Windows user impersonation in PHP?

Question

I am tasked the upgrade of our company's website in order to migrate it to a new machine. Users in our website log in using the login page and I added a module in IIS that intercepts the requests in order to set the right cookies and security tokens for entering the website. In the earlier version we used an ISAPI script in C++ but since it isn't functional on our new machine I had to code this new IIS module.

Now the web users are mapped to a windows account on the web server to allow or deny access to filesystem ressources (mostly images and videos). The mapping is in our database.

Inside the php pages of the website there are mentions of $REMOTE_USER which is guess the windows account under which the web request is handled. IIS attributes a default account to the requests but I would like to run the request under different credentials. In other words if ClientOne logs in to the website and he's mapped to the NT account UsrRestricted I would like the request to be run as if UsrRestricted was running the show instead of the IIS default which is I think IUSR.

So how can I set a windows account on behalf of whom the following request will be executed? I have read on ASP.net impersonation and I think this could be a solution but will it carry over to the server code in PHP ?

*I am of course a newbie in PHP and IIS and appreciate any tips.

Answer 1

You are likely using fast-cgi to run php within iis.

You can set fast-cgi to impersonate the client credentials by setting

fastcgi.impersonate = 1

in php.ini.