Reputation: 118
iis access network share with windows authentication enabled
I hope someone here can help me. I've googled around for about 3 hours on this problem and found nothing helpful. (And no, the answers under stackoverflow.com/questions/1539506 didn't help)
I've an IIS 7 with PHP installed. I set the authentication mode for my test website to "windows authentication". That all works good (I receive the "REMOTE_USER" in PHP).
Now i have to access a network share with "scandir()" and "is_file()" and some other functions, but I only get error messages like "Access is denied" or "failed to open dir: No such file or directory".
The permissions are set correct: if i set the authentication to "anonymous" and set the "user identity" to my current test user, it all works fine, but i have to use "windows authentication"
I also have tried to set up the network share as a virtual directory, but PHP didnt found this directory (phpinfo() says the "virtual directory support" is disabled but I didn't found anything about how to enable this)
PS: I tried the same PHP configuration with an apache server and there it all works perfect. (with "auth_sspi" Module and "reqire valid-user" directive). But I have to get this work on the IIS.
Upvotes: 3
Views: 1377
Answers (1)
Reputation: 88
I faced this challenge this morning on a simple file organization app I've been working on.
I haven't looked at this from the point of view of a security expert though I have a hunch this isn't ideal. My app is private so I'm not too worried. As far as I know the issue is that the network share must be mounted/authorized by the IIS AppPool user.
I found this example for executing system calls on the man page for the PHP System Call:
<?php
function my_exec($cmd, $input = '')
{
$desc = array(
0 => array('pipe', 'r'),
1 => array('pipe', 'w'),
2 => array('pipe', 'w')
);
$proc = proc_open($cmd, $desc, $pipes);
fwrite($pipes[0], $input);
$stdout = stream_get_contents($pipes[1]);
$stderr = stream_get_contents($pipes[2]);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
$rtn = proc_close($proc);
return array('stdout' => $stdout, 'stderr' => $stderr, 'return' => $rtn);
}
?>
I was able to then call this and access the share:
my_exec('net use \\\\$MachineName\$ShareName /user:$User $Pass');
I found that even with single quotes I had to double escape the leading \. If you use variables and change the quotes to double, you will probably have to do some tweaking to get it right.
Please let me know how this works out for you as I'm a bit curious.
Upvotes: 1
Related Questions
- IIS PHP connect to MSSQL using Windows Authentication
- Accessing a Windows Share using PHP
- Windows authentication with PHP on IIS
- Use Windows authentication as login credentials for intranet applications
- Programmatically access windows share in php via kerberos or ntlm
- Unable to connect to network share
- IIS 7 - Windows Authentication
- Access network share with PHP5.2 + IIS7.5
- how to use windows authentication on shared hosting?
- Access network share using Windows authentication