For our company's intranet, I've turned on Windows Authentication in IIS so that I can automatically capture the network username for everyone hitting our website. It works well, but I'm having a problem with file permissions now. PHP normally executes the page request with the "Intranet Guest User" account (IUSR_COMPUTERNAME). But with Windows Authentication enabled (and Anonymous access disabled), PHP is executing the page request AS the user requesting the page (for instance, \\DomainName\JohnSmith). Further, John Smith is one of hundreds of employees that access the site. In order for him and everyone else to upload files or have PHP write files, I have to open up directories so that EVERYONE can read/write/modify them. This seems like a step backwards, security-wise; I'm worried about users mucking with each other's files. Does anyone have a suggestion for a better solution? I would prefer the previous method where PHP runs under a dedicated account (inaccessible by employees), which would make my directory permissions problem simpler. Thank you! Paul Kane This e-mail and any attachments are intended for the designated recipient(s) only. If you have received this e-mail in error, please notify administrator@xxxxxxxx and disregard this message. However, if you have obtained this e-mail via electronic eavesdropping, you are in violation of the Electronic Communications Privacy Act. Furthermore disclosure, copying, distribution, or taking of any action in reliance on the contents hereof is strictly prohibited without the explicit consent of University Federal Credit Union.
