using AD/Windows authentication - multiple prompts

using AD/Windows authentication - multiple prompts

am 13.12.2007 21:19:37 von Sean Cotter

The end of this message is something I posted on the TextPattern forums but
is a php/iis issue really. The long-short of it is I am trying to run an
intranet site and use the Active Directory security on the server to
restrict users to just my people. When running a dynamic site (TXP,
WordPress, something home-brewed) the user is asked for credentials several
times as the page loads... where it's just one prompt for static pages
(ending in php, htm, html, etc).

On the same server, running some simple ASP stuff doesn't get the mutiple
prompts. Is there some kind of keep-alive setting or something that I am
missing? I really can't if it's IIS or PHP.

Here is what I posted on the TextPattern site:
I know that Windows/IIS doesn't get much love here. but I was hoping someone
can help me out.

I have a Server 2003/IIS6/PHP/mySQL setup that I have used for a couple
years now and it's been great.

I am working on a small intranet site to host some policy documents, org
charts, etc. I want to secure the site via Acive Directory authentication
(possibly via SSL but that's later) but am having trouble. In the best case
scenario I have to enter the user/pass three times before I can enter the
site. On IE the site loads in stages, on FF (Win) it is blank then loads
completely after the third user/pass challenge. I think that there is a new
challenge/response for each portion or level the of site structure - meaning
that the first response is for index.php and the root level, then a pw
request from the images folder and one from the textpattern folder. I am
inclined to think that is what is going on because on IE you can see the
Powered With image load after the last password attempt.

The clarify, this isn't using any of the TXP security, just built-in Windows
directory security.

I made a duplicate site, this time with just basic html pages and folders
(nothing dynamic, no php blog software, etc) - I applied the same security
settings as above and was greeted with a logon prompt (what I wanted) and
was able to logon fine; receiving just the one password request- I could
click around and few static pages fine, no password prompts. I put a
different blog software (not TXP, but PHP based) a few folders deep and was
able to navigate to it (I had directory browsing on) but once I got to
index.php I was prompted to login again and several more times as the page
loaded.

Does anyone have any idea what is going on?

thanks in advance
Sean

ps. in standard form (anon access turned on) TXP works fine - creating new
entries, file uploads, etc.

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: using AD/Windows authentication - multiple prompts

am 14.12.2007 08:55:00 von Gustav Wiberg

Hi!

Try using a "intranet"-adress like http://portal/ =20
The important stuff seems to be that the http-adress must be WITHOUT any do=
ts (.).=20
With http://intranet.portal you would get an extra login-prompt. I discover=
ed this when doing an Intranet-portal to a customer. I haven't found any do=
cumentation on this , not even from Microsoft so I really can't tell you wh=
y this is the case. I hope this information helps!

Best regards
/Gustav Wiberg


-----Original Message-----
From: Sean Cotter [mailto:scotter@iel.spokane.edu]=20
Sent: Thursday, December 13, 2007 9:20 PM
To: php-windows@lists.php.net
Subject: [PHP-WIN] using AD/Windows authentication - multiple prompts

The end of this message is something I posted on the TextPattern forums but=
=20
is a php/iis issue really. The long-short of it is I am trying to run an=
=20
intranet site and use the Active Directory security on the server to=20
restrict users to just my people. When running a dynamic site (TXP,=20
WordPress, something home-brewed) the user is asked for credentials several=
=20
times as the page loads... where it's just one prompt for static pages=20
(ending in php, htm, html, etc).

On the same server, running some simple ASP stuff doesn't get the mutiple=
=20
prompts. Is there some kind of keep-alive setting or something that I am=
=20
missing? I really can't if it's IIS or PHP.

Here is what I posted on the TextPattern site:
I know that Windows/IIS doesn't get much love here. but I was hoping someon=
e=20
can help me out.

I have a Server 2003/IIS6/PHP/mySQL setup that I have used for a couple=20
years now and it's been great.

I am working on a small intranet site to host some policy documents, org=20
charts, etc. I want to secure the site via Acive Directory authentication=
=20
(possibly via SSL but that's later) but am having trouble. In the best case=
=20
scenario I have to enter the user/pass three times before I can enter the=
=20
site. On IE the site loads in stages, on FF (Win) it is blank then loads=20
completely after the third user/pass challenge. I think that there is a new=
=20
challenge/response for each portion or level the of site structure - meanin=
g=20
that the first response is for index.php and the root level, then a pw=20
request from the images folder and one from the textpattern folder. I am=20
inclined to think that is what is going on because on IE you can see the=20
Powered With image load after the last password attempt.

The clarify, this isn't using any of the TXP security, just built-in Window=
s=20
directory security.

I made a duplicate site, this time with just basic html pages and folders=
=20
(nothing dynamic, no php blog software, etc) - I applied the same security=
=20
settings as above and was greeted with a logon prompt (what I wanted) and=
=20
was able to logon fine; receiving just the one password request- I could=20
click around and few static pages fine, no password prompts. I put a=20
different blog software (not TXP, but PHP based) a few folders deep and was=
=20
able to navigate to it (I had directory browsing on) but once I got to=20
index.php I was prompted to login again and several more times as the page=
=20
loaded.

Does anyone have any idea what is going on?

thanks in advance
Sean

ps. in standard form (anon access turned on) TXP works fine - creating new=
=20
entries, file uploads, etc.

--=20
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php