I have a PHP web application on an intranet that can extract the IP and host name of the current user on that page, but I was wondering if there is a way to get/extract their Active Directory/Windows username as well. Is this possible?
This question is related to
php
windows
authentication
Check the AUTH_USER
request variable. This will be empty if your web app allows anonymous access, but if your server's using basic or Windows integrated authentication, it will contain the username of the authenticated user.
In an Active Directory domain, if your clients are running Internet Explorer and your web server/filesystem permissions are configured properly, IE will silently submit their domain credentials to your server and AUTH_USER
will be MYDOMAIN\user.name
without the users having to explicitly log in to your web app.
You can say getenv('USERNAME')
If you're using Apache on Windows, you can install the mod_auth_sspi from
https://sourceforge.net/projects/mod-auth-sspi/
Instructions are in the INSTALL file, and there is a whoami.php example. (It's just a case of copying the mod_auth_sspi.so file into a folder and adding a line into httpd.conf.)
Once it's installed and the necessary settings are made in httpd.conf to protect the directories you wish, PHP will populate the $_SERVER['REMOTE_USER']
with the user and domain ('USER\DOMAIN') of the authenticated user in IE -- or prompt and authenticate in Firefox before passing it in.
Info is session-based, so single(ish) signon is possible even in Firefox...
-Craig
Check out patched NTLM authentication module for Apache https://github.com/rsim/mod_ntlm
Based on NTLM auth module for Apache/Unix http://modntlm.sourceforge.net/
Read more at http://blog.rayapps.com/
Source: http://imthi.com/blog/programming/leopard-apache2-ntlm-php-integrated-windows-authentication.php
Use this code:
shell_exec("wmic computersystem get username")
We have multiple domains in our environment so I use preg_replace with regex to get just the username without DOMAIN\ .
preg_replace("/^.+\\\\/", "", $_SERVER["AUTH_USER"]);
Look at the PHP LDAP library functions: http://us.php.net/ldap.
Active Directory [mostly] conforms to the LDAP standard.
Referencing trying to also figure out if AUTH_USER is part of a particular domain group; a clever way to do this is t create a locked down folder with text files (can be blank). Set security to only having the security/distro group you want to validate. Once you run a @file_get_contents (<---will toss a warning)...if the user does not have group access they will not be able to get the file contents and hence, will not have that particular AD group access. This is simple and works wonderfully.
No. But what you can do is have your Active Directory admin enable LDAP so that users can maintain one set of credentials
If you are looking for retrieving remote user IDSID/Username, use:
echo gethostbyaddr($_SERVER['REMOTE_ADDR']);
You will get something like iamuser1-mys.corp.company.com
Filter the rest of the domain behind, and you are able to get the idsid only.
For more information visit http://lostwithin.net/how-to-get-users-ip-and-computer-name-using-php/
I've got php mysql running on IIS - I can use $_SERVER["AUTH_USER"]
if I turn on Windows Authentication in IIS -> Authentication and turn off Anonymous authentication (important)
I've used this to get my user and domain:
$user = $_SERVER['AUTH_USER'];
$user
will return a value like: DOMAIN\username
on our network, and then it's just a case of removing the DOMAIN\
from the string.
This has worked in IE, FF, Chrome, Safari (tested) so far.
get_user_name works the same way as getenv('USERNAME');
I had encoding(with cyrillic) problems using getenv('USERNAME')
You could probably authenticate the user in Apache with mod_auth_kerb by requiring authenticated access to some files … I think that way, the username should also be available in PHP environment variables somewhere … probably best to check with <?php phpinfo(); ?>
once you get it runnning.
This is a simple NTLM AD integration example, allows single sign on with Internet Explorer, requires login/configuration in other browsers.
PHP Example
<?php
$user = $_SERVER['REMOTE_USER'];
$domain = getenv('USERDOMAIN');
?>
In your apache httpd.conf file
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
<Directory "/path/to/folder">
AllowOverride All
Options ExecCGI
AuthName "SSPI Authentication"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOmitDomain On
Require valid-user
Require user "NT AUTHORITY\ANONYMOUS LOGON" denied
</Directory>
And if you need the module, this link is useful:
try this code :
$user= shell_exec("echo %username%");
echo "user : $user";
you get your windows(AD) username in php
I tried almost all of these suggestions, but they were all returning empty values. If anyone else has this issue, I found this handy function on php.net (http://php.net/manual/en/function.get-current-user.php):
get_current_user();
$username = get_current_user();
echo $username;
This was the only way I was finally able to get the user's active directory username. If none of the above answers has worked, give this a try.
Source: Stackoverflow.com