从IIS中的PHP使用Kerberos对webservice进行身份验证
我正在编写一个PHP Web应用程序,它必须使用Kerberos 5身份验证(Active Directory)连接到Web服务。我的PHP网站托管在IIS7.5和PHP5.5上。应用程序池正在Active Directory中授权的帐户下运行,并且用于目标Web服务 我尝试了我能在这个网站和其他网站上找到的每一个示例代码,但都没有用 这是我现在使用的PHP代码:从IIS中的PHP使用Kerberos对webservice进行身份验证,php,iis,kerberos,Php,Iis,Kerberos,我正在编写一个PHP Web应用程序,它必须使用Kerberos 5身份验证(Active Directory)连接到Web服务。我的PHP网站托管在IIS7.5和PHP5.5上。应用程序池正在Active Directory中授权的帐户下运行,并且用于目标Web服务 我尝试了我能在这个网站和其他网站上找到的每一个示例代码,但都没有用 这是我现在使用的PHP代码: $url = 'http://mywebservice/login/kerberos'; $ch = curl_init();
$url = 'http://mywebservice/login/kerberos';
$ch = curl_init();
$options = [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_VERBOSE => true,
CURLOPT_HTTPAUTH => CURLAUTH_GSSNEGOTIATE,
CURLOPT_HTTPHEADER => ['Authorization: Negotiate'],
CURLOPT_RETURNTRANSFER => true,
CURLOPT_USERPWD => 'myuser',
CURLOPT_URL => $url,
CURLOPT_HEADER => 1
];
curl_setopt_array( $ch, $options);
$result = curl_exec($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($result, 0, $header_size);
$body = substr($result, $header_size);
print $result;
HTTP/1.1 302 Found Date: Fri, 21 Oct 2016 14:49:15 GMT X-Robots-Tag: noindex,nofollow WWW-Authenticate: Location: http://mywebservice/login?login_fail Content-Length: 0
curl --negotiate http://mywebservice/login/kerberos -umyuser@mydomain --verbose -c "c:\cookie.txt" -b "c:\cookie.txt"
Enter host password for user 'myuser@mydomain':
* Trying (192.168.1.1...
* Connected to mywebservice (192.168.1.1) port 80 (#0)
> GET /login/kerberos HTTP/1.1
> User-Agent: curl/7.41.0
> Host: mywebservice
> Accept: */*
> Cookie: JSESSIONID_PUBLIC=X(MASKED)XXXXXXXXXXXXXXXXX
>
< HTTP/1.1 401 Unauthorized
< Date: Fri, 21 Oct 2016 14:52:46 GMT
< X-Robots-Tag: noindex,nofollow
< WWW-Authenticate: Negotiate
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Last-Modified: Thu, 20 Oct 2016 14:52:46 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< P3P: CP=CAO PSA OUR
< Content-Type: text/html; charset=UTF-8
< Content-Length: 3643
<
* Ignoring the response-body
* Connection #0 to host mywebservice left intact
* Issue another request to this URL: 'http://mywebservice/login/kerberos'
* Found bundle for host mywebservice: 0xXXXXXXX
* Re-using existing connection! (#0) with host mywebservice
* Connected to mywebservice (192.168.1.1) port 80 (#0)
* Server auth using Negotiate with user 'myuser@mydomain'
> GET /login/kerberos HTTP/1.1
> Authorization: Negotiate X(MASKED)XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXD
w==
> User-Agent: curl/7.41.0
> Host: mywebservice
> Accept: */*
> Cookie: JSESSIONID_PUBLIC=X(MASKED)XXXXXXXXXXXXXXXXX
>
< HTTP/1.1 302 Found
< Date: Fri, 21 Oct 2016 14:52:46 GMT
< X-Robots-Tag: noindex,nofollow
< WWW-Authenticate:
< Location: http://mywebservice/?login_fail
< Content-Length: 0
<
* Connection #0 to host mywebservice left intact
curl——协商http://mywebservice/login/kerberos -umyuser@mydomain--verbose-c“c:\cookie.txt”-b“c:\cookie.txt”
输入用户帐户的主机密码myuser@mydomain':
*正在尝试(192.168.1.1。。。
*已连接到mywebservice(192.168.1.1)端口80(#0)
>GET/login/kerberos HTTP/1.1
>用户代理:curl/7.41.0
>主持人:mywebservice
>接受:*/*
>Cookie:JSESSIONID_PUBLIC=X(屏蔽)XXXXXXXXXXXXXXXXXX
>
GET/login/kerberos HTTP/1.1
>授权:协商X(蒙面)XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX D
w==
>用户代理:curl/7.41.0
>主持人:mywebservice
>接受:*/*
>Cookie:JSESSIONID_PUBLIC=X(屏蔽)XXXXXXXXXXXXXXXXXX
>
找到