問題描述

我創建了一些需要用戶登錄的基于 PHP 的 Intranet 資源.用戶創建自己的登錄名，我使用 cookie 驗證他們是否已登錄.

I have created some PHP-based intranet resources that require users to log in. The users create their own logins, and I verify that they are logged in using a cookie.

有人問我是否可以將該登錄名與他們的 Windows 登錄名聯系起來.我最初的回答是網頁無法訪問您的 Windows 登錄名 - 這將是一個安全風險."但是我們的一個部門使用了 Sharepoint，它實際上將自己與 Windows 登錄綁定在一起.

I've been asked if I can tie that login to their Windows login instead. My initial response was "a web page cannot access your Windows login - that would be a security risk." But one of our departments uses Sharepoint, and it does in fact tie itself to the Windows login.

這是怎么做到的?我可以用 PHP 做嗎?如果是這樣，為什么它不是一個可怕的安全漏洞?

How is that done? Can I do it in PHP? If so, why is it not a horrible security hole?

推薦答案

您正在尋找的是針對 PHP 網站的 NTLM 身份驗證，這是完全可行的，但在 PHP 中似乎沒有單一方法可以做到這一點.

What you are looking for is NTLM authentication against the PHP website, which is perfectly doable but seems there is no single way in PHP to do it.

看看http://siphon9.net/loune/2007/10/simple-lightweight-ntlm-in-php/

您還需要將站點添加到 IE 中的受信任站點(或您使用的任何瀏覽器中的等效站點)，并在受信任站點的設置中，啟用發送當前用戶名和密碼".

You also need to add the sites to your trusted sites in IE (or the equivalent in whichever browser you are using) and in the settings for trusted sites, turn on 'send current username and password'.

這不是一個可怕的安全漏洞，因為憑據不是通過網絡直接發送的，并且最終用戶已明確告訴瀏覽器將憑據發送到相關網站.

Its not a horrible security hole because the credentials are not sent en clair over the wire, and the end user has specifically told the browser to send credentials to the website in question.

這篇關于PHP 內網可以共享 Windows 登錄嗎?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！