从浏览器获取用户身份
我曾经在一家银行工作,该银行的内联网有一个非常酷的功能。一旦您登录计算机,就会通过 Apache 在 PHP 中设置全局变量,它们包含登录计算机的用户的身份。现在我找到了一份新工作,我想知道这东西是如何工作的!我想再次实施这样的事情。
我在这里使用的是:
- FreeBSD 服务器,版本对我来说是未知的。
- Apache 2.2 Web服务器
- PHP 5,一些自定义编译,由于各种原因,我无法升级或修改。
- MS AD
- 所有登录到其计算机的用户都使用活动目录,并且都位于同一个域中。
我以前的做法是这样的:
echo $_SERVER['username']
它将打印当前登录用户的用户名。
有人可以解释一下,这是如何做到的吗?
PS如果我的任何服务器设置不符合要求,请说出来,因为这样我就有理由要求老板给我一个自己的服务器,有更多的控制权。
I used to work for a bank, that had a very cool feature in it's intranet. Once you logged in your computer, there were global variables set in PHP through Apache, and they contained the identity of the user that was logged on on the computer. Now I'm at a new job, and I'm wondering, how this thing worked! I would like to implement this kind of thing once again.
What I'm working with here:
- FreeBSD server, version is unknown to me.
- Apache 2.2 web server
- PHP 5, some custom compilation, that for various reasons, I can't upgrade or modify.
- MS AD
- All of the users logging on to their computers are using active directory, all are in the same domain.
What I used to have was something like this:
echo $_SERVER['username']
which would print the username of the user currently logged in.
Could someone explain, how this could be done?
P.S. If any of my server settings are not what is required, say so, because then I will have a reason to ask the bosses to give me one of my own, with more control.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我没有正确理解这个问题,所以我编辑我的帖子...
你可以使用apache auth,你可以通过ip或主机名进行auth
http://httpd.apache.org/docs/2.0/en/howto/auth.html
I did not understand correctly the question, so I edit my post...
you could use apache auth, you can make auth by ip's or hostnames
http://httpd.apache.org/docs/2.0/en/howto/auth.html
有很多方法可以实现这一点。然而,其中很多都依赖于对客户端和服务器的控制。
明显的数据来源包括:
都没有解释该值如何出现在会话中——这必须在 PHP 代码中实现。
因此,如果不知道它在您以前的站点上是如何实现的,我们就无法告诉您:
给定您的资源列表,虽然可以基于直接 LDAP 调用来实现身份验证,但通过通过您的应用程序输入用户名和密码,我强烈建议使用(例如)openId - 但将提供程序限制为仅您的 openid 提供程序 - 这将使用 MSAD 作为后端。
There's lots of ways this might be implemented. However a lot of them depend on having control over the client as well as the server.
Obvious sources of data include:
However none of these explain how the value appeared in the session - this must have been implemented within the PHP code.
So without knowing how it was implemented at your previous site we can't tell you:
Given your resource list, while it would be possible to implement authentication based on direct LDAP calls, passing the username and password through your application, I would strongly recommend using (e.g.) openId - but restricting the providers to just your openid provider - which would use the MSAD as the backend.