+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Web Development Thread, Intranet page based on group membership in Coding and Web Development; I have two intranet pages (index-staff.php and index-student.php) and then an index.php which I want to check the currently logged ...
  1. #1

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200

    Intranet page based on group membership

    I have two intranet pages (index-staff.php and index-student.php) and then an index.php which I want to check the currently logged on users group membership and redirect them to one of the relevant pages.
    I know if I turn on authentication it will pick up the username and do the relevant checks OK, but as this is an intranet page i dont really want a login box showing. is there anyway to have PHP (or any other language i can google help for) check the currently logged in user name and if they are a member of group x, show page x, group y show page y, etc without it asking for a username and password in IE.

    ive seen some php examples but in that you have to specify the username as a variable, which i wont know, it would have to get that variable from somewhere else.

    any help would be great, thanks

  2. #2
    jamesreedersmith's Avatar
    Join Date
    Sep 2009
    Location
    Ruskington
    Posts
    1,178
    Thank Post
    80
    Thanked 261 Times in 233 Posts
    Rep Power
    78
    Could you not use a login script to set a marker file that a shortcut points to that loads the relevant page?

  3. #3

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    well, the thing is, if i named it staff-index.php then students would be able to change theirs to that and see the page. i wanted something that was doing group membership so even if they typed it in it would deny access. i know its possible to get the logged in username, but only after you have authenticated in the IE logon box. thats all im trying to bypass

  4. #4
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    896
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    82
    Depends on your webserver software... if using Apache then you need to set it up for NTLM SSO: Apache :: seamless authentication

  5. #5

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    sorry, forgot to mention, this is using IIS7 on server 2008.

  6. #6
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    896
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    82
    Last edited by Marci; 16th June 2011 at 04:05 PM.

  7. Thanks to Marci from:

    MK-2 (17th June 2011)

  8. #7

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    i did have a quick look at SSO, so ill have a better look tomorrow.
    thanks for your help

  9. #8

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    hey, i enabled SSO but when i go to http://intranet/index.php i get the IE login box pop up and it will only display once authenticated. I was hoping it would not show that and just use the current logged in user credentials, isn't that what SSO is meant to do?

  10. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,133
    Thank Post
    522
    Thanked 2,542 Times in 1,976 Posts
    Blog Entries
    24
    Rep Power
    876
    Your site needs to be within the trusted or 'local intranet' sites list, with NTLM passthrough enabled and allowed in your browser.

    Enabling NTLM Authentication in Firefox and Internet Explorer

  11. Thanks to localzuk from:

    MK-2 (17th June 2011)

  12. #10

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    i've done the local intranet bit but how do i do the NTLM passthrough as that link shows how you add sites to the intranet but nothing about enabling and allowing ntlm passthrough.

    sorry if im sounding thick!

  13. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,133
    Thank Post
    522
    Thanked 2,542 Times in 1,976 Posts
    Blog Entries
    24
    Rep Power
    876
    Quote Originally Posted by MK-2 View Post
    i've done the local intranet bit but how do i do the NTLM passthrough as that link shows how you add sites to the intranet but nothing about enabling and allowing ntlm passthrough.

    sorry if im sounding thick!
    What security level have you got 'Local Intranet' set to? On the Security tab, select Local Intranet, and then click 'Custom Level'. Scroll to the bottom and you should see a 'User Authentication' bit, and 'Automatic logon only in Intranet zone' should be selected.

  14. Thanks to localzuk from:

    MK-2 (17th June 2011)

  15. #12

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    this is what ive done so far:

    on IIS7 i've created the intranet folder and set authentication to windows authentication (with provider as NTLM and not negotiate or kerberos)
    on the client I've added http://intranet as an intranet site, and have now just done as you said and set custom level and automatic logon in intranet zone

    i restart IE yet as soon as i go to http://intranet/index.php it pops up the box again

  16. #13

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    hmm actually, its working now, my apologies!

  17. #14

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,133
    Thank Post
    522
    Thanked 2,542 Times in 1,976 Posts
    Blog Entries
    24
    Rep Power
    876
    Glad to hear its working. I used the same sort of system here now, a single intranet site that changes what links it shows etc... depending on group membership.

  18. #15

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    Quote Originally Posted by localzuk View Post
    Glad to hear its working. I used the same sort of system here now, a single intranet site that changes what links it shows etc... depending on group membership.
    what code did you use to do the group membership bit? i know we had this discussion in another thread on here where you showed me some php but i am having trouble getting it to check multiple memberships to one user. this is what i have based on the one you pasted a few months back (bearing in mind i dont know php so it is probably wrong now):
    <?php
    $initial = $_SERVER["AUTH_USER"];
    $_SESSION['un'] = preg_replace("/.*\\\\/", "", $initial);

    $ldaphost = "xxxx";
    $ldapport = 389;
    $basedn = 'dc=server,dc=internal';
    $group1 = 'Domain Admins';
    $group2 = 'Senior Teaching Staff - Security Group';
    $bind_user = "cn=Administrator,cn=Users," . $basedn;
    $password = 'xxxx';

    $ad = ldap_connect($ldaphost, $ldapport)
    or die("Could not connect to $ldaphost");

    // BIND TO LDAP
    ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
    @ldap_bind($ad, $bind_user, $password) or die('Could not bind to AD.');

    $filter = "(sAMAccountName=" . $_SESSION['un'] . ")";
    $attr = array("memberof");
    $result = ldap_search($ad, $basedn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ad,$result);
    ldap_unbind($ad);
    $access = 0;

    foreach($entries[0]['memberof'] as $grps)
    {
    if(strpos($grps,$group)){ $access = 1;}
    if(strpos($grps,$group)){ $access = 2;}
    }

    if($access == 1){echo ("redirecting to page 1");}
    if($access == 2){echo ("redirecting to page 2");}


    ?>
    i cant remember how you redirect to a page using php, i know there is a way of using "header (location:" but not sure if it applies here

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Sophos - local group membership
    By pantscat in forum How do you do....it?
    Replies: 0
    Last Post: 26th November 2009, 01:15 PM
  2. Replies: 6
    Last Post: 21st June 2009, 11:17 AM
  3. [ASP.net] Show webpage based on group membership
    By MK-2 in forum Web Development
    Replies: 1
    Last Post: 9th April 2009, 11:53 AM
  4. New intranet Page design take a look...
    By Antp in forum Web Development
    Replies: 11
    Last Post: 19th November 2008, 04:38 PM
  5. Group Membership Woes (Need Help)
    By ICTNUT in forum Windows
    Replies: 11
    Last Post: 2nd December 2005, 03:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •