3

I'm new to PHP and have run into a rather simple yet annoying issue.

Here is the setup:

  • Windows domain environment
  • Users connect to a local server 2008 box running IIS7 and latest version of PHP
  • This box houses the php scripts which connect to a local mssql server

If the users navigate to http://iisservername/ and try to connect to the mssql server via the php scripts, they receive Login failed for user NT AUTHORITY\ANONYMOUS LOGON

My workaround has been to launch a cmd script on the IIS server that uses runas /profile /user:domain\user "c:\program files\internet explorer\iexplore.exe"

I create a runas line for each user in the cmd script and execute it.

Upon launch, it navigates to homepage, which is a keepalive.php script I made that opens a connect and then javascript refreshes the page every x amount of minute(s).

Surely there is a better way to do this, yes?

Improve this question
4
  • How are you doing your authentication? Are you using IIS's built-in authentication, or do you have your own? Commented May 4, 2012 at 20:34
  • If that is the case, PHP should be already impersonating the user that logged in. There is an option to change this behavior somewhere... I don't remember where it is. Perhaps it is disabled? Anyway, what I suspect the root issue here is simply how you're connecting to SQL Server. Can you show your code for how this connection is being made? Commented May 4, 2012 at 20:47
  • That's what I was leaning on. I've disabled annon authentication and only enabled Windows authentication in the IIS manager but still no go. I have to be missing something simple. Commented May 4, 2012 at 20:55
  • I believe phpinfo() will show you what user PHP is running as. Can you take a look at that to see if it is as expected? Commented May 4, 2012 at 21:00

1 Answer 1

Reset to default
3

If you use sqlsrv_connect and are using IIS's built in authentication it should be handled for you with nothing more then:

/* Specify the server and connection string attributes. */
$serverName = "(local)";
$connectionInfo = array("Database" => "AdventureWorks");
/* Connect using Windows Authentication. */
$conn = sqlsrv_connect($serverName, $connectionInfo);

(example from: http://msdn.microsoft.com/en-us/library/cc296205%28v=sql.90%29.aspx)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

This is what I am currently using: $serverName = "sql-server-name,port"; $connectionInfo = array( "Database"=>"dbname"); $conn = sqlsrv_connect( $serverName, $connectionInfo);
why are you using "sql-server-name,port" instead of local if the SQL server is local? The reason I am asking is that even though the server is local, because you are connecting to it via servername,port is it possible that you must enable remote connections, whereas if you connect from local then you might not.
I was told it was using a non-default port thought the server is pingable on a 10.x.x.x scheme.
is the SQL server on the same server as PHP or not? if not, you must enable remote connections for sqlsrv to be able to connect with windows authentication. If it is on the same server as the PHP server then the ip/port is a non-issue.
negative, sql is on another server. iss/php server is separated. Looks like we may have to go that route.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.