Active Directory authentication allows users to log in to the generated by PHPRunner applications if they have an account in an Active Directory domain. When logging in, the login and password are checked against Active Directory.
To use this type of authentication, you need to fill the Active Directory Domain and Server. In the most straightforward use case, no additional configuration is needed.
Starting with PHPRunner version 10.3, you can access Active Directory settings by clicking the Advanced button:
•Server LDAP URI. With this option, you can specify LDAPS protocol and port number.
•Base DN. With this option, you can specify Organizational Units (OU) in the wizard software. If your domain uses organizational units (OUs), specify them in this field. If your company domain is company.com, and the organizational unit is Europe/Italy, then enter the Base DN as following: OU=Italy,OU=Europe,DC=company,DC=com.
•Follow referrals. When your domain data is not stored on a single server, but distributed among many of them, you may need to allow following referrals. In most cases, this option should be turned off.
•Login automatically. This checkbox enables the Autologin functionality: if a person is already logged into Windows, they are automatically logged into the generated application. To use this feature, make sure Windows Authentication is enabled in Internet Information Services (IIS).
1.Make sure you have IIS installed. Go to Control panel -> Programs -> Turn Windows features on or off and select the Internet Information Services. After that, select the Windows Authentication under IIS -> World Wide Web Services -> Security. Click OK and wait for everything to install.
2.Run IIS manager as the administrator: Go to Control Panel -> Administrative Tools -> Internet Information Services (IIS) Manager.
3.Expand the server in the Connections frame and choose the site, or click on the server if you wish to apply settings for all sites.
4.Double-click the Authentication icon in the main window.
5.Right-click Windows Authentication and choose Enable.
You can use the Permissions feature along with the Active Directory authentication. Click on Permissions and enable the Use Dynamic Permissions checkbox. You need to choose tables to store the permissions and create an admin user.
To add an admin user, click Add admin user and then Search. You need to fill the username and password to connect to Active Directory. Then you can to select a group or groups to have the admin access.
If your project utilizes Dynamic permissions and you have enabled the Login automatically checkbox, you also need to specify the Domain user login and password.
Build your project and login as admin to the generated application. In the Admin Area on the Admin Rights page, you can add groups via Add Group and assign permissions to them.
Security screen articles: