PHP SoapServer Connection Authentication implementation
https://stackoverflow.com/questions/6390193
-
29-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Searched Google and cannot seem to find a definite solution to this...
I am implementing a PHP SOAP Server to handle requests from a particular user of our systems.
I need it to authenticate the connecting user not only during EVERY request via user/pass arguments sent to the SOAP functions, but also to somehow authenticate the mere connection to the service.
Implementing function-level authentication was easy: The first two arguments to any function in the system are user and pass and we return an error code in the case that an unrecognized user/pass combination is passed in. The tricky part is the connection authentication.
I've seen implementations that, when the SOAP Client is instantiated with an options array containing "username" and "password", are able to then authenticate at the connection level with the connecting client, but I have not been able to find any server-side code that handles this type of authentication.
What do you need to do to implement this in a PHP SoapServer class that handle()'s the client requests?
SOLVED: It seems that I was able to implement what I was trying to go for using a .htaccess file enabled for BASIC Auth...
The login/password passed into the client are sent to the server and put in the php $_SERVER array as PHP_AUTH_USER and PHP_AUTH_PW. PHP checks these values against the defined passwd file in the .htaccess file and, when viewed in a webpage, pops up the generic user/pass box, resulting in a 401 Unauthorized if auth fails, and letting you in otherwise... Via SOAP CLIENT, you pass the user pass in with options of "login" and "password" and this authentication piece is then handled in the client instead.
Solution
SOLVED: It seems that I was able to implement what I was trying to go for using a .htaccess file enabled for BASIC Auth...
The login/password passed into the client are sent to the server and put in the php $_SERVER array as PHP_AUTH_USER and PHP_AUTH_PW. PHP checks these values against the defined passwd file in the .htaccess file and, when viewed in a webpage, pops up the generic user/pass box, resulting in a 401 Unauthorized if auth fails, and letting you in otherwise... Via SOAP CLIENT, you pass the user pass in with options of "login" and "password" and this authentication piece is then handled in the client instead.
