Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 893
  • Last Modified:

Authentication using soap

Hi,
I want to authenticate the user coming on my website 'A' through SOAP which would be present on website 'B' and accordingly display the contents according to its rights provided.

So, i want
1> SOAP tutorial
2> Script to create such application or algo if possible.
3> Is there any framework as we have in javascript or php

Enviornment LAMP
0
Insoftservice
Asked:
Insoftservice
  • 5
  • 4
2 Solutions
 
Ray PaseurCommented:
SOAP is perhaps the worst protocol for such a thing.  I would strongly suggest that you use a RESTful interface.  The world is littered with questions from people confounded by SOAP, but I have never seen anyone who could not understand a REST interface.

REST is what drives the WWW.  Each request is atomic and each response is complete.  There is no stateful information required and the calling scripts do not have to know anything about how the service scripts create their data.  Here is an example that illustrates how a RESTFUL interface works.  You give it a first name and it gives you a last name:
http://www.laprbass.com/RAY_REST_get_last_name.php?key=ABC&name=Ray&resp=XML

Obviously you could expand the script to do things that are a lot more interesting than this.  But the point is that the interface is simple.  The GET string contains all of the caller's arguments.  The browser output string contains all of the service response.  If you want to secure the data transfer between the caller and the service, you can use HTTPS.  More information than you will ever need is available here:
http://en.wikipedia.org/wiki/Representational_State_Transfer

Best of luck with your project, ~Ray
<?php // RAY_REST_get_last_name.php
error_reporting(E_ALL);



// DEMONSTRATE HOW A RESTFUL WEB SERVICE WORKS
// INPUT FIRST NAME, OUTPUT LAST NAME
// CALLING EXAMPLE:
// file_get_contents('http://laprbass.com/RAY_REST_get_last_name.php?key=ABC&resp=XML&name=Ray');



// OUR DATA MODEL CONTAINS ALL THE ANSWERS - THIS COULD BE A DATA BASE - AS SIMPLE OR COMPLEX AS NEEDED
$dataModel
= array
( 'Brian'   => 'Portlock'
, 'Ray'     => 'Paseur'
, 'Richard' => 'Quadling'
, 'Dave'    => 'Baldwin'
)
;


// SHOULD RESPONSE BE PLAIN TEXT OR XML FORMAT
$alpha = '';
$omega = '';
if ( (isset($_GET["resp"])) && ($_GET["resp"] == 'XML') )
{
    $alpha = '<response>';
    $omega = '</response>';
}



// TEST THE API KEY
$key = FALSE;
if (isset($_GET["key"])) $key = $_GET["key"];
if ($key !== 'ABC') die($alpha . 'BOGUS API KEY' . $omega);



// LOOK UP THE LAST NAME
$name="?";
if (isset($_GET["name"])) $name = $_GET["name"];

// IF THE URL NAME IS FOUND IN THE DATA MODEL
if (array_key_exists($name, $dataModel))
{
    // RETURNS THE LAST NAME FROM THE DATA MODEL
    die($alpha . "$dataModel[$name]" . $omega);
}

// RETURNS THE UNKNOWN NAME INDICATOR
else die($alpha . 'UNKNOWN' . $omega);

Open in new window

0
 
InsoftserviceAuthor Commented:
Hi Ray,
I have one doubt.
Whether the code provided by u is completely in rest full method.

As when i had scanned for the rest tuts it goes to  curl method, get method, delete put and so on.
Whereas ur code is so simple and easy to understand .
So i am little in trouble what to do .
currently i am using ur code. But please specify the difference if possible

0
 
Ray PaseurCommented:
CURL is a way of accessing a web service.  It can use either GET or POST methods.  In PHP, a major difference between CURL GET and file_get_contents() is that CURL can control the timeout.  File_Get_Contents() will fail and your script will suffer a fatal error if the remote URL is too slow.

GET and POST methods are common.  PUT and DELETE are not.  GET method is used to retrieve data when there is no change to the underlying data model.  It is generally regarded as a synchronous connection.  POST method is used when the call to the web service is intended to update the data model.  It is asynchronous.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
InsoftserviceAuthor Commented:
Hi,
so u mean to say curl is good to be used.
and there is no issue of delete and put of rest webservice.
0
 
Ray PaseurCommented:
I've never seen anyone use DELETE or PUT methods.  They exist, but the predominant methods are GET (for viewing data) and POST (for changing data).

Here is a CURL get example.  If the remote service takes too long and the timeout expires, your script gets control again and can handle the error condition.
<?php // RAY_curl_example.php
error_reporting(E_ALL);

// A FUNCTION TO RUN A CURL-GET CLIENT CALL TO A FOREIGN SERVER
function my_curl
( $url
, $get_array=array()
, $timeout=3
, $error_report=TRUE
)
{
    // PREPARE THE ARGUMENT STRING IF NEEDED
    $get_string = '';
    foreach ($get_array as $key => $val)
    {
        $get_string .= urlencode($key) . '=' . urlencode($val) . '&';
    }
    $get_string = rtrim($get_string, '&');
    if (!empty($get_string)) $url .= '?' . $get_string;

    $curl = curl_init();

    // HEADERS AND OPTIONS APPEAR TO BE A FIREFOX BROWSER REFERRED BY GOOGLE
    $header[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
    $header[] = "Cache-Control: max-age=0";
    $header[] = "Connection: keep-alive";
    $header[] = "Keep-Alive: 300";
    $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
    $header[] = "Accept-Language: en-us,en;q=0.5";
    $header[] = "Pragma: "; // BROWSERS USUALLY LEAVE BLANK

    // SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
    curl_setopt( $curl, CURLOPT_URL,            $url  );
    curl_setopt( $curl, CURLOPT_USERAGENT,      'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6'  );
    curl_setopt( $curl, CURLOPT_HTTPHEADER,     $header  );
    curl_setopt( $curl, CURLOPT_REFERER,        'http://www.google.com'  );
    curl_setopt( $curl, CURLOPT_ENCODING,       'gzip,deflate'  );
    curl_setopt( $curl, CURLOPT_AUTOREFERER,    TRUE  );
    curl_setopt( $curl, CURLOPT_RETURNTRANSFER, TRUE  );
    curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, TRUE  );
    curl_setopt( $curl, CURLOPT_TIMEOUT,        $timeout  );

    // RUN THE CURL REQUEST AND GET THE RESULTS
    $htm = curl_exec($curl);

    // ON FAILURE HANDLE ERROR MESSAGE
    if ($htm === FALSE)
    {
        if ($error_report)
        {
            $err = curl_errno($curl);
            $inf = curl_getinfo($curl);
            echo "CURL FAIL: $url TIMEOUT=$timeout, CURL_ERRNO=$err";
            var_dump($inf);
        }
        curl_close($curl);
        return FALSE;
    }

    // ON SUCCESS RETURN XML / HTML STRING
    curl_close($curl);
    return $htm;
}




// USAGE EXAMPLE - PUT YOUR FAVORITE URL HERE
$url = "http://finance.yahoo.com/d/quotes.csv";

// PUT YOUR ARRAY OF KEY=>VALUE PAIRS HERE
$arg = array
( 's' => 'lulu'
, 'f' => 'snl1c1ohgvt1'
)
;

// MAKE THE CALL
$htm = my_curl($url, $arg, 2, TRUE);
if (!$htm) die("NO $url");

// SHOW WHAT WE GOT
echo "<pre>";
var_dump($arg);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;




// TRY ANOTHER URL WITHOUT ARGUMENTS
$url = 'http://twitter.com';
$htm = my_curl($url);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;

Open in new window

0
 
InsoftserviceAuthor Commented:
Hi,

But how to get parameters sent by curl() or file_get_content() .
How can server take parameters sent from client. ie user name and password
0
 
Ray PaseurCommented:
Please see line 9 of the code snippet posted at http:#34944407.  That shows how the parameters are presented in the URL.  

Please see lines 27, 37, and 44 of the same snippet.  That shows how the parameters are accessed inside the RESTful web service.
0
 
InsoftserviceAuthor Commented:
Thnx ray for all ur help.
An genius answer from genius
0
 
Ray PaseurCommented:
Thanks for the points -- it's a great question. ~Ray
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now