Yesterday’s blog on “Using Username token in Authentication” I explained a standard way of authenting SOAP messages in Application layer (Message level Authentication). Anyway you can authenticate SOAP messages in transport level itself. For an example with HTTP Transport we can use the HTTP Basic Authentication for this purpose.
Setting up a client with Authentication Information
With WSF/PHP you can give the username, password and the authentication type as options for WSClient constructor.
$client = new WSClient(array ("to" => "http://server/myendpoint", "httpAuthUsername" => "user", "httpAuthPassword" => "user_password", "httpAuthType" => "basic"));
Setting up the Server to Handle the Authentication
Since the Http authentication is handled by the transport level, you have to configure your authentication information in your web server itself. (e.g. Apache or IIS).
If you are using Apache, please use this guide to configure your allowed list to access the server.
Unfortunately this seems not to work together with Reliable Messaging.
Since Reliable Messaging is not available for WSF PHP 2.1.0, I tested this with WSF PHP 2.0.0.
For the CreateSequence the Authorisation in HTTP Header is not set.
Therefore the Reliable Messaging Request is catching a 401 Unauthorised. Without Reliable Messaging it works fine.