PHP SOAP Authentication

0

I'm having a problem creating an authentication mechanism using SOAP and PHP. No further delay. Here is the code:

//servidor
$namespace = '/service?wsdl'; $server = new soap_server(); 
$server->configureWSDL('myWS', $namespace);

//registrando método como serviço
$server->register('testWS', array('nome'=>'xsd:string'), array('return'=>'xsd:string'), 'uri:testWS', '', 'rpc', 'encoded', 'Mensagem1');
function testWS($nome) {
    return 'ok';
}

ob_clean();
@$server->service(file_get_contents("php://input"));
exit();

//parte do cliente
$soapURL = "myurl/service?wsdl";
$client = new SoapClient($soapURL,array());
$auth = array('username' => 'usertest', 'password' => 'passtest');
$header = new SoapHeader('myurl/service', 'authentification', $auth, false);

$response = $client->__soapCall("testWS", array("nome" => "nometeste"));

I'd like to know how I can validate these username variables within my testWS service.

Thanks for any help, I've been trying to solve this for days, I've read a lot of documentation but could not get through.

Thank you

    
asked by anonymous 01.06.2017 / 19:31

1 answer

0

At first, you could try using the options parameter of the SoapClient class.

In this way, you do not have to implement a framework just to handle the connection of a single method (which would involve reading the headers, which are not natively read by the class SoapServer ).

Basically, the user and password options are used to perform the HTTP Basic Authentication (HTTP Basic Authentication) HTTP protocol (as the name already says). As stated in the manual :

  

For HTTP authentication, the login and password options can be used to   supply credentials. For making an HTTP connection through a proxy   server, the options proxy_host, proxy_port, proxy_login and   proxy_password are also available. For HTTPS client certificate   authentication use local_cert and passphrase options. An   authentication may be provided in the authentication option. The   authentication method may be either SOAP_AUTHENTICATION_BASIC   (default) or SOAP_AUTHENTICATION_DIGEST.

For PHP to perform basic authentication, the following code is used: link

if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
Assuming you do not want to use basic HTTP authentication and just use the variables inside PHP, I believe you should use the super global $ _SERVER as it is used in the authentication code that was given as an example:

echo $_SERVER['PHP_AUTH_USER'];
echo $_SERVER['PHP_AUTH_PW'];

However, the above code may not work if there is no HTTP authentication scope.

It's also worth knowing of the bugs that exist using this method: link

On the other hand, if you want to use headers directly, I suggest you take a look at the following example (too long for stack overflow) that is in the comments in the manual: link

    
02.06.2017 / 21:53