Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Authentication using soap

Posted on 2011-02-21
9
Medium Priority
?
892 Views
Last Modified: 2013-11-18
Hi,
I want to authenticate the user coming on my website 'A' through SOAP which would be present on website 'B' and accordingly display the contents according to its rights provided.

So, i want
1> SOAP tutorial
2> Script to create such application or algo if possible.
3> Is there any framework as we have in javascript or php

Enviornment LAMP
0
Comment
Question by:Insoftservice
  • 5
  • 4
9 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 34944407
SOAP is perhaps the worst protocol for such a thing.  I would strongly suggest that you use a RESTful interface.  The world is littered with questions from people confounded by SOAP, but I have never seen anyone who could not understand a REST interface.

REST is what drives the WWW.  Each request is atomic and each response is complete.  There is no stateful information required and the calling scripts do not have to know anything about how the service scripts create their data.  Here is an example that illustrates how a RESTFUL interface works.  You give it a first name and it gives you a last name:
http://www.laprbass.com/RAY_REST_get_last_name.php?key=ABC&name=Ray&resp=XML

Obviously you could expand the script to do things that are a lot more interesting than this.  But the point is that the interface is simple.  The GET string contains all of the caller's arguments.  The browser output string contains all of the service response.  If you want to secure the data transfer between the caller and the service, you can use HTTPS.  More information than you will ever need is available here:
http://en.wikipedia.org/wiki/Representational_State_Transfer

Best of luck with your project, ~Ray
<?php // RAY_REST_get_last_name.php
error_reporting(E_ALL);



// DEMONSTRATE HOW A RESTFUL WEB SERVICE WORKS
// INPUT FIRST NAME, OUTPUT LAST NAME
// CALLING EXAMPLE:
// file_get_contents('http://laprbass.com/RAY_REST_get_last_name.php?key=ABC&resp=XML&name=Ray');



// OUR DATA MODEL CONTAINS ALL THE ANSWERS - THIS COULD BE A DATA BASE - AS SIMPLE OR COMPLEX AS NEEDED
$dataModel
= array
( 'Brian'   => 'Portlock'
, 'Ray'     => 'Paseur'
, 'Richard' => 'Quadling'
, 'Dave'    => 'Baldwin'
)
;


// SHOULD RESPONSE BE PLAIN TEXT OR XML FORMAT
$alpha = '';
$omega = '';
if ( (isset($_GET["resp"])) && ($_GET["resp"] == 'XML') )
{
    $alpha = '<response>';
    $omega = '</response>';
}



// TEST THE API KEY
$key = FALSE;
if (isset($_GET["key"])) $key = $_GET["key"];
if ($key !== 'ABC') die($alpha . 'BOGUS API KEY' . $omega);



// LOOK UP THE LAST NAME
$name="?";
if (isset($_GET["name"])) $name = $_GET["name"];

// IF THE URL NAME IS FOUND IN THE DATA MODEL
if (array_key_exists($name, $dataModel))
{
    // RETURNS THE LAST NAME FROM THE DATA MODEL
    die($alpha . "$dataModel[$name]" . $omega);
}

// RETURNS THE UNKNOWN NAME INDICATOR
else die($alpha . 'UNKNOWN' . $omega);

Open in new window

0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34950575
Hi Ray,
I have one doubt.
Whether the code provided by u is completely in rest full method.

As when i had scanned for the rest tuts it goes to  curl method, get method, delete put and so on.
Whereas ur code is so simple and easy to understand .
So i am little in trouble what to do .
currently i am using ur code. But please specify the difference if possible

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 34950738
CURL is a way of accessing a web service.  It can use either GET or POST methods.  In PHP, a major difference between CURL GET and file_get_contents() is that CURL can control the timeout.  File_Get_Contents() will fail and your script will suffer a fatal error if the remote URL is too slow.

GET and POST methods are common.  PUT and DELETE are not.  GET method is used to retrieve data when there is no change to the underlying data model.  It is generally regarded as a synchronous connection.  POST method is used when the call to the web service is intended to update the data model.  It is asynchronous.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Author Comment

by:Insoftservice
ID: 34950838
Hi,
so u mean to say curl is good to be used.
and there is no issue of delete and put of rest webservice.
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 2000 total points
ID: 34951451
I've never seen anyone use DELETE or PUT methods.  They exist, but the predominant methods are GET (for viewing data) and POST (for changing data).

Here is a CURL get example.  If the remote service takes too long and the timeout expires, your script gets control again and can handle the error condition.
<?php // RAY_curl_example.php
error_reporting(E_ALL);

// A FUNCTION TO RUN A CURL-GET CLIENT CALL TO A FOREIGN SERVER
function my_curl
( $url
, $get_array=array()
, $timeout=3
, $error_report=TRUE
)
{
    // PREPARE THE ARGUMENT STRING IF NEEDED
    $get_string = '';
    foreach ($get_array as $key => $val)
    {
        $get_string .= urlencode($key) . '=' . urlencode($val) . '&';
    }
    $get_string = rtrim($get_string, '&');
    if (!empty($get_string)) $url .= '?' . $get_string;

    $curl = curl_init();

    // HEADERS AND OPTIONS APPEAR TO BE A FIREFOX BROWSER REFERRED BY GOOGLE
    $header[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
    $header[] = "Cache-Control: max-age=0";
    $header[] = "Connection: keep-alive";
    $header[] = "Keep-Alive: 300";
    $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
    $header[] = "Accept-Language: en-us,en;q=0.5";
    $header[] = "Pragma: "; // BROWSERS USUALLY LEAVE BLANK

    // SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
    curl_setopt( $curl, CURLOPT_URL,            $url  );
    curl_setopt( $curl, CURLOPT_USERAGENT,      'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6'  );
    curl_setopt( $curl, CURLOPT_HTTPHEADER,     $header  );
    curl_setopt( $curl, CURLOPT_REFERER,        'http://www.google.com'  );
    curl_setopt( $curl, CURLOPT_ENCODING,       'gzip,deflate'  );
    curl_setopt( $curl, CURLOPT_AUTOREFERER,    TRUE  );
    curl_setopt( $curl, CURLOPT_RETURNTRANSFER, TRUE  );
    curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, TRUE  );
    curl_setopt( $curl, CURLOPT_TIMEOUT,        $timeout  );

    // RUN THE CURL REQUEST AND GET THE RESULTS
    $htm = curl_exec($curl);

    // ON FAILURE HANDLE ERROR MESSAGE
    if ($htm === FALSE)
    {
        if ($error_report)
        {
            $err = curl_errno($curl);
            $inf = curl_getinfo($curl);
            echo "CURL FAIL: $url TIMEOUT=$timeout, CURL_ERRNO=$err";
            var_dump($inf);
        }
        curl_close($curl);
        return FALSE;
    }

    // ON SUCCESS RETURN XML / HTML STRING
    curl_close($curl);
    return $htm;
}




// USAGE EXAMPLE - PUT YOUR FAVORITE URL HERE
$url = "http://finance.yahoo.com/d/quotes.csv";

// PUT YOUR ARRAY OF KEY=>VALUE PAIRS HERE
$arg = array
( 's' => 'lulu'
, 'f' => 'snl1c1ohgvt1'
)
;

// MAKE THE CALL
$htm = my_curl($url, $arg, 2, TRUE);
if (!$htm) die("NO $url");

// SHOW WHAT WE GOT
echo "<pre>";
var_dump($arg);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;




// TRY ANOTHER URL WITHOUT ARGUMENTS
$url = 'http://twitter.com';
$htm = my_curl($url);
echo PHP_EOL . $url;
echo PHP_EOL . htmlentities($htm);
echo PHP_EOL;

Open in new window

0
 
LVL 15

Author Comment

by:Insoftservice
ID: 34958835
Hi,

But how to get parameters sent by curl() or file_get_content() .
How can server take parameters sent from client. ie user name and password
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 34960473
Please see line 9 of the code snippet posted at http:#34944407.  That shows how the parameters are presented in the URL.  

Please see lines 27, 37, and 44 of the same snippet.  That shows how the parameters are accessed inside the RESTful web service.
0
 
LVL 15

Author Closing Comment

by:Insoftservice
ID: 35004132
Thnx ray for all ur help.
An genius answer from genius
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35009079
Thanks for the points -- it's a great question. ~Ray
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question