PHP+IIS, although not a popular combination, it may be the easiest solution in a corporate departmental environment, which is largely Windows based.

PHP programming won’t be discussed here, rather I’d discuss how Windows authentication is achieved. The beautify of  Windows authentication is once turned on, the whole authentication process is transparent to users. After users have logged into their Windows computer, they don’t need to do anything extra to start using the web service – there won’t be pop-up window asking for user name and password, no need to memorise anything.

In order to make Windows authentication work, below are things to do:

  1. In PHP.ini, enable impersonation by setting “change fastcgi.impersonate = 1”. When this options is enabled, PHP is run under executor’s context, together with IIS configuration below, it means Windows user runs the PHP program(web service).
  2. In IIS, ensure “Anonymous Authentication” is disabled and “Windows Authentication” is enabled. Note Anonymous authentication must be disabled otherwise Anonymous user(NT AUTHORITYIUSER by default in IIS7.0+) will be used first.IIS


  1. On Windows server, add user to group. This ensures the Windows user has access to Web service.IIS_IUSRS


  1. In SQL server: Create a DB user using Windows authentication method. This ensures the Windows user can access the DB.DB


The above assumes the DB server and the Web server are hosted on one machine; If not, a “two-hop” security constraint will prevent the Windows authentication.













Building a web site using PHP on IIS/SQL server using Windows authentication.
Tagged on:                 

Leave a Reply

Your email address will not be published.

3 + 6 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.