Symfony Security Cookbook

From Littledamien Wiki
Jump to navigation Jump to search

Windows authentication and IIS

This wouldn't be an issue in most cases because there are probably next to no production IIS servers running Symfony apps.

Windows authentication can be used to limit access to development sites, but it is not compatible with Symfony's unit tests. No solutions were obvious for passing along the Windows authentication to a request made in a unit test.

Symfony security, anonymous authentication, and IIS

Just in case Windows authentication was in use on a development site, it's necessary to disable it when using Symfony's security strategies.

A symptom of this is that different browsers will exhibit different behavior when logging in. Some (Firefox) will authenticate successfully, while others will attempt inappropriate authentication methods first, which will fail.

IIS Manager > [web server] > [symfony_site] > IIS > Authenication

  • Anonymous Authentication: enabled
  • ASP.NET Impersonation: disabled
  • Forms Authentication: disabled
  • Windows Authentication: disabled

Logging out

`http://logout@dev-server.com/`

Retrieved from "https://wiki.dbarchowsky.com/index.php?title=Symfony_Security_Cookbook&oldid=1357"