IIS & PHP Site security

I have a lot of 'intranet' development experience, not a lot of 'internet' experience.  A client wants web-based access for their MySQL databases hosted on the internet.  

If we choose third-party hosting for the site via IIS (their choice, I agree) for pages and databases, is it a good practice in my pages to throtle content access based on user login name alone?  The idea being that only (IIS) authenticated users will get access to the site, once in, my pages grant access to pages and page elements based on user login names bounced against the user login name table.

thanks for your help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
Why is IIS a part of the question?  I would avoid that and choose Linux hosting -- much more mainstream.  Nothing wrong with IIS, just a personal preference that seems to be shared by a majority of the internet.

As far as client authentication is concerned, this article may be helpful to you.  It demonstrates PHP client authentication and it's very easy to use.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave BaldwinFixer of ProblemsCommented:
Normal third-party web hosting with IIS will not give you that kind of access control unless you get your own server.  I don't think you can get Active Directory type access control otherwise.  Ray's article will probably work on IIS as well as Apache because PHP works fine in both cases.  The only real reason for preferring IIS is to use Microsoft SQL Server.

You might want to take another look at what the tasks are to see how you might want to do this.
ZipbangAuthor Commented:

I agree with both of you and Ray's article is a great resource.  IIS is in set stone for several reasons,  all client driven.  They do want legacy MS SQL db's in the mix as well later on.  They want to host from their location, not my choice and not my recommendation.  Maybe I should have been more detailed.  

My question should be more like:  Should I recommend they use active directory type access control and throttle content based on username alone?  This would mean they only log into the web site with their AD credentials, I use their username from there.  Alternatively, they open the site to all users and I use PHP as the lone gatekeeper (i.e. Ray's article).
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Dave BaldwinFixer of ProblemsCommented:
I don't know how to do that.  There is nothing intrinsic about PHP that will use their Active Directory credentials so I'm assuming that IIS will.  Not something I have ever done.
Ray PaseurCommented:
I've never tried to integrate PHP and Active Directory.  You might want to look into Laravel "Auth" and see if it leads you in a good direction.  It may be oriented toward Unix, but could be susceptible of modification to use IIS.  And it has a lot of support on GitHub.
ZipbangAuthor Commented:
Thank you for your help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.