NuSphere Forums Forum Index
NuSphere Forums
Reply to topic
Digest Authentication - Server Side ...


Joined: 19 Nov 2009
Posts: 1
Reply with quote
... I have been searching through the forum for some info regarding digest authentication (server side).

is there any function to have the nusoap server require a digest authentication or I have to managed that with pure php?

I mean, do I need to do something like that?

Code:

$realm = 'Restricted area';
$users = array('*****' => '***', 'guest' => 'guest');

if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: Digest realm="'.$realm.
           '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');

    die('Text to send if user hits Cancel button');
}

// analyze the PHP_AUTH_DIGEST variable
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
    !isset($users[$data['username']]))
    die('Wrong Credentials!');


// generate the valid response
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

if ($data['response'] != $valid_response)
    die('Wrong Credentials!');


or could this thing be managed directly with nusoap_server class?

I tried to use setCredentials but php said me that this method is not part of nusoap_server class.

Is there anywhere a complete client/server examples using digest authentication ??

TIA
View user's profileFind all posts by saronnoSend private message
Site Admin

Joined: 13 Jul 2003
Posts: 7881
Reply with quote
You can leave your server side script intact. Just configure your web server to protect the URL or URLs with this authentication. If your server is Apache, try this:
http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html

Alternatively, yes, you can handle authentication in php, but I see no reason why you'd need this.

Please note that IE and Firefox (IIS and Apache) have some differences in digest authentication. IE will work fine with IIS and Firefox will work fine with Apache, other combinations may fail to work with URLs supplying parameters.

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website
Digest Authentication - Server Side ...
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT - 5 Hours  
Page 1 of 1  

  
  
 Reply to topic