Accessing authentication information: Difference between revisions
(→PHP: Note that $REMOTE_USER may also work if register_globals is set to ON) |
(→for IIS and Ucam Webauth IIS: Replace link to doc with wiki) |
||
Line 67: | Line 67: | ||
==for IIS and Ucam Webauth IIS== | ==for IIS and Ucam Webauth IIS== | ||
To see what's available, and the names under which it's stored, see section 6, 'Authentication Information', of the [ | To see what's available, and the names under which it's stored, see section 6, 'Authentication Information', of the [[:file:UCam_Doc-1.0.0.0.doc|Ucam Webauth IIS documentation]]. | ||
===ASP=== | ===ASP=== |
Latest revision as of 13:46, 10 October 2019
The 'Container managed' Authentication Agents, like mod_ucam_webauth and Ucam WebAuth IIS, make authentication information available to scripts and other dynamic content that they protect. The scripts can use this information to make their own authorisation decisions, customise their output, etc.
Here are some example scripts (that just display a single value) to show how to access this information from various environments and languages. Please feel free to extend it with more examples.
for Apache and mod_ucam_webauth
To see what's available, and the names under which it's stored, see section 3, 'Authentication Information', of the mod_ucam_webauth documentation.
CGI and Perl
The information is put into the environment of the CGI script. Exactly how you access it depends on the language of the script. Here's a Perl example:
#!/usr/bin/perl -T use strict; use warnings; print "Content-type: text/html; charset=ISO-8859-1\n"; print "\n"; print "<html>\n"; print "<head>\n"; print "<title>Demo</title>\n"; print "</head>\n"; print "<body>\n"; print "<p>Hi $ENV{REMOTE_USER}, hope you enjoyed the course</p>\n"; print "</body>\n"; print "</html>\n";
PHP
<html> <head> <title>Demo</title> </head> <body> <p>Hi <?php echo $_SERVER['REMOTE_USER'] ?>, hope you enjoyed the course</p> </body> </html>
Depending on exactly how your PHP environment is set up, you may alternatively find the authentication information in the $_ENV array, or you may find all the names have had 'REDIRECT_' tacked on the front (so REDIRECT_REMOTE_USER rather than REMOTE_USER). You may also find the phpinfo() function useful for working what's going on.
In some PHP installations, the information normally found in $_SERVER['REMOTE_USER'] may also appear in the variable $REMOTE_USER. However this only happens where register_globals (in the main configuration file) is set to ON. This was the default in versions of PHP prior to 4.2.0, but since having register_globals set to ON can be a serious security problem it now defaults to OFF and should probably be let that way. There's an explanation of why enabling register_globals is such a concern at http://uk2.php.net/manual/en/security.registerglobals.php
SHTML
You can't include variables in a plain HTML page because Apache doesn't manipulate such files when serving them. However it has a 'Server Parsed HTML' format, provided by mod_include, which can include variables. Here's an example using that:
<html> <head> <title>Demo</title> </head> <body> <p>Hi <!--#echo var=REMOTE_USER -->, hope you enjoyed the course</p> </body> </html>
for IIS and Ucam Webauth IIS
To see what's available, and the names under which it's stored, see section 6, 'Authentication Information', of the Ucam Webauth IIS documentation.
ASP
<%@ LANGUAGE = VBScript %> <html> <head> <title>Demo</title> </head> <body> <p>Hi <%=Request.ServerVariables("REMOTE_USER") %>, hope you enjoyed the course</p> </body> </html>