Solved

Authentication using soap

Posted on 2011-02-21
9
884 Views
Last Modified: 2013-11-18
Hi,
I want to authenticate the user coming on my website 'A' through SOAP which would be present on website 'B' and accordingly display the contents according to its rights provided.

So, i want
1> SOAP tutorial
2> Script to create such application or algo if possible.
3> Is there any framework as we have in javascript or php

Enviornment LAMP
0
Comment
Question by:Insoftservice
  • 5
  • 4
9 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 34944407
SOAP is perhaps the worst protocol for such a thing.  I would strongly suggest that you use a RESTful interface.  The world is littered with questions from people confounded by SOAP, but I have never seen anyone who could not understand a REST interface.

REST is what drives the WWW.  Each request is atomic and each response is complete.  There is no stateful information required and the calling scripts do not have to know anything about how the service scripts create their data.  Here is an example that illustrates how a RESTFUL interface works.  You give it a first name and it gives you a last name:
http://www.laprbass.com/RAY_REST_get_last_name.php?key=ABC&name=Ray&resp=XML

Obviously you could expand the script to do things that are a lot more interesting than this.  But the point is that the interface is simple.  The GET string contains all of the caller's arguments.  The browser output string contains all of the service response.  If you want to secure the data transfer between the caller and the service, you can use HTTPS.  More information than you will ever need is available here:
http://en.wikipedia.org/wiki/Representational_State_Transfer

Best of luck with your project, ~Ray
<?php // RAY_REST_get_last_name.php
error_reporting(E_ALL);



// DEMONSTRATE HOW A RESTFUL WEB SERVICE WORKS
// INPUT FIRST NAME, OUTPUT LAST NAME
// CALLING EXAMPLE:
// file_get_contents('http://laprbass.com/RAY_REST_get_last_name.php?key=ABC&resp=XML&name=Ray');



// OUR DATA MODEL CONTAINS ALL THE ANSWERS - THIS COULD BE A DATA BASE - AS SIMPLE OR COMPLEX AS NEEDED
$dataModel
= array
( 'Brian'   => 'Portlock'
, 'Ray'     => 'Paseur'
, 'Richard' => 'Quadling'
, 'Dave'    => 'Baldwin'
)
;


// SHOULD RESPONSE BE PLAIN TEXT OR XML FORMAT
$alpha = '';
$omega = '';
if ( (isset($_GET["resp"])) && ($_GET["resp"] == 'XML') )
{
    $alpha = '<response>';
    $omega = '</response>';
}



// TEST THE API KEY
$key = FALSE;
if (isset($_GET["key"])) $key = $_GET["key"];
if ($key !== 'ABC') die($alpha . 'BOGUS API KEY' . $omega);



// LOOK UP THE LAST NAME
$name="?";
if (isset($_GET["name"])) $name = $_GET["name"];

// IF THE URL NAME IS FOUND IN THE DATA MODEL
if (array_key_exists($name, $dataModel))
{
    // RETURNS THE LAST NAME FROM THE DATA MODEL
    die($alpha . "$dataModel[$name]" . $omega);
}

// RETURNS THE UNKNOWN NAME INDICATOR
else die($alpha . 'UNKNOWN' . $omega);

Open in new window

0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34950575
Hi Ray,
I have one doubt.
Whether the code provided by u is completely in rest full method.

As when i had scanned for the rest tuts it goes to  curl method, get method, delete put and so on.
Whereas ur code is so simple and easy to understand .
So i am little in trouble what to do .
currently i am using ur code. But please specify the difference if possible

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34950738
CURL is a way of accessing a web service.  It can use either GET or POST methods.  In PHP, a major difference between CURL GET and file_get_contents() is that CURL can control the timeout.  File_Get_Contents() will fail and your script will suffer a fatal error if the remote URL is too slow.

GET and POST methods are common.  PUT and DELETE are not.  GET method is used to retrieve data when there is no change to the underlying data model.  It is generally regarded as a synchronous connection.  POST method is used when the call to the web service is intended to update the data model.  It is asynchronous.
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34950838
Hi,
so u mean to say curl is good to be used.
and there is no issue of delete and put of rest webservice.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 500 total points
ID: 34951451
I've never seen anyone use DELETE or PUT methods.  They exist, but the predominant methods are GET (for viewing data) and POST (for changing data).

Here is a CURL get example.  If the remote service takes too long and the timeout expires, your script gets control again and can handle the error condition.
<?php // RAY_curl_example.php
error_reporting(E_ALL);

// A FUNCTION TO RUN A CURL-GET CLIENT CALL TO A FOREIGN SERVER
function my_curl
( $url
, $get_array=array()
, $timeout=3
, $error_report=TRUE
)
{
    // PREPARE THE ARGUMENT STRING IF NEEDED
    $get_string = '';
    foreach ($get_array as $key => $val)
    {
        $get_string .= urlencode($key) . '=' . urlencode($val) . '&';
    }
    $get_string = rtrim($get_string, '&');
    if (!empty($get_string)) $url .= '?' . $get_string;

    $curl = curl_init();

    // HEADERS AND OPTIONS APPEAR TO BE A FIREFOX BROWSER REFERRED BY GOOGLE
    $header[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
    $header[] = "Cache-Control: max-age=0";
    $header[] = "Connection: keep-alive";
    $header[] = "Keep-Alive: 300";
    $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
    $header[] = "Accept-Language: en-us,en;q=0.5";
    $header[] = "Pragma: "; // BROWSERS USUALLY LEAVE BLANK

    // SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
    curl_setopt( $curl, CURLOPT_URL,            $url  );
    curl_setopt( $curl, CURLOPT_USERAGENT,      'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6'  );
    curl_setopt( $curl, CURLOPT_HTTPHEADER,     $header  );
    curl_setopt( $curl, CURLOPT_REFERER,        'http://www.google.com'  );
    curl_setopt( $curl, CURLOPT_ENCODING,       'gzip,deflate'  );
    curl_setopt( $curl, CURLOPT_AUTOREFERER,    TRUE  );
    curl_setopt( $curl, CURLOPT_RETURNTRANSFER, TRUE  );
    curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, TRUE  );
    curl_setopt( $curl, CURLOPT_TIMEOUT,        $timeout  );

    // RUN THE CURL REQUEST AND GET THE RESULTS
    $htm = curl_exec($curl);

    // ON FAILURE HANDLE ERROR MESSAGE
    if ($htm === FALSE)
    {
        if ($error_report)
        {
            $err = curl_errno($curl);
            $inf = curl_getinfo($curl);
            echo "CURL FAIL: $url TIMEOUT=$timeout, CURL_ERRNO=$err";
            var_dump($inf);
        }
        curl_close($curl);
        return FALSE;
    }

    // ON SUCCESS RETURN XML / HTML STRING
    curl_close($curl);
    return $htm;
}




// USAGE EXAMPLE - PUT YOUR FAVORITE URL HERE
$url = "http://finance.yahoo.com/d/quotes.csv";

// PUT YOUR ARRAY OF KEY=>VALUE PAIRS HERE
$arg = array
( 's' => 'lulu'
, 'f' => 'snl1c1ohgvt1'
)
;

// MAKE THE CALL
$htm = my_curl($url, $arg, 2, TRUE);
if (!$htm) die("NO $url");

// SHOW WHAT WE GOT
echo "<pre>";
var_dump($arg);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;




// TRY ANOTHER URL WITHOUT ARGUMENTS
$url = 'http://twitter.com';
$htm = my_curl($url);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;

Open in new window

0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34958835
Hi,

But how to get parameters sent by curl() or file_get_content() .
How can server take parameters sent from client. ie user name and password
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34960473
Please see line 9 of the code snippet posted at http:#34944407.  That shows how the parameters are presented in the URL.  

Please see lines 27, 37, and 44 of the same snippet.  That shows how the parameters are accessed inside the RESTful web service.
0
 
LVL 15

Author Closing Comment

by:Insoftservice
ID: 35004132
Thnx ray for all ur help.
An genius answer from genius
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 35009079
Thanks for the points -- it's a great question. ~Ray
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Preface In the first article: A Better Website Login System (http://www.experts-exchange.com/A_2902.html) I introduced the EE Collaborative Login System and its intended purpose. In this article I will discuss some of the design consideratio…
What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now