RE: Integrated Authentication on IIS 6.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the response!

Yes, believe it or not it does work, or at least did on IIS 5. When I
turn on Integrated Security on the web server it causes PHP to run as
the user logged in instead of the Anonymous user. Then calling
odbc_connect with a blank username/password combination in cooperation
with a system DSN configured to use Windows Authentication caused the
connection to be made via the individual user's Windows credentials.
This behavior is eluded to in a note on the php site from "flo" :

--------------------
If you don't want to specify your login credentials on your web server,
you can leave the login fields blank to use the integrated windows
security like here: 

odbc_connect("DSN=DataSource","",""); 

Make sure you have switched your system dsn to integrated security, too
! 

(works on windows machines only, of course) 
--------------------

My intranet application relies on this ability. My working production
server is IIS 5 on Advanced Server 2000 with PHP 5.04. My new server is
IIS 6 on Windows 2003 Server with PHP 5.04. Both are operating in ISAPI
mode. $AUTH_USER does report correctly the authenticated user on both
systems, but a call to odbc_connect on the new system gives this error:

Warning: odbc_connect() [function.odbc-connect]: SQL error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user
'(null)'. Reason: Not associated with a trusted SQL Server connection.,
SQL state 28000 in SQLConnect in testOdbc.php on line 3

For some reason odbc_connect on IIS 6.0 is not acting the same as it is
on IIS 5. I'm pretty sure it's a configuration problem, I just can't
find it. :-\

<>< Ryan


-----Original Message-----
From: tg-php@xxxxxxxxxxxxxxxxxxxxxx
[mailto:tg-php@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, May 23, 2005 12:38 PM
To: php-db@xxxxxxxxxxxxx
Cc: Ryan Jameson (USA)
Subject: Re:  Integrated Authentication on IIS 6.0

Maybe I'm not understanding the situation properly, because I can't see
why you would have had it working under IIS5 if your configuration is
how I think it is.

Integrated authentication basically allows a workstation that's logged
into a domain to automatically pass it's credentials from the
workstation to the domain.

Using this, you can get the currently logged in userid via server
variables from IIS into PHP.

But you never get the user's password or are able to get anything into
PHP that will automatically connect you to a database or other trusted
data source.   If you connect to a web server and PHP on that server
creates a connection to a database, then PHP needs to send login
credentials (either hardcoded, pulled from another database based on the
user's ID or something, or provided by the user via a web form).  I
don't believe you can have PHP create a connection based on integrated
authentication because PHP is sort of outside the whole windows security
scheme.

You could configure the database to accept a connection from the PHP
server's IP address and nowhere else and hardcode a password into PHP,
or do other things like that.

Again, maybe I mis-assuming what your configuration is.  Mind giving us
more detail on the process you're trying to fix?   Users connects to web
server, web server makes ODBC connection (by what means?), etc..

-TG

= = = Original message = = =

Hi,

I have an intranet application that I wrote in PHP that has worked great
for a long time. It uses integrated authentication in IIS. I'm trying to
migrate to IIS 6 and things are mostly working. The problem I have is
that my ODBC_CONNECT calls are not resulting in: "Login failed for user
'(null)'. Reason: Not associated with a trusted SQL Server connection.".
What it seems to tell me is it is correctly trying to make an integrated
auth connection to the database, but for some reason the current user's
credentials aren't being passed? Does anyone have insight into this?

Thanks!
<>< Ryan

--
PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php


___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux