How to authenticate non-wsdl soap in PHP

Question

How to authenticate non-wsdl soap in PHP

I used this method to get data from the server to the client side. but I have a problem to authenticate server files.

I want to check the username and password before giving permission to read data. I tried to use an additional method, but I am not working.

server

class MyService { public function add($x, $y) { return $x + $y; } } $options = array( 'uri' => 'http://server/namespace', 'location' => 'http://server/location', ); $server = new SOAPServer(null, $options); $server->setObject(new MyService()); $server->handle();

client side

 $options = array( 'uri' => 'http://server/namespace', 'location' => 'http://server/location', ); $client = new SOAPClient(null, $options); echo $client->add(10, 10);

+8

soap php

user3099298 Jul 31 '15 at 17:17

source share

2 answers

Why not send username + pass as a parameter to the soap. On the server side, you must have a base object that has all the authentication logic and inherits this "MyService". The base object will always process the request and then pass the details to MyService if it is authenticated.

+1

in need of help Aug 3 '15 at 10:49

source share

stj · Accepted Answer · 2015-08-04T20:08:05+0000

If you can live with a hard-coded username and password and basic HTTP authentication, you can put the following code on top of the server file:

 if (! isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] !== 'foo' || $_SERVER['PHP_AUTH_PW'] !== 'bar') { header('WWW-Authenticate: Basic realm="My service"'); header('HTTP/1.1 401 Unauthorized'); echo 'Unauthorized'; exit; }

This checks for HTTP authentication data, and if not, sends an HTTP 401 error back to the client. If authentication data is present, it will be checked for hardcoded username foo and password panel.

To transfer the username / password from the client script, configure $options on the client as follows:

 $options = array( 'uri' => 'http://server/namespace', 'location' => 'http://server/location', 'login' => 'foo', // username 'password' => 'bar' // password ); $client = new SOAPClient(null, $options);

Please note that basic HTTP authentication is the easiest to configure, but this username and password will be sent to the server in quasi-plain text. Therefore, you should at least use SSL for the service endpoint, so all communication is encrypted.

HTTP digest authentication is more secure since it will only send credential hashes, but it takes a bit more work to do for this. A good starting point is the HTTP authentication page in the PHP manual .

To check the received username and password data on the server side, you can also use a database with valid usernames / passwords / login names instead of the hard-coded credentials from the example.

How to authenticate non-wsdl soap in PHP

server

client side

More articles: