Authenticating web users off of Active Directory

ripvtech

Hello All,
Well, 1 this may not really be a "newbie" question, but seeing as how I'm somewhat of a newbie to programming with PHP I posted in this section. If I'm incorrect "mod's" feel free to move this.

Now down to my question.
I currently have a web site "application" that me and a buddy have written. What this "application" does is it let's you browse the file server and open files and such upload/download/move/delete as if you were browsing the computer from the network.

We now need to implement security into this "application" I have just installed Active Directory and have done a lot of reading about "binding" to active directory. My question is if we bind to Active Directory and create a session with that bind will the security rights from the groups that the user is in carry over with the session we have created? and if so are there any resources on the web that may give me direction.

What I can currently do is:
1. Bind to Active Directory (Windows 2003 Server) using php and any user credentials
2. Search Active Directory.

Any help with this would be greatly appreciated.

Thank you, and HAPPY THANKSGIVING ALL 🙂

jc94062

I've never heard of binding to a directory until I googled it, seems to be a windows thing (Windows 2003 Server should have given it away huh).

tbh the best security your going to get is shifting it to a linux server and using .htaccess files in additional to some coded protection be it a session or cookies etc...
.htaccess being limited to valid-user and IP.
There are also a host of other advantages to using linux, cron being a major one and I've got a feeling GD (image manipulation) has problems with windows as well but wouldn't swear to it... I ended up finding it easier to trek into Uni til 2am to test image things rather than trying to get it to work from a windows server.

Of course if this may not be an option, but don't know much about windowz security, except the obvious 🙂

Hope this helps.