CODEWITHSUNDEEP
phpldapapache2ntlm
M41DZ3N
M41DZ3N

Reputation: 346

NTLM Auth without prompt for require valid-user and PHP

I want to redirect to a login page without the htaccess prompt showing up if a valid-user is not found

i have a working htaccess auth

AuthName "My name"
NTLMBasicRealm "DOM"
NTLMAuth on
NegotiateAuth off
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
NTLMBasicAuthoritative on
AuthType NTLM
AuthType Negotiate
Require valid-user 

ErrorDocument 401 /index.php

Which sets the Windows name as $_SERVER['REMOTE_USER'] as long as a valid-user is found. if not the htaccess prompt pops up and you need to manually cancel it to get redirected

if i remove Require valid-user, $_SERVER['REMOTE_USER'] is null.

Is there a way to Authenticate an User but if not automatically found redirect without prompt?

Upvotes: 0

Views: 1286

Answers (1)

Gabriel Luci
Gabriel Luci

Reputation: 40938

The first step in Windows Authentication is returning an HTTP 401 response to the browser. If the site is trusted, the browser will automatically send the current user's credentials. If not, the browser prompts for credentials. There is no way to change that behavior.

But you could refactor your site a bit. I described in another answer how to attempt Windows Authentication in the background and fall back to forms authentication. That answer is specific to ASP.NET, but the same thing can be done with PHP and Apache too (although I can't tell you exactly how to do it).

The basic idea is:

  1. Your main authentication mechanism for your website is forms authentication.
  2. On your login page, hide everything on the page at first.
  3. On your login page, make an AJAX request to a URL that is configured for Windows authentication.
  4. On the server side, if authentication to that URL succeeds, you do the same thing you do for a successful forms login (usually, set the cookie).
  5. On your login page, if that AJAX request succeeds, you forward the user to the page they want.
  6. If that AJAX request fails, show everything on the login page and they can type in their username and password there.

Upvotes: 1

Related Questions