Can't do that. Using Integrated authority requires the user (in this case external customer) to enter login, password and domain. Since this Web server sits in our DMZ it is not associated with a domain controller. Really I'm not sure why but I could not get Integrated working over the years. So we stuck with Basic. Besides my understanding is non-IE users can't authenticate against Integrated web servers. Could be wrong. Mostly am. --- David Felton <davidfelton@xxxxxxxxxxxxxxx> wrote: > Sorry, you should be using Integrated Windows Authentication rather than > basic integration. > > -----Original Message----- > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > Sent: 25 February 2004 3:37 > To: David Felton; php-windows@xxxxxxxxxxxxx > Subject: RE: Best way to check for user 'Administrator' group > me mbership > > > That is exactly how my setup is configured. > > No Anonymous, > Yes Basic, > No on Windows Integrated > > This is set at the top level of the wwwroot in IIS. > > Not sure why the 'is_writeable()' is not working. Still investigating. > > > > > --- David Felton <davidfelton@xxxxxxxxxxxxxxx> wrote: > > > > If you enable basic authentication on the webserver and then disable > > anonymous access, php will run under the credentials of the currently > logged > > in user. If you do this the 'is_writeable()' trick would work as you > > expeted. > > > > > > -----Original Message----- > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > Sent: 25 February 2004 3:29 > > To: Bowden, Zeb; php-windows@xxxxxxxxxxxxx > > Subject: RE: Best way to check for user 'Administrator' group > > membership > > > > > > Ah. Now we are getting someone who kind of understands my issues. > > > > Yes. I mean the local system administrators group. > > Yes. I was looking at using 'is_readable()', 'is_writeable()'. Tried both > on > > file(s) and folder(s) > > with no luck. I tried creating a file/folder both inside my Web tree > InetPub > > as well as outside. I > > would then strip off all user permissions except Administrator. and only > > then make this writable > > access. I tried adding the code as in > > > > if (is_writable(<my file>) == TRUE) > > { > > //code to include menu option > > } > > > > My thought was that is the file is writable then the user must be a member > > of the Administrators > > group thus they should see admin only menu option. > > > > So this might help clear up my confusion. When the user is authenticated > > isn't that now the > > context that PHP is running under? In other words I know that if for > > instance I allowed anonymous > > access by users then the PHP.exe would run as the local IIS defined > account > > (I think it is > > 'IUSR_...'). But since I am requiring each user to authenticate (against > > windows basic). does this > > not change the running context for PHP to assume the users local access? > > will phpinfo() provide > > the user that PHP is running under? > > > > FPM > > > > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > > When you say member of the administrators group do you mean a member of > > > the local admin group on your webserver machine? The iswritable solution > > > won't work because you will be writing to the file in the security > > > context of the account under which IIS is running (Network Service > > > probably) > > > > > > I think the easiest thing for you to do is use a tool in the windows > > > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3 resource kit > > > is free so you should be able to grab it and use > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > > Sent: Wednesday, February 25, 2004 9:44 AM > > > To: trystano@xxxxxxx; b.a.t.svensson@xxxxxxx; php-windows@xxxxxxxxxxxxx > > > Subject: Re: Best way to check for user 'Administrator' group > > > membership > > > > > > Okay, well first I do not wish to complicate the maintenance of the > > > system by requiring dual setup, once on the windows user level and > > > another in the database to adjust the user group membership. And no I do > > > not want to add a fancy form page that will allow me to do this task. At > > > this point I have over 600 accounts on the system. The requirements were > > > to use system-level user authentication not a database. So I would have > > > to build a table to contain the accounts and keep this sync'd with the > > > adding/deleting of users which is a separate part of the system that I > > > have no control over. > > > > > > But thanks for the suggestion. > > > > > > FPM > > > > > > > > > --- trystano@xxxxxxx wrote: > > > > Have an entry in your MySQL databases that states a/the users level > > > > (admin, user etc). Then when they attempt to login check against this > > > > value against their username/password credentials and then determine > > > the logic yourself. > > > > > > > > You could even have a dropdown box populate with the types of > > > > admin/user etc and then compare this value with the username/password > > > > in the database etc > > > > > > > > Its not to difficult, you just need to think about it. > > > > > > > > Tryst > > > > > > > > -- > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > > > http://www.php.net/unsub.php > > > > > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > > http://www.php.net/unsub.php > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote also confirms that this email message has been swept by > > MIMEsweeper for the presence of computer viruses. > > ********************************************************************** > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
