php get SOAP header Username and Password from SOAP SERVER

Question

I have to create PHP, SOAP API. I need to authenticate SOAP client from SOAP Server. This is the code of SOAP Client.

 $client = new SoapClient("cust.wsdl",array(
"trace"      => 1,
"exceptions" => 0,
"user" => 'username',
"pass" => 'password'));

$result = $client->getDetails($value1);

I need to capture and validate these username and password from server (SOAP SERVER) side. This is my SOAP Server Code

class getDb {
//return DATA 
}

$server = new SoapServer("cust.wsdl");
$server->setClass("getDb");
$server->handle();

I need to Validate Client's Username and Password from SOAP Server.

Anyone know how to capture SOAP Username and Password ("user" => 'username', "pass" => 'password') from SOAPSERVER please provide.

score 4 · Answer 1 · answered Nov 30 '12 at 09:44

Auth details can be captured like follows.

    if(($_SERVER['PHP_AUTH_PW']!= $pass || $_SERVER['PHP_AUTH_USER'] != $login)|| !$_SERVER['PHP_AUTH_USER'])
{
    header('WWW-Authenticate: Basic realm="Test auth"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Auth failed';
    exit;
}

Any output can be generated for header('HTTP/1.0 401 Unauthorized');

score 2 · Answer 2 · answered Nov 30 '12 at 07:52

$client = new SoapClient("cust.wsdl",array(
    "trace"      => 1,
    "exceptions" => 0,
    **"user" => 'username',
    "pass" => 'password'));**

Those 2 items above are generally http auth username and password. If you need to validate them then you can do so on the apache basic auth level. If you need to do it at the php level then you will need to write a http auth based session handler that requires security in order to show the resources. An example of that is here: http://php.net/manual/en/features.http-auth.php Most developers just use apache basic auth that is tied into LDAP or some other service to handle the auth request and have the soap service just deal with the actual work.

Thank you very much for your answer. Can I capture user and password through $_GET[''] or $_POST[''] — Sathiska, Nov 30 '12 at 08:29

Sathiska · Accepted Answer · 2013-08-29T11:15:35.700

1

I have used below method and got success SOAP PHP authentication response from HTTP Auth method.

My SOAP client statement as look like

$client = new SoapClient("name.wsdl",array(
"trace"      => 1,
"exceptions" => 0,
"login" => 'xxx',
"password" => 'xxx'));

I used this PHP statement for Authenticate PHP Auth header

    if(($_SERVER['PHP_AUTH_PW']!= $pass
 || $_SERVER['PHP_AUTH_USER'] != $login)
 || !$_SERVER['PHP_AUTH_USER'])
    {
        header('WWW-Authenticate: Basic realm="Test auth"');
        header('HTTP/1.0 401 Unauthorized');
        // OR ANY THING
}

edited Aug 29 '13 at 11:15

answered Dec 07 '12 at 14:51

Sathiska

465
1
5
17

In your soap server you can use php://input to get the raw xml of the envelope then extract the header part and make your validation. The advantage with this is that you can send a soap exception, custom error response, or anything you want to report to the soap client. – a77icu5 Jan 06 '14 at 06:00

score 0 · Answer 4 · answered Jan 03 '14 at 23:38

0

You can use php input stream to get the raw xml of que request and then extract the header part.

answered Jan 03 '14 at 23:38

a77icu5

131
2
13

Thank you for your answer – Sathiska Mar 18 '14 at 18:02

php get SOAP header Username and Password from SOAP SERVER

4 Answers4