从PHP检索当前的Active Directory用户名

时间:2023-01-26 21:29:24

For a website on the Intranet with all the IE security settings setup. I want to retrieve the current AD username that the user is logged in with. I don't need to authenticate because I am assuming that the person on the computer has already gone through the process.

对于Intranet上的所有IE安全设置设置的网站。我想检索用户登录的当前AD用户名。我不需要进行身份验证,因为我假设计算机上的人已经完成了这个过程。

Is this even possible? I've seen a lot of NTLM related stuff that shows how to authenticate but I can't seem to pull the current authenticated username easily without a prompt box, which is what I'm trying to avoid.

这有可能吗?我已经看到很多与NTLM相关的东西,它们显示了如何进行身份验证,但是我似乎无法在没有提示框的情况下轻松地提取当前经过身份验证的用户名,这正是我要避免的。

The server setup is a Windows server with Apache. If it is easily done with a Linux machine I can move it there too.

服务器设置是使用Apache的Windows服务器。如果使用Linux机器轻松完成,我也可以将其移动到那里。

1 个解决方案

#1


As stated in your question, IE has to be configured to allow Windows Integrated Authentication. Doing so basically gives IE permission to provide your credentials/token to sites that request it (usually limited to sites in the Intranet zone). Note that your web site will have to request those credentials (in IIS it is as simple as checking a checkbox). In Apache you'll have to find an Apache module that add NTLM authentication support to your web server. A quick Google search revealed a few different modules, none seemed particularly up to date. If you get an Apache NTLM module working, I suspect you'll be able to access the username via$_SERVER['AUTH_USER'].

如您的问题所述,IE必须配置为允许Windows集成身份验证。这样做基本上允许IE允许向请求它的站点提供您的凭证/令牌(通常仅限于Intranet区域中的站点)。请注意,您的网站必须请求这些凭据(在IIS中,它就像检查复选框一样简单)。在Apache中,您必须找到一个Apache模块,为您的Web服务器添加NTLM身份验证支持。一个快速的谷歌搜索揭示了几个不同的模块,没有一个似乎特别是最新。如果你有一个Apache NTLM模块工作,我怀疑你将能够通过$ _SERVER ['AUTH_USER']访问用户名。

#1


As stated in your question, IE has to be configured to allow Windows Integrated Authentication. Doing so basically gives IE permission to provide your credentials/token to sites that request it (usually limited to sites in the Intranet zone). Note that your web site will have to request those credentials (in IIS it is as simple as checking a checkbox). In Apache you'll have to find an Apache module that add NTLM authentication support to your web server. A quick Google search revealed a few different modules, none seemed particularly up to date. If you get an Apache NTLM module working, I suspect you'll be able to access the username via$_SERVER['AUTH_USER'].

如您的问题所述,IE必须配置为允许Windows集成身份验证。这样做基本上允许IE允许向请求它的站点提供您的凭证/令牌(通常仅限于Intranet区域中的站点)。请注意,您的网站必须请求这些凭据(在IIS中,它就像检查复选框一样简单)。在Apache中,您必须找到一个Apache模块,为您的Web服务器添加NTLM身份验证支持。一个快速的谷歌搜索揭示了几个不同的模块,没有一个似乎特别是最新。如果你有一个Apache NTLM模块工作,我怀疑你将能够通过$ _SERVER ['AUTH_USER']访问用户名。