My company has a IIS server which is hosting a PHP intranet application. The IIS basically authenticates the user by using Windows Integrated Authentication so once the user is logged on his/her machine he doesnt have to provide credentials again. One of the employees is using Remote Desktop to logon to his Office workstation and AUTH_USER and REMOTE_USER server variables are returning the computer name instead of his Windows Login ID. I'm totally confused about this one. I will highly appreciate if anyone can tell what's wrong here.

Take a look at this article:


The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. This variable is no different from REMOTE_USER. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.


The Windows account that the user is impersonating while connected to your Web server. Use REMOTE_USER or AUTH_US<CODE>ER to view the raw user name that is contained in the request header. The only time LOGON_USER holds a different value than these other variables is if you have an authentication filter installed.