 12:12:40
I have done this with Apache and PHP, you'll need to look at session handling. 我用Apache和PHP完成了这个,你需要看看会话处理。 A quick google for "python session handling" returned various examples 一个快速的谷歌“python会话处理”返回了各种例子
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.