Solved

Authentication using soap

Posted on 2011-02-21
9
885 Views
Last Modified: 2013-11-18
Hi,
I want to authenticate the user coming on my website 'A' through SOAP which would be present on website 'B' and accordingly display the contents according to its rights provided.

So, i want
1> SOAP tutorial
2> Script to create such application or algo if possible.
3> Is there any framework as we have in javascript or php

Enviornment LAMP
0
Comment
Question by:Insoftservice
  • 5
  • 4
9 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 34944407
SOAP is perhaps the worst protocol for such a thing.  I would strongly suggest that you use a RESTful interface.  The world is littered with questions from people confounded by SOAP, but I have never seen anyone who could not understand a REST interface.

REST is what drives the WWW.  Each request is atomic and each response is complete.  There is no stateful information required and the calling scripts do not have to know anything about how the service scripts create their data.  Here is an example that illustrates how a RESTFUL interface works.  You give it a first name and it gives you a last name:
http://www.laprbass.com/RAY_REST_get_last_name.php?key=ABC&name=Ray&resp=XML

Obviously you could expand the script to do things that are a lot more interesting than this.  But the point is that the interface is simple.  The GET string contains all of the caller's arguments.  The browser output string contains all of the service response.  If you want to secure the data transfer between the caller and the service, you can use HTTPS.  More information than you will ever need is available here:
http://en.wikipedia.org/wiki/Representational_State_Transfer

Best of luck with your project, ~Ray
<?php // RAY_REST_get_last_name.php
error_reporting(E_ALL);



// DEMONSTRATE HOW A RESTFUL WEB SERVICE WORKS
// INPUT FIRST NAME, OUTPUT LAST NAME
// CALLING EXAMPLE:
// file_get_contents('http://laprbass.com/RAY_REST_get_last_name.php?key=ABC&resp=XML&name=Ray');



// OUR DATA MODEL CONTAINS ALL THE ANSWERS - THIS COULD BE A DATA BASE - AS SIMPLE OR COMPLEX AS NEEDED
$dataModel
= array
( 'Brian'   => 'Portlock'
, 'Ray'     => 'Paseur'
, 'Richard' => 'Quadling'
, 'Dave'    => 'Baldwin'
)
;


// SHOULD RESPONSE BE PLAIN TEXT OR XML FORMAT
$alpha = '';
$omega = '';
if ( (isset($_GET["resp"])) && ($_GET["resp"] == 'XML') )
{
    $alpha = '<response>';
    $omega = '</response>';
}



// TEST THE API KEY
$key = FALSE;
if (isset($_GET["key"])) $key = $_GET["key"];
if ($key !== 'ABC') die($alpha . 'BOGUS API KEY' . $omega);



// LOOK UP THE LAST NAME
$name="?";
if (isset($_GET["name"])) $name = $_GET["name"];

// IF THE URL NAME IS FOUND IN THE DATA MODEL
if (array_key_exists($name, $dataModel))
{
    // RETURNS THE LAST NAME FROM THE DATA MODEL
    die($alpha . "$dataModel[$name]" . $omega);
}

// RETURNS THE UNKNOWN NAME INDICATOR
else die($alpha . 'UNKNOWN' . $omega);

Open in new window

0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34950575
Hi Ray,
I have one doubt.
Whether the code provided by u is completely in rest full method.

As when i had scanned for the rest tuts it goes to  curl method, get method, delete put and so on.
Whereas ur code is so simple and easy to understand .
So i am little in trouble what to do .
currently i am using ur code. But please specify the difference if possible

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34950738
CURL is a way of accessing a web service.  It can use either GET or POST methods.  In PHP, a major difference between CURL GET and file_get_contents() is that CURL can control the timeout.  File_Get_Contents() will fail and your script will suffer a fatal error if the remote URL is too slow.

GET and POST methods are common.  PUT and DELETE are not.  GET method is used to retrieve data when there is no change to the underlying data model.  It is generally regarded as a synchronous connection.  POST method is used when the call to the web service is intended to update the data model.  It is asynchronous.
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34950838
Hi,
so u mean to say curl is good to be used.
and there is no issue of delete and put of rest webservice.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 500 total points
ID: 34951451
I've never seen anyone use DELETE or PUT methods.  They exist, but the predominant methods are GET (for viewing data) and POST (for changing data).

Here is a CURL get example.  If the remote service takes too long and the timeout expires, your script gets control again and can handle the error condition.
<?php // RAY_curl_example.php
error_reporting(E_ALL);

// A FUNCTION TO RUN A CURL-GET CLIENT CALL TO A FOREIGN SERVER
function my_curl
( $url
, $get_array=array()
, $timeout=3
, $error_report=TRUE
)
{
    // PREPARE THE ARGUMENT STRING IF NEEDED
    $get_string = '';
    foreach ($get_array as $key => $val)
    {
        $get_string .= urlencode($key) . '=' . urlencode($val) . '&';
    }
    $get_string = rtrim($get_string, '&');
    if (!empty($get_string)) $url .= '?' . $get_string;

    $curl = curl_init();

    // HEADERS AND OPTIONS APPEAR TO BE A FIREFOX BROWSER REFERRED BY GOOGLE
    $header[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
    $header[] = "Cache-Control: max-age=0";
    $header[] = "Connection: keep-alive";
    $header[] = "Keep-Alive: 300";
    $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
    $header[] = "Accept-Language: en-us,en;q=0.5";
    $header[] = "Pragma: "; // BROWSERS USUALLY LEAVE BLANK

    // SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
    curl_setopt( $curl, CURLOPT_URL,            $url  );
    curl_setopt( $curl, CURLOPT_USERAGENT,      'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6'  );
    curl_setopt( $curl, CURLOPT_HTTPHEADER,     $header  );
    curl_setopt( $curl, CURLOPT_REFERER,        'http://www.google.com'  );
    curl_setopt( $curl, CURLOPT_ENCODING,       'gzip,deflate'  );
    curl_setopt( $curl, CURLOPT_AUTOREFERER,    TRUE  );
    curl_setopt( $curl, CURLOPT_RETURNTRANSFER, TRUE  );
    curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, TRUE  );
    curl_setopt( $curl, CURLOPT_TIMEOUT,        $timeout  );

    // RUN THE CURL REQUEST AND GET THE RESULTS
    $htm = curl_exec($curl);

    // ON FAILURE HANDLE ERROR MESSAGE
    if ($htm === FALSE)
    {
        if ($error_report)
        {
            $err = curl_errno($curl);
            $inf = curl_getinfo($curl);
            echo "CURL FAIL: $url TIMEOUT=$timeout, CURL_ERRNO=$err";
            var_dump($inf);
        }
        curl_close($curl);
        return FALSE;
    }

    // ON SUCCESS RETURN XML / HTML STRING
    curl_close($curl);
    return $htm;
}




// USAGE EXAMPLE - PUT YOUR FAVORITE URL HERE
$url = "http://finance.yahoo.com/d/quotes.csv";

// PUT YOUR ARRAY OF KEY=>VALUE PAIRS HERE
$arg = array
( 's' => 'lulu'
, 'f' => 'snl1c1ohgvt1'
)
;

// MAKE THE CALL
$htm = my_curl($url, $arg, 2, TRUE);
if (!$htm) die("NO $url");

// SHOW WHAT WE GOT
echo "<pre>";
var_dump($arg);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;




// TRY ANOTHER URL WITHOUT ARGUMENTS
$url = 'http://twitter.com';
$htm = my_curl($url);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;

Open in new window

0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34958835
Hi,

But how to get parameters sent by curl() or file_get_content() .
How can server take parameters sent from client. ie user name and password
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34960473
Please see line 9 of the code snippet posted at http:#34944407.  That shows how the parameters are presented in the URL.  

Please see lines 27, 37, and 44 of the same snippet.  That shows how the parameters are accessed inside the RESTful web service.
0
 
LVL 15

Author Closing Comment

by:Insoftservice
ID: 35004132
Thnx ray for all ur help.
An genius answer from genius
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 35009079
Thanks for the points -- it's a great question. ~Ray
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

JavaScript has plenty of pieces of code people often just copy/paste from somewhere but never quite fully understand. Self-Executing functions are just one good example that I'll try to demystify here.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now