智能卡支持在 IIS 6 上托管 PHP 站点吗?

发布于 2024-11-04 10:03:10 字数 567 浏览 3 评论 0原文

过去几天我一直在对此进行一些研究,但尚未找到解决方案。我看到过一些建议,其中包括 php Exec() 函数来调用外部应用程序来处理此问题。我一直在为基于 PHP 的网站寻找这样的教程 - http://securitythroughabsurdity.com/2007/04/implementing-smart-card-authentication.html。对此的任何建议或指导将不胜感激。

谢谢, 杰里

编辑 - 我正在查看这篇文章 如何制作我正在编写 php 应用程序来要求智能卡身份验证,但它不符合我的目标。 SSLVerifyClient 要求可以与智能卡一起使用吗?

I have been doing some research on this the past couple days and have yet to find a solution. I have seen suggestions that include the php Exec() function to call an outside application to handle this. I have been looking for a tutorial like this one for a PHP based site - http://securitythroughabsurdity.com/2007/04/implementing-smart-card-authentication.html. Any advice or guidance on this would be greatly appreciated.

Thanks,
Jerry

Edit - I was checking this post out How to make php application to require smart card authentication but it does not pertain to my goal. Can the SSLVerifyClient require be used with a Smart Card?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

醉生梦死 2024-11-11 10:03:10

由于许多地方都支持国家身份证,我们在爱沙尼亚大量使用智能卡解决方案。我认为你看起来有点困惑——你不需要 exec()。您需要的是配置您的 Web 服务器(在本例中为 IIS)以请求客户端提供证书。这与 PHP 无关。这可以基于路径、子域等来完成,并且这可以是可选的或必需的。例如,我们经常将子域配置为 http://id.foobar 只能通过 ID 访问。芯片卡只是证书和密钥的载体。通常这无论如何都是“基于客户端的证书”并谷歌搜索它。
可以配置强制或可选的客户端证书要求。强制更安全,因为没有身份证的人没有机会看到你服务器上的任何内容。但这也有缺点 - 他们也看不到您发送的任何错误消息。我们经常使用可选要求。
在 PHP 方面,您只是收到某种环境变量。你需要检查他的内容。您可以通过 Google 搜索 SSL_CLIENT_S_DN 来获取您要搜索的内容。这是使用 Apache Web 服务器时获得的变量名称。关于IIS我一无所知,但基本原理是相同的,只是变量和配置选项的命名不同。

We use smartcard solutions in Estonia a lot because of national ID support in many places. I think you look bit confused by something - you do not need exec(). What you need, is to configure your web server (IIS in this case) to request client for certificate. This has nothing to do with PHP. This can be done based on path, subdomain or like this and this can be optional or required. For example we often configure subdomain a la http://id.foobar to be accessible with ID only. Chipcard is just carrier for certificate and keys. Usually this is anyway "client based certificate" and google for it.
It is possible to configure mandatory or optional client certificate requirement. Mandatory is safer because people without ID card have no chance to see anything on your server. But this has also downside - they also cannot see any error messages from you. We often use optional requirement.
On PHP side you just receive some sort of environment variable. You need to check for his contents. You get what you search for by Googling for SSL_CLIENT_S_DN. This is the name of variable you get when using Apache web server. About IIS I know nothing but fundamentals are same, just variables and configuration options are named different.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文