PHP Authentication using IIS 7.5 ~ DPLW

Configure IIS for PHP support

Summary

The creation of websites and web applications is commonplace today to capture ideas from people or companies, either in languages such as PHP or ASP.NET.
When developing web applications in different languages have to mount them on different servers, which caused us poor management of our websites.
The proposed article is how we can implement PHP and ASP.NET applications within a single IIS web server and use server functions to control access to our PHP application.
The result will help us avoid creating control modules for user authentication in our web application.
In conclusion, the interoperability between PHP and IIS does not provide better management and security of our websites.
Keywords:

Web: the system of documents (or web pages) interconnected by hypertext links available on the Internet. Web applications: A web application is any application that is accessed via web over a network like the Internet or an intranet. Web Server: A server that is dedicated to providing web related services, especially for a website is available online. PHP (PHP Hypertext Pre-processor). Programming language generally used in content creation for websites. ASP.NET: Microsoft is a technology that run scripts on the server and can be used to create dynamic and interactive applications on the Web.Apache: Web server for free distribution and open source. IIS: Microsoft Internet Information Server (or IIS) are software services that support the creation, configuration and administration of websites. Open Source (Open source). Designation for those applications that have their source code or program code released. Authentication: In computing, an act of establishing or confirming a user to a system as genuine. C # is a programming language and object-oriented standard developed by Microsoft as part of their platform. NET.
Introduction

Creating Web Applications is proposing to implement the requirements and objectives of Internet users or companies to provide services to users dare from a Web server, as these applications are publicly available as online stores, social networks or applications and more restricted as intranets for internal application management in a company, The development of these applications can be done using programming languages such as PHP or ASP.NET Microsoft implemented on a web server can be Apache or IIS.
The development in PHP is extremely popular for being open source and available on all platforms, commonly used by applications to us as managers to be blogs, and CMS, PHP as a language has a syntax very similar to leguaje C, based primarily on the scripts to interact on the web, PHP is currently supported by PHP Group that receives input from multiple users for improvement but its main contributions are received from the company which I think ZEND engine ZEND Engine call that based on PHP.
The IIS Web server offers significant improvements in the field of Web services. The advances are motivated primarily by security and performance, including new security features take advantage of the latest encryption technologies and certificate authentication methods, and allowing the server to verify the client before the user log , better management of our web applications, denying access to the applications we have on known IP server, limiting bandwidth to our sites, add modules programmed applications to add sub sites, filtering applications and more.
The problem that usually occurs when developing web applications is to have a web server for each application, whether they are developed in PHP or ASP.NET both are implemented on a specific type of web server Apache or IIS being these , but because we can not integrate them into a single web server that we simplify the administration of our applications.
What Microsoft is proposing is to have different web servers installed, but to manage the concept of interoperability between applications, using interoperability enhancements brings the IIS web server, so we simplify the deployment of applications in PHP and ASP.NET single web server.
Deploying PHP applications in the IIS web server provides facilities in his administration, also offers new features which we apply to our work, as well as creating user accounts, user groups, security authentication and re-routing pages, only using our web server. Simplifying the creation of extra code in our application.
What we do not have to simplify the control modules for creating user authentication in our web application, which would be beneficial to us, because we can spend that time developing and improving our applications.
PHP applications on IIS
By deploying PHP applications on the web server must have a clear focus or basics of how to prepare our server for better performance and support for PHP applications, reliability and several that are the key aspects that should be assessed at the time of implementation.
-Support for PHP applications. Is generated through the partnership that Microsoft does with Zend to improve the interoperability of PHP on Windows platforms, thereby generating an application called php.exe and Fast-CGI supplement that improves the performance of our PHP applications on our server.
-Reliability is generated dare reliability of FastCGI that functions as an interface between PHP and IIS engine and ensures that PHP runs faster than CGI and a more reliable PHP ISAPI, FastCGI also gives us stability in the server when processing applications, providing better performance.
PHP application authentication managed by IIS
Managed by IIS authentication in PHP applications gives us a better management of our users and user groups, as using these features we can easily manage users in a Microsoft SQL Database Server 2008 or Active Directory.
For authentication of PHP applications on IIS correctly we have to be found FastCGI to run PHP applications on our web server.

1. The first thing we need to install the IIS log to Start> All Programs> Control Panel (Figure 1)> Programs (Figure 2)> Enable or disable Windows features

Figure 1

Figure 2

2. By clicking on or off Windows features will appear called Windows Features window (Figure 3), once released and we mark the Internet Information Services option, after you mark the option to deploy application development features (Figure 3 ) and checking CGI (Figure 4), once done we look for common HTTP Features option and deployed, we seek the Directory Browsing option or the mark (Figure 5), we once again made Support web administration and mark complement IIS Management Console (Figure 6).

Figure 3

Figure 4

Figure 5

Figure 6

3. Having done all these options Click OK and we installed the IIS Web server on our team.

INSTALLING PHP ON WINDOWS

1. First we enter the main page at the following link PHP http://www.php.net/downloads.php and look for PHP 5.2.14 installer (Figure 7) and download it.

Figure 7

2. Once we downloaded the file unzip it in the directory "C: \ PHP \" (Figure 9).

Figure 8

3. Once unpacked in the directory entered in it, and seek in file C: \ PHP \ php.ini-recommendedand rename it to C: \ PHP \ php.ini.

Note: In the directory exists a file called php.ini-dist, but it is recommended to use the file php.ini-recommended because it has been optimized for performance and safety.

4. Then we assign read permissions to all users. For that we look for the file in the directory C: \ PHP \ php.ini select it and right click the mouse on the computer, then select the Security tab and look for the edit tab (Figure 9), once the pressure on it A window will appear which we seek the Add button (Figure 10) and another window will appear, write "All" (Figure 11) and then press OK, We window reappears php.ini file permissions where there will be a new user called "Everyone" and click OK.

Figure 9

Figure 10

Figure 11

5. We have to include the Windows environment variables in PHP, to do press Start> Control Panel> System, then click Advanced system settings (Figure 12), we see a window called System Properties seek the Advanced tab, and press Environment Variables button (Figure 13), another window will appear (Figure 14) where we edit the system variables by pressing the edit button and add the variableC: \ PHP (Figure 15) after the semicolon without erasing any existing value and press OK.

Figure 12

Figure 13

Figure 14

Figure 15

6. Then we assign read and execute permissions to the folder PHP, for they seek the directory where you installed our PHP folder, once we place the folder right click on it and press properties, then select the Security tab and look for the tab edit (Figure 16), once the pressure in it will appear a window in which we seek the Add button (Figure 17) and another window will appear where you write "IIS_IUSRS"(Figure 18) and then press OK, we will window appears where there PHP permissions a new user called "IIS_IUSRS" and look for the Total Control option (Figure 19) we mark it and click OK.

Figure 16

Figure 17

Figure 18

Figure 19

7. Then edit a file by opening it with PWS-php5cgi.reg blog notes (located in C: \ PHP) to reflect the location of php-cgi.exe, leaving him with the following content.

PWS-php5cgi.reg

REGEDIT4 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ w3svc \ parameters \ Script Map] ". Php" = "C: \ \ PHP \ \ php.exe-cgi.exe"

After editing save the file and then execute it by double clicking on it.

8. To enable the snap of PHP (FastCGI) on IIS 7 must take the following steps:

a. Access the directory C: \ Windows \ System32 \ inetsrv \ config (We ask administrator permission and we continue).

b. Once we're in the folder to open the file applicationHost.config blog notes, and look for the following lines of code <fastCgi> </ FastCGI>, and replace it with the following.

applicationHost.config

<fastCgi> <application fullPath="c:\PHP\php-cgi.exe" /> </ FastCGI>

9. Modifying the PHP configuration file (php.ini located in C: \ PHP).

a. We look in php.ini the following lines of code:

php.ini

cgi.fix_pathinfo fastcgi.impersonate = 1 = 1 cgi.force_redirect = 0

b. After changing the store and we must restart the IIS service with the following command, Start> Accessories> Command Prompt, we make a right click and look for the Run as administratoroption, once you open the command iisreset write the following statement and press enter, then close it.

Note: We removed the comment that is defined with a semicolon ";".

SET PHP on IIS 7

1. We began to set Server IIS 7.

a. We entered our IIS, Start> Accessories> Run (Figure 20), and type inetmgr and accept.

Figure 20

b. A window will appear (Figure 21) which is the manager of IIS 7, we look for and click on "Handler Mappings".

Figure 21

c. After clicking a window will appear where you can assign control of modules (Figure 22), in the press"Add module assignment."

Figure 22

d. Sub-window will appear called "Assign allocation module" (Figure 23), where we add the following values:

Request	Value
Path of applications:	*. Php
Module:	FastCgiModule
Executable (Optional):	C: \ PHP \ php-cgi.exe
Name:	PHP_via_FastCGI

Figure 23

e. We will see a message asking if you want to create a FastCGI application executable (Figure 24), and press Yes.

Figure 24

2. Once configured, the IIS7 with the above, and we support PHP applications on our platform.

IIS7 managed authentication IN PHP

1. First we have to activate Windows features on our IIS7 server. We entered to Start> Control Panel> Programs> Enable or disable Windows Search feature, a window appears instead of Windows features and we mark the Internet Information Services option, after you mark the option to deploy Web Services World Wide and deploy the Security tab and mark the security options as pictured (Figure 25), once we made the choice of application development features and deploy, and mark options (Figure 26).

Figure 25

Figure 26

2. Create a new folder called login in the directory c: \ inetpub \ (Figure 27)

Figure 27

3. We entered our IIS7, Start> Accessories> Run (Figure 20), and type inetmgr and click OK.

4. After entering the IIS7, look for the places we will file an action menu where you press Add Web Site ... (Figure 28).

Figure 28

5. Once down we see a window called Add Web Site ... in which we assign the following values:

Request	Value
Site Name:	login
Physical path:	C: \ inetpub \ login
Port:	82

Note: We can assign IP if you want, but for convenience we let the default instance.

Once you add the values (Figure 29) press OK.

Figure 29

6. Once created, login our site will appear as in Figure 30, and double click it.

Figure 30

7. Being on our site we go to the Authentication tab (Figure 31), which will display the attributes we seek in Forms Authentication (Figure 32) and empowering and should be as in Figure 33.

Figure 31

Figure 32

Figure 33

8. We return to the menu of our site and look for the option modules (Figure 34) and enter it, once we look at the FormsAuthentication option (Figure 35) pressed on it and we will get a window calledChange Manager module and verify that this enabled option (Figure 36) Calling for applications for ASP.NET applications or managed handlers.

Figure 34

Figure 35

Figure 36

9. We return to the menu of our site and look for the users choice. NET (Figure 37) and enter it (Figure 38) we generate two files one with extension MDF and LDF files with the extension in the directory C: \ inetpub \ login \ App_Data \, which is the database to work with our application, which will store the user accounts.

Figure 37

Figure 38

a. Once created these files, download and install (How to install SQL Server 2008http://tinyurl.com/369bcal ) SQL Server 2008 R2 this Advance Services and generate a mixed authentication when installing the SQL Server, setting password for the sa user 1234 in our database.

b. Back to our menu and look for the Connection String option (Figure 39), which we will edit to avoid creating problems connecting to our users.

Figure 39

c. We entered it we see a string with the name LocalSqlServer (Figure 40) click on it and we will get a window called Modify connection string (Figure 41) click on Custom and enter the following information:

Connection String

Source =. \ SQLEXPRESS; AttachDBFilename = C: \ inetpub \ login \ App_Data \ aspnetdb.mdf; Initial Catalog = login_ASP, User ID = sa; Password = 1234

That way we will have no trouble creating users for our application.

Figure 40

Figure 41

10. We return to the menu of our site and look for the users choice. NET (Figure 37) and enter it (Figure 38) we seek in the action menu Add ... we will get a window called Add User. NET (Figure 42), I enter the following information.

Username:	test
Email:	test@test.com
Password:	test123 *

Figure 42

11. We return to the menu of our site and find the option Authorization rules. NET (Figure 43) and we we will get a window entitled Add permit authorization rule (Figure 44), and mark all anonymous users to accept.

Figure 43

Figure 44

12. Create two folders for our example to work and admin folder App_Data.

13. Create a file on your desktop called login.aspx with the following code in a blog of notes and save it with the "aspx". And copies it to the directory C: \ inetpub \ login \

login.aspx

<head> <html> income <title> Page </ title> </ head> <body>

<form runat="server">

/ / Load the form to login.

<asp:Login runat="server" />

</ Form>

</ Body>

</ Html>

14. Create a file on your desktop called usuario.php with the following code in a blog of notes and save it with the extension "php". And copies it to the directory C: \ inetpub \ login \

usuario.php

<head> <html> <title> Welcome </ title> </ head> <body>

Welcome to my page <h2> PHP </ h2>

<h1>

<? Php / / Print the user name?>

<? Php print ($ _SERVER ['LOGON_USER']);?>.

</ H1>

<p> Their role is:

<? Php / / Print the name of the session of our class created PHPRoles.cs?>

<? Php print (isset ($ _SERVER ['AUTH_ROLES'])? $ _SERVER ['AUTH_ROLES']: "");?>

</ P>

Today is <p>

<? Php / / Print the date?>

<? Php print (date ("l F d, Y"));?>.

Exit <a href="logout.aspx"> page </ a>

</ P>

</ Body>

</ Html>

a. Create a file on your desktop called usuario.php with the following code in a blog of notes and save it with the extension "php". And copies it to the directory C: \ inetpub \ login \

Logout.aspx

<Script runat = "server" language = "c #"> void Page_Load (Object source, EventArgs e) {/ / Exit FormsAuthentication.SignOut ();

/ / Returns the previous page

ReturnUrl string = Request.QueryString ["ReturnUrl"];

if (String.IsNullOrEmpty (ReturnUrl))

{

Request.Headers ReturnUrl = ["Referer"];

}

if (String.IsNullOrEmpty (ReturnUrl))

{

Response.Redirect (ReturnUrl);

}

</ Script>

b. We create our directory C: \ inetpub \ login \ a new folder named App_Code

c. Create a file on your desktop called PHPRoles.cs with the following code in a blog of notes and save it with the extension "php". And copies it to the directory C: \ inetpub \ login \ App_Code

PHPRoles.cs

using System; using System.Web; using System.Web.Security; namespace control

{

/ / Create the event with IHttpModule

public class ModuloRolesPHP: IHttpModule

{

public void Dispose ()

{

}

public void Init (HttpApplication app)

{

/ / The event PostAuthorizeRequest, authentication and guaranteed

/ / Authorization for the application

+ = new EventHandler app.PostAuthorizeRequest (ExtractRoles);

}

private void ExtraeRoles (Object source, EventArgs args)

{

HttpApplication app = (HttpApplication) source;

rp = app.Context.User rolprincipal as rolprincipal;

if (rp! = null)

{

string [] roles = rp.GetRoles ();

/ / Get the server roles that we have configured IIS

if (roles! = null & & roles.Length> 0)

{

/ / Create server variables

app.Context.Request.ServerVariables ["AUTH_ROLES"] = String.Join (",", roles);

}

15. Introducing the web browser address http://localhost:82/usuario.php (Figure 45) press enter once set and we redirected to a login page so we can log it http://localhost:82/login.aspx?ReturnUrl =% 2fusuario.php

Figure 45

i. When we leave the authentication page, sign in with the user created above

Username:	test
Password:	test123 *

ii. After logging redirect us to our php page (Figure 46)

Figure 46

a. Now press Exit Page, and we will redirect to the authentication page.

16. Now we assign a role to our users, go to our IIS, Start> Accessories> Run (Figure 20), and typeinetmgr and accept.

i. Roles seek. NET (Figure 47) and double click

Figure 47

ii. Add a user role (Figure 48)

Figure 48

iii. Enter a role name (Figure 49), in this case we put admin and we accept.

Figure 49

iv. Roles will appear. Net (Figure 50) the role that we create.

Figure 50

v. We return to the main menu and look for IIS7 modules (Figure 51) and entered in the

Figure 51

vi. Within the same pressure in the action menu Add Managed Module ... (Figure 52)

Figure 52

vii. When we leave the Add Managed Module (Figure 53) select the tab and look for the class that we created and assigned the control name and click OK.

Figure 53

viii. We return to the Users menu. NET and we have modified the user pressing the Edit ... (Figure 54) the action menu.

Figure 54

ix. We open a window where the new role we have created, then select the admin role (Figure 55) and press OK, and our role will belong to user already created.

Figure 55

17. Create a file on your desktop called admin.php with the following code in a blog of notes and save it with the extension "php". And copies it to the directory C: \ inetpub \ login \ admin, to show us and the roles in order to use our php page.

admin.php

<? Php echo ("Site Administrator");?>

a. Create a file on your desktop called web.config with the following code in a blog of notes and save it with the "config". And copies it to the directory C: \ inetpub \ login \ admin

web.config

<? Xml version = "1.0" encoding = "UTF-8"?> <configuration> <system.webServer> <security> <authorization>

verbs="" roles="" users="*" <remove />

verbs="" roles="" users="?" <remove />

roles="Admin" accessType="Allow" <add />

</ Authorization>

</ Security>

</ System.webServer>

</ Configuration>

18. After you have created all the files we can see that when entering our site (Figure 56) and can handle roles. NET.

Figure 56

19. After finishing these steps do we finished building our sample application with IIS7 managed authentication in PHP download the code from CodePlexhttp://codeplex.codeplex.com/workitem/25660 , With this example we improving security our application PHP and having a better interoperability of platforms

REFERENCES

Installing SQL Server 2008 Microsoft SQL Server 2008 Express with Advanced Services

http://msdn.microsoft.com/en-us/library/ms143219.aspx
http://msdn.microsoft.com/es-es/library/bb500395.aspx

http://www.sqlserverclub.com/essentialguides/how-to-install-sql-server-2008-step-by-step-guide.aspx

http://vimeo.com/9315795

http://www.compucaja.com.mx/ayuda/INS003.pdf

................Apologized for pictures

DPLW

Nov 16, 2011