php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31747 SOAP Digest Authentication
Submitted: 2005-01-28 19:46 UTC Modified: 2005-02-02 13:01 UTC
From: Jared dot Williams1 at ntlworld dot com Assigned: dmitry (profile)
Status: Closed Package: SOAP related
PHP Version: 5CVS-2005-01-28 (dev) OS: Windows 2000/IIS
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Jared dot Williams1 at ntlworld dot com
New email:
PHP Version: OS:

 

 [2005-01-28 19:46 UTC] Jared dot Williams1 at ntlworld dot com
Description:
------------
This is related to http://bugs.php.net/bug.php?id=28041

Using the php5.0-win32-200501280930 snapshot, still seem unable to use Digest Authentication against labs.zap2it.com.

Request Headers:
POST /tvlistings/xtvdService HTTP/1.1
Host: datadirect.webservices.zap2it.com
Connection: Keep-Alive
User-Agent: PHP SOAP 0.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "urn:TMSWebServices:xtvdWebService#download"
Content-Length: 584
Authorization: Basic *******************

Does appear to be sending Basic authentication details, even thou the service requests only digest. (Security issue).

WWW-Authenticate	Digest realm="TMSWebServiceRealm", nonce="********************************************************************************", opaque="****************", algorithm=MD5, qop="auth"

Reproduce code:
---------------
	$client = new SoapClient('xtvd.wsdl', array(
								'trace'      => 1,					'exceptions' => 0,					'login' => USER,				'password' => PASSWORD));

	$result = $client->download(time() - 60*3, time() + 60*60*12);
	echo "<pre>\n";
	echo "Response Headers:\n", htmlspecialchars($client->__getLastResponseHeaders()), "\n";
	echo "Response:\n", htmlspecialchars($client->__getLastResponse()),"\n";
	echo "</pre>";
?>

Expected result:
----------------
XML listings

Actual result:
--------------
Response Headers:
HTTP/1.1 100 Continue
Date: Fri, 28 Jan 2005 18:41:23 GMT
Server: Orion/2.0.2

Response:
<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY><H1>401 Unauthorized</H1></BODY></HTML>


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-02 11:39 UTC] dmitry@php.net
Fixed in CVS (HEAD and PHP_5_0).

Please verify me. I haven't login on labs.zap2it.com.

With new version you can use additional otpion 'authentication' => SOAP_AUTHENTICATION_DIGEST in SoapClient constructor.

This option is not necessary, however without it SOAP will first try to login using basic authentication and then using digest authentication.
 [2005-02-02 13:01 UTC] Jared dot Williams1 at ntlworld dot com
Using php5-win32-200502021130 snapshot.

Now works, with the authentication option present, or missing.

Response Headers:
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Date: Wed, 02 Feb 2005 11:58:04 GMT
Content-Type: text/xml; charset=utf-8
Server: Orion/2.0.2

Response:
<?xml version='1.0' encoding='utf-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:SOAP-ENC='http://schemas.xmlsoap.org/soap/encoding/'>

<SOAP-ENV:Body>
<ns1:downloadResponse
SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'
xmlns:ns1='urn:TMSWebServices'>
<xtvdResponse xsi:type='ns1:xtvdResponse'>
<messages xsi:type='ns1:messages'>
...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 02:01:29 2024 UTC