All geek questions in one place

How to authenticate php or java client if I use WCF w / forms auth?

I have a general proof of the concept of a WCF service that uses form authentication for secure access. Everything works fine when my .NET client (vb code below)

Dim client As SupplierServiceClient = New SupplierServiceClient()
client.ClientCredentials.UserName.UserName = "xxxx@xxx.xx.xx"
client.ClientCredentials.UserName.Password = "password"

Dim SupplierList As List(Of Supplier) = client.GetSuppliers()

but since I want this to intervene with anyone who can do SOAP 1.1 / 1.2 - how will the PHP or Java client connect?

My WCF web.config is listed below (fyi)

<system.serviceModel>
    <services>
        <service name="SampleApplicationWCF.Library.SupplierService" behaviorConfiguration="NorthwindBehavior">
            <endpoint address="" name="wsHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="wsHttpBinding" bindingConfiguration="wsHttp"/>
            <endpoint address="https://server/SampleApplicationWCF/SupplierService.svc/Basic" name="basicHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="basicHttpBinding" bindingConfiguration="basicHttp"/>
            <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="wsHttp">
                <security mode="TransportWithMessageCredential">
                    <transport/>
                    <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/>
                </security>
            </binding>
        </wsHttpBinding>
        <basicHttpBinding>
            <binding name="basicHttp">
                <security mode="TransportWithMessageCredential">
                    <transport/>
                    <message clientCredentialType="UserName"/>
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior name="NorthwindBehavior">
                <serviceMetadata httpGetEnabled="true"/>
                <serviceAuthorization principalPermissionMode="UseAspNetRoles"/>
                <serviceCredentials>
                    <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>
+3
source share
2 answers

I managed to authenticate the PHP client, but not without much effort. First I tried the following:

$header = new stdClass;
$credentials = new stdClass;
$credentials->Username="myuser";
$credentials->Password="mypass";
$header->UsernameToken = $credentials;

$securityNamespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
$client->__setSoapHeaders($securityNamespace, 'Security', $header);

. , PHP5 (v5.3.5 ) , . http://bugs.php.net/bug.php?id=48966
:

<UsernameToken><Username>myuser</Username><Password>myuser</Password></UsernameToken>

:

<o:UsernameToken><o:Username>myuser</o:Username><o:Password>myuser</o:Password></o:UsernameToken>

, hardcoding XML . , :

$securityNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
$headerContent = "<o:Security xmlns:o=\"$securityNamespace\">
                    <o:UsernameToken>
                    <o:Username>myuser</o:Username>
                    <o:Password>mypass</o:Password>
                    </o:UsernameToken>
                </o:Security>";
$headerVar = new SoapVar($headerContent, XSD_ANYXML, null, null, null);
$header = new SoapHeader($securityNamespace, 'o:Security', $headerVar);
$client->__setSoapHeaders(array($header));

, -. Bye!

+8

: Java PHP

UserName , , WCF SOAP. SOAP , , , SOAP. -, , WS- * / WS-I Basic Profile.

.

+1

Source: https://habr.com/ru/post/1702717/

More articles:


All Articles