IIS & PHP Site security

I have a lot of 'intranet' development experience, not a lot of 'internet' experience.  A client wants web-based access for their MySQL databases hosted on the internet.  

If we choose third-party hosting for the site via IIS (their choice, I agree) for pages and databases, is it a good practice in my pages to throtle content access based on user login name alone?  The idea being that only (IIS) authenticated users will get access to the site, once in, my pages grant access to pages and page elements based on user login names bounced against the user login name table.

thanks for your help.
ZipbangAsked:
Who is Participating?
 
Ray PaseurCommented:
Why is IIS a part of the question?  I would avoid that and choose Linux hosting -- much more mainstream.  Nothing wrong with IIS, just a personal preference that seems to be shared by a majority of the internet.

As far as client authentication is concerned, this article may be helpful to you.  It demonstrates PHP client authentication and it's very easy to use.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 
Dave BaldwinFixer of ProblemsCommented:
Normal third-party web hosting with IIS will not give you that kind of access control unless you get your own server.  I don't think you can get Active Directory type access control otherwise.  Ray's article will probably work on IIS as well as Apache because PHP works fine in both cases.  The only real reason for preferring IIS is to use Microsoft SQL Server.

You might want to take another look at what the tasks are to see how you might want to do this.
0
 
ZipbangAuthor Commented:
Gentlemen,

I agree with both of you and Ray's article is a great resource.  IIS is in set stone for several reasons,  all client driven.  They do want legacy MS SQL db's in the mix as well later on.  They want to host from their location, not my choice and not my recommendation.  Maybe I should have been more detailed.  

My question should be more like:  Should I recommend they use active directory type access control and throttle content based on username alone?  This would mean they only log into the web site with their AD credentials, I use their username from there.  Alternatively, they open the site to all users and I use PHP as the lone gatekeeper (i.e. Ray's article).
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
Dave BaldwinFixer of ProblemsCommented:
I don't know how to do that.  There is nothing intrinsic about PHP that will use their Active Directory credentials so I'm assuming that IIS will.  Not something I have ever done.
0
 
Ray PaseurCommented:
I've never tried to integrate PHP and Active Directory.  You might want to look into Laravel "Auth" and see if it leads you in a good direction.  It may be oriented toward Unix, but could be susceptible of modification to use IIS.  And it has a lot of support on GitHub.
0
 
ZipbangAuthor Commented:
Thank you for your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.