Http Authentication for SOAP Messages in PHP – 2 Minutes Introduction

Yesterday’s blog on “Using Username token in Authentication” I explained a standard way of authenting SOAP messages in Application layer (Message level Authentication). Anyway you can authenticate SOAP messages in transport level itself. For an example with HTTP Transport we can use the HTTP Basic Authentication for this purpose.

Setting up a client with Authentication Information

With WSF/PHP you can give the username, password and the authentication type as options for WSClient constructor.

	$client = new WSClient(array ("to" => "http://server/myendpoint",
		"httpAuthUsername" => "user",
		"httpAuthPassword" => "user_password",
		"httpAuthType" => "basic"));

Setting up the Server to Handle the Authentication

Since the Http authentication is handled by the transport level, you have to configure your authentication information in your web server itself. (e.g. Apache or IIS).

If you are using Apache, please use this guide to configure your allowed list to access the server.

This entry was posted in 2 minutes guide, security, Tutorial/Guide, web services, wsf/php, wso2 and tagged , , , , , , . Bookmark the permalink.

One Response to Http Authentication for SOAP Messages in PHP – 2 Minutes Introduction

  1. DaGunna says:

    Unfortunately this seems not to work together with Reliable Messaging.
    Since Reliable Messaging is not available for WSF PHP 2.1.0, I tested this with WSF PHP 2.0.0.
    For the CreateSequence the Authorisation in HTTP Header is not set.
    Therefore the Reliable Messaging Request is catching a 401 Unauthorised. Without Reliable Messaging it works fine.

Leave a Reply

Your email address will not be published. Required fields are marked *