如何使php应用程序需要智能卡身份验证
当 php 文件在 apache conf 中使用 SSLVerifyClient 保护时,我可以使浏览器强制使用智能卡(例如 ID 卡)进行身份验证。
现在我需要显示index.php,通常不需要智能卡身份验证,有时同一页面必须经过用户身份验证。
doStuff();
if ($needed==1)
authenticateUser();
doMoreStuff();
authenticateUser() 必须包含什么内容,以便调用它会导致浏览器询问智能卡 PIN 码?
I can make browser to force authentication with smart card eg ID-card when php file is protected with SSLVerifyClient in apache conf.
Now i need to display index.php usually without requiring smart card authentication and sometimes this same page must get user authenticated.
doStuff();
if ($needed==1)
authenticateUser();
doMoreStuff();
What must authenticateUser() contain so that calling it causes browser to ask smart card pin code?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你把这些东西混合了一点点。
authenticateUser();在服务器上运行,而身份验证发生在客户端上。您不能在运行用于客户端身份验证的 PHP 脚本的过程中停止,然后继续运行 PHP 脚本。作为问题的解决方案,这可能适用于您的情况:
通过使用
.htaccess,您可以仅为某些目录/文件定义SSLVerifyClient require。关键点是:您的 Web 服务器(在本例中为 Apache)需要客户端证书才能授予对您指定
SSLVerifyClient require的任何目录/文件的访问权限。结论是,没有办法做你想做的事。您只能拥有需要或不需要客户端证书的文件/目录。无法在 PHP 文件中间停止以请求客户端证书,但您可以重定向到需要客户端证书的文件。
You're mixing the things a tiny bit.
authenticateUser();runs on the server, while the authentication occurres on the client. You can't stop in the middle of running a PHP script for a client authentication and then continue running the PHP script.As a solution to your question, this might work in your case:
By using
.htaccessyou can defineSSLVerifyClient requireonly for some of the directories/files.The key point is: your web server(Apache in this case) requires a client certificate in order to grant access to any directories/files for which you specify
SSLVerifyClient require.In conclusion, there is no way to do what you want. You can only have files/directories that either require or don't require a client certificate. Tthere is no way to stop in the middle of a PHP file in order to require a client certificate, but you could redirect to one that requires one.