Hi All,
We have two websites that are PHP based. Both have LDAP/SSO integrated. Essentially, if the user is logged in internally (within the network) the application recognizes the logged in user server variable is available and does SSO, if the user reaches the wesbite externally, the logged in user server variable is not available and a login form is presented by the PHP script and the user is logged in against the LDAP server this way.
The easy way to accomplish this would be to enable both Anonymous and Windows Authentication, if the logged in server variable AUTH_USER is available then Windows Authentication is used, if not Anonymous Authentication would used ie Integrated Authentication and fall back to Anonymous. Doing this would allow the script to handle authentication and publish public content.
Unfortunately, IIS does allow this. if Anonymous Authentication is enabled the AUTH_USER variable is not set, even if the user is logged in the network. (Is this a bug or a feature??)
The only way we have found to use both anonymous and windows authentication on the same site, is to publish the same site (same root folder/duplicated virtual folders etc) twice. One that is used internally with windows authentication enabled and one externally with anonymous authentication enabled.
Each site is bound to different IP, with the internal site using the internal DNS setting to direct all internal requests for our domain name to ip1 and all external requests for our domain name handled by ISA and forwarded to ip2
This setup worked well for us in IIS6, but in IIS7 we have run into a few issues.
1. Because the sites are sharing the same web root, the web.config that is created is used by both (ie only one is created even though their are two site names).
Is there a way to enable two sites with the same web root to have different web.config settings/files?
2. Because the external site is forwarded through our ISA proxy, the REMOTE_HOST & SERVER_NAME variables are set to an IP address not the host name. This causes the external site to use the internal ip sometimes which does not work externally and all our statistics are now reporting that the web address is http://192.168.x.xx/index.php instead of http://www.domainname.com/index.php etc
The fact that that the REMOTE_HOST and SERVER_NAME variables are giving a IP address instead of a HostName iis puzzling because this works fine on IIS6 with the same ISA forwarding (with pass though of host headers).
How can I ensure that a specific site has the REMOTE_HOST and SERVER_NAME variable set?
Why would IIS7 handle this differently than IIS6 (I have verified all this with PHPinfo() and have some screenshots to assist if needed)
We are trying migrate our sites across and this is urgent for us.
Any assistance would be greatly appreciated.
Cheers
Dean