'[support] Drupal + IIS + windows'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       drupal-support
Subject:    [support] Drupal + IIS + windows
From:       metzlerd () evergreen ! edu (Metzler, David)
Date:       2009-01-30 16:49:34
Message-ID: 52177C930FA90F4D9888B0343FDB79FB10ECA2 () birch ! evergreen ! edu
[Download RAW message or body]

I get it.  It might help to understand a bit about what the CAS module does.  
 
The CAS module is a single sign on module that does automatically log people in but \
only after checking with a centralized authentication server to verify that they've \
logged in elsewhere.  The idea behind the cas server is that it's a centralized place \
to login, and we don't want to expose the usernames and passwords to drupal.  Rather \
if the user needs to log in, we redirect the client to another location for login, \
and then when they come back do a quick check to make sure that they have \
authenticated.  If the have, establish a drupal user session.   
In our environment, we actually use this to authenticate against our MS Active \
Directory, but drupal never sees the user name and password. That's handled by the \
CAS server which does Kerberos auth against active directory.  You do have to specify \
your username and password, but that's authed by the CAS server against our active \
directory.   
Here's what the CAS module does: 
1.  At the beginning of the page load check to see if there's already a drupal \
session?  If so no need to interfere.  2.  Since we're not logged in, Check and see \
if we "need to be", it may be ok to display a drupal page as anonymous user.( this is \
reg expression based on the path), but if we need to be authenticated.  3.  If we \
need to be and we haven't logged in use the phpCAS library to ask the centralized \
server what user we're logged in as.  The phpCAS client does this via a curl request \
to the CAS server.   This is the part I think you can replace with a simple \
environment variable check.  4.  Given the username try and load the drupal user. If \
the user exists then great we have a session established.  5.  If the user doesn't \
exist, and the cas module is configured to automatically create accounts, create a \
local drupal account and establish a session as that user.   
There are some tricks of course, and the module exposes some configuration options, \
not all of which are relavent, but this is darn close to what you need. If you have \
any specific questions, don't hesitate to contact me off list.   
Dave
metzlerd at evergreen.edu
 
 

________________________________

From: support-bounces@drupal.org [mailto:support-bounces at drupal.org] On Behalf Of \
                N?stor
Sent: Friday, January 30, 2009 8:08 AM
To: support at drupal.org
Subject: Re: [support] Drupal + IIS + windows


I work for a goverment agency and they tend to be MS shops but the reasons why we \
want Drupal is because  we do not have the money in the budget and I like to bring in \
some open source to help change the IT mind that MS is not the only way to go and \
that there are other choices.  We do have an intranet and was build in  2001 and I \
want to implement somthing more current..

All the stuff you mentioned sounds so easy but it went over my head.  I will download \
the CAS and look at the code to see if it means anything to me.

I am actually surprise that more people do not have the need for a module that \
automagically los users in.

Thanks all for your replies.

Nestor :-)


On Thu, Jan 29, 2009 at 8:24 AM, Metzler, David <metzlerd at evergreen.edu> wrote:


	In such an environment using drupal would be an uphill battle for sure, but if \
you've got drupal working, and you've got IIS to do NTLM, it would seem to me that \
you COULD write a drupal module to do what you're asking.   
	Much of the code is the same as what is in the CAS module (which I maintain) at \
http://drupal.org/project/cas.  The primary difference is where drupal would get the \
username. If you got a copy of the cas module, and replaced the cas client code with \
a " get the logged in user from an IIS provided environment php environment" chunk of \
code, enabled the drupal is cas user repository checkbox set it up to require cas \
auth for all pages, you would have the starting point of a module that would, (I \
believe) do what you ask.   
	Again, I don't know if its worth it.  If you're reaching for integration with \
Microsoft products then you might be better off with sharepoint, but if you're \
looking for all the kinds of things that drupal provides (modular extendibility, rich \
media integeration, etc) then this might be worth your effort.  Feel free to ask me \
any questions about the code if you're interested.  
	Dave 

________________________________

	
	From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On Behalf \
Of N?stor  
	Sent: Thursday, January 29, 2009 8:07 AM 

	To: support at drupal.org
	Subject: Re: [support] Drupal + IIS + windows
	

	Fletch,
	
	I few days left to help the cause for using Drupal but as long as I am unable to 
	set up the NLTM so that users do not have to log into drupal then we probably go \
with  Sharepoint.  I have tried several of the solutions that I found when I googled \
but  they have not work for me so far.
	 
	:-)
	
	
	On Tue, Jan 27, 2009 at 1:04 AM, John Fletcher <net at twoedged.org> wrote:
	

		Please let us know whether you end up going for SharePoint or Drupal, and why.

		 

		Regards,

		Fletch.

		 

		From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On \
Behalf Of N?stor  Sent: Tuesday, 27 January 2009 3:44 AM
		To: support at drupal.org
		Subject: Re: [support] Drupal + IIS + windows

		 

		Gordon,
		
		Yes, I am interested.  I am planning on using IIS and IE in a windows environment.
		
		Any information you can provide would be helpful.
		
		We are making the decision between Drupal and Sharepoint and so far that is the one \
thing that  Sharepoint has over drupal in our requirements. 
		
		Thanks,
		
		Rotsen

		On Mon, Jan 26, 2009 at 5:19 PM, Gordon Heydon <gordon at heydon.com.au> wrote:

		Hi,
		
		Yes I have gotten this to work before, but it only works on IE
		complete (FF will automatically ask for the user/password).
		
		Other issues is that it will not pass the password so Drupal has no
		idea of the password. Basically I had it working so that it placed
		trust in the ADS that the company used.
		
		I would be a bit more specific, but I can't find my original code.
		
		If you want to know more just let me know and I will see if I can find
		it.
		
		Gordon.

		
		On 27/01/2009, at 11:28 AM, N?stor wrote:
		
		> Hi people,
		>
		> I want to set up drupal in a windows + IIS environment and I want
		> the user not to have to log in
		> I want drupal to automatically knwo who they are.
		>
		> I am reading all kinds of stuff but some how I am not installing
		> them correct because they do not work
		>
		> Drupal + IIS + Windows and the user did not have to login because its
		> information was automagically pass to drupal.
		>
		> Did any of you people get this to work?
		>
		> Thanks,
		>
		> Nestor :-)

		> --

		> [ Drupal support list | http://lists.drupal.org/ ]
		
		--
		[ Drupal support list | http://lists.drupal.org/ ]

		 


		--
		[ Drupal support list | http://lists.drupal.org/ ]
		



	--
	[ Drupal support list | http://lists.drupal.org/ ]
	


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20090130/acb50f97/attachment.htm \



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic