PHP + ADODB + IIS + MSSQL + Windows Authentication

These is my technical notes on how to make PHP connect to MSSQL using Windows Authentication, if PHP(IIS) and MSSQL are running on separate servers.

Environment:
PHP4 + PHP Adodb + IIS + MSSQL

In normal case, using PHP Adodb library do not allow you to user windows authentication to access MSSQL runing on the server or other server. To use the windows authentication in PHP to access MSSQL server, you will need to tweak the IIS configuration and the PHP connection string.

IIS configuration
- Open IIS Manager
- Right click on the web site running the PHP script.
- Choose Properties and go to Directory Security tab
- Click Edit on Anonymous access and authentication control
- Change the Anonymous access user name and password to the desired domain username and password
- Uncheck the "Allow IIS to control password
- Make sure the domain user has rights to access desired database on the MSSQL server

PHP Script
Useing the following connection string when connect to MSSQL with PHPAdodb library
$myDSN="PROVIDER=SQLOLEDB;DRIVER={SQL Server};SERVER=[MSSQL Server Name];DATABASE=[Database Name];Integrated Security=SSPI";

Notes:
As you can see, the doman user will need to have rights to access both servers. The user will also need to have rights to execute PHP.EXE and read(and possible write) access to the PHP script folders. Basically, the domain user will need to have everything IUSR_[server_name] user has.

I have not had chance to test this. Please use it at your own risk.

Reference:
Authentication methods for connections to SQL Server in Active Server Pages

Post a Comment