PHP+IIS, although not a popular combination, it may be the easiest solution in a corporate departmental environment, which is largely Windows based.
PHP programming won’t be discussed here, rather I’d discuss how Windows authentication is achieved. The beautify of Windows authentication is once turned on, the whole authentication process is transparent to users. After users have logged into their Windows computer, they don’t need to do anything extra to start using the web service – there won’t be pop-up window asking for user name and password, no need to memorise anything.
In order to make Windows authentication work, below are things to do:
- In PHP.ini, enable impersonation by setting “change fastcgi.impersonate = 1”. When this options is enabled, PHP is run under executor’s context, together with IIS configuration below, it means Windows user runs the PHP program(web service).
- In IIS, ensure “Anonymous Authentication” is disabled and “Windows Authentication” is enabled. Note Anonymous authentication must be disabled otherwise Anonymous user(NT AUTHORITYIUSER by default in IIS7.0+) will be used first.
- In SQL server: Create a DB user using Windows authentication method. This ensures the Windows user can access the DB.
The above assumes the DB server and the Web server are hosted on one machine; If not, a “two-hop” security constraint will prevent the Windows authentication.