Solved

Authentication using soap

Posted on 2011-02-21
9
888 Views
Last Modified: 2013-11-18
Hi,
I want to authenticate the user coming on my website 'A' through SOAP which would be present on website 'B' and accordingly display the contents according to its rights provided.

So, i want
1> SOAP tutorial
2> Script to create such application or algo if possible.
3> Is there any framework as we have in javascript or php

Enviornment LAMP
0
Comment
Question by:Insoftservice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 34944407
SOAP is perhaps the worst protocol for such a thing.  I would strongly suggest that you use a RESTful interface.  The world is littered with questions from people confounded by SOAP, but I have never seen anyone who could not understand a REST interface.

REST is what drives the WWW.  Each request is atomic and each response is complete.  There is no stateful information required and the calling scripts do not have to know anything about how the service scripts create their data.  Here is an example that illustrates how a RESTFUL interface works.  You give it a first name and it gives you a last name:
http://www.laprbass.com/RAY_REST_get_last_name.php?key=ABC&name=Ray&resp=XML

Obviously you could expand the script to do things that are a lot more interesting than this.  But the point is that the interface is simple.  The GET string contains all of the caller's arguments.  The browser output string contains all of the service response.  If you want to secure the data transfer between the caller and the service, you can use HTTPS.  More information than you will ever need is available here:
http://en.wikipedia.org/wiki/Representational_State_Transfer

Best of luck with your project, ~Ray
<?php // RAY_REST_get_last_name.php
error_reporting(E_ALL);



// DEMONSTRATE HOW A RESTFUL WEB SERVICE WORKS
// INPUT FIRST NAME, OUTPUT LAST NAME
// CALLING EXAMPLE:
// file_get_contents('http://laprbass.com/RAY_REST_get_last_name.php?key=ABC&resp=XML&name=Ray');



// OUR DATA MODEL CONTAINS ALL THE ANSWERS - THIS COULD BE A DATA BASE - AS SIMPLE OR COMPLEX AS NEEDED
$dataModel
= array
( 'Brian'   => 'Portlock'
, 'Ray'     => 'Paseur'
, 'Richard' => 'Quadling'
, 'Dave'    => 'Baldwin'
)
;


// SHOULD RESPONSE BE PLAIN TEXT OR XML FORMAT
$alpha = '';
$omega = '';
if ( (isset($_GET["resp"])) && ($_GET["resp"] == 'XML') )
{
    $alpha = '<response>';
    $omega = '</response>';
}



// TEST THE API KEY
$key = FALSE;
if (isset($_GET["key"])) $key = $_GET["key"];
if ($key !== 'ABC') die($alpha . 'BOGUS API KEY' . $omega);



// LOOK UP THE LAST NAME
$name="?";
if (isset($_GET["name"])) $name = $_GET["name"];

// IF THE URL NAME IS FOUND IN THE DATA MODEL
if (array_key_exists($name, $dataModel))
{
    // RETURNS THE LAST NAME FROM THE DATA MODEL
    die($alpha . "$dataModel[$name]" . $omega);
}

// RETURNS THE UNKNOWN NAME INDICATOR
else die($alpha . 'UNKNOWN' . $omega);

Open in new window

0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34950575
Hi Ray,
I have one doubt.
Whether the code provided by u is completely in rest full method.

As when i had scanned for the rest tuts it goes to  curl method, get method, delete put and so on.
Whereas ur code is so simple and easy to understand .
So i am little in trouble what to do .
currently i am using ur code. But please specify the difference if possible

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34950738
CURL is a way of accessing a web service.  It can use either GET or POST methods.  In PHP, a major difference between CURL GET and file_get_contents() is that CURL can control the timeout.  File_Get_Contents() will fail and your script will suffer a fatal error if the remote URL is too slow.

GET and POST methods are common.  PUT and DELETE are not.  GET method is used to retrieve data when there is no change to the underlying data model.  It is generally regarded as a synchronous connection.  POST method is used when the call to the web service is intended to update the data model.  It is asynchronous.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 15

Author Comment

by:Insoftservice
ID: 34950838
Hi,
so u mean to say curl is good to be used.
and there is no issue of delete and put of rest webservice.
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 500 total points
ID: 34951451
I've never seen anyone use DELETE or PUT methods.  They exist, but the predominant methods are GET (for viewing data) and POST (for changing data).

Here is a CURL get example.  If the remote service takes too long and the timeout expires, your script gets control again and can handle the error condition.
<?php // RAY_curl_example.php
error_reporting(E_ALL);

// A FUNCTION TO RUN A CURL-GET CLIENT CALL TO A FOREIGN SERVER
function my_curl
( $url
, $get_array=array()
, $timeout=3
, $error_report=TRUE
)
{
    // PREPARE THE ARGUMENT STRING IF NEEDED
    $get_string = '';
    foreach ($get_array as $key => $val)
    {
        $get_string .= urlencode($key) . '=' . urlencode($val) . '&';
    }
    $get_string = rtrim($get_string, '&');
    if (!empty($get_string)) $url .= '?' . $get_string;

    $curl = curl_init();

    // HEADERS AND OPTIONS APPEAR TO BE A FIREFOX BROWSER REFERRED BY GOOGLE
    $header[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
    $header[] = "Cache-Control: max-age=0";
    $header[] = "Connection: keep-alive";
    $header[] = "Keep-Alive: 300";
    $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
    $header[] = "Accept-Language: en-us,en;q=0.5";
    $header[] = "Pragma: "; // BROWSERS USUALLY LEAVE BLANK

    // SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
    curl_setopt( $curl, CURLOPT_URL,            $url  );
    curl_setopt( $curl, CURLOPT_USERAGENT,      'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6'  );
    curl_setopt( $curl, CURLOPT_HTTPHEADER,     $header  );
    curl_setopt( $curl, CURLOPT_REFERER,        'http://www.google.com'  );
    curl_setopt( $curl, CURLOPT_ENCODING,       'gzip,deflate'  );
    curl_setopt( $curl, CURLOPT_AUTOREFERER,    TRUE  );
    curl_setopt( $curl, CURLOPT_RETURNTRANSFER, TRUE  );
    curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, TRUE  );
    curl_setopt( $curl, CURLOPT_TIMEOUT,        $timeout  );

    // RUN THE CURL REQUEST AND GET THE RESULTS
    $htm = curl_exec($curl);

    // ON FAILURE HANDLE ERROR MESSAGE
    if ($htm === FALSE)
    {
        if ($error_report)
        {
            $err = curl_errno($curl);
            $inf = curl_getinfo($curl);
            echo "CURL FAIL: $url TIMEOUT=$timeout, CURL_ERRNO=$err";
            var_dump($inf);
        }
        curl_close($curl);
        return FALSE;
    }

    // ON SUCCESS RETURN XML / HTML STRING
    curl_close($curl);
    return $htm;
}




// USAGE EXAMPLE - PUT YOUR FAVORITE URL HERE
$url = "http://finance.yahoo.com/d/quotes.csv";

// PUT YOUR ARRAY OF KEY=>VALUE PAIRS HERE
$arg = array
( 's' => 'lulu'
, 'f' => 'snl1c1ohgvt1'
)
;

// MAKE THE CALL
$htm = my_curl($url, $arg, 2, TRUE);
if (!$htm) die("NO $url");

// SHOW WHAT WE GOT
echo "<pre>";
var_dump($arg);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;




// TRY ANOTHER URL WITHOUT ARGUMENTS
$url = 'http://twitter.com';
$htm = my_curl($url);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;

Open in new window

0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34958835
Hi,

But how to get parameters sent by curl() or file_get_content() .
How can server take parameters sent from client. ie user name and password
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34960473
Please see line 9 of the code snippet posted at http:#34944407.  That shows how the parameters are presented in the URL.  

Please see lines 27, 37, and 44 of the same snippet.  That shows how the parameters are accessed inside the RESTful web service.
0
 
LVL 15

Author Closing Comment

by:Insoftservice
ID: 35004132
Thnx ray for all ur help.
An genius answer from genius
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 35009079
Thanks for the points -- it's a great question. ~Ray
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
This article discusses four methods for overlaying images in a container on a web page
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question