Ask a Question

SOAP UI - Basic Authentication - where do I find it in Server Code?

Occasional Contributor

SOAP UI - Basic Authentication - where do I find it in Server Code?

I have a SOAP Server written in PHP - and am Testing using SOAP UI. Everything works fine and returns results as expected.


I am now trying to add in Basic Authentication - have set up in SOAP UI with Username and Password - BUT can't find how to check it in the Server code?


I was expecting the credentials to be in the [SERVER] object passed to the server - but they are not.


Can anyone help and advise how I check these items?





SmartBear Alumni (Retired)

Hi Community, can you please help PhilAJ52? @avidCoder , @nmrao , @AlexKaras ?

Thank you.

Sonya Mihaljova
Community and Education Specialist

Champion Level 3



Not sure if I got the question...

Authentication is usually handled by web server itself and you, as a user (developer or regular one) should be either granted or denied access.

You should be able to see login/password credentials in the request. For Basic Authentication they are passed in the request header, for SOAP, depending on the implementation, they can be passed in the Header section of SOAP Envelope (passed in the body of request).

Depending on the implementation, you might be able to get an access to the login credentials on the server side in tested application's code, but I am not sure why you would need this for tests.


Could you provide more details about your test and what you'd like to be able to do?


  /Alex [Community Champion]
[Community Champions] are not employed by SmartBear Software but
are just volunteers who have some experience with the tools by SmartBear Software
and a desire to help others. Posts made by [Community Champions]
may differ from the official policies of SmartBear Software and should be treated
as the own private opinion of their authors and under no circumstances as an
official answer from SmartBear Software.
The [Community Champion] signature is assigned on quarterly basis and is used with permission by SmartBear Software.
Occasional Contributor

not quite sure what you're asking. Are you just wanting to see confirm that the basic auth credentials are in the http header?

Occasional Contributor

Sorry for late reply, I've been away over Xmas. 


Thanks for responses and help - I'll try to clarify my problem.


What I have is a SOAP server, written in PHP.
Before using SOAPUI I wrote a small test client of my own, and included a username and password in the definition of the client object;

$uname = "ABCDE";
$pword = "12345";
$client = new SoapClient('http://xyz/abcWSDL.wsdl',array('trace'=>1,'exceptions'=>1, 'login'=>$uname,'password'=>$pword));


$res = $client->function($params);

Within the Server I was able to validate these values using; 

$uname = "ABCDE";
$pword = "12345";

if(($_SERVER['PHP_AUTH_PW']!= $pword || $_SERVER['PHP_AUTH_USER'] != $uname) || !$_SERVER['PHP_AUTH_USER']) { header('WWW-Authenticate: Basic realm="Test auth"'); header('HTTP/1.0 401 Unauthorized'); echo 'Auth Failed'; exit; }

Using SOAPUI I have set the Authorization to BASIC - together with a Username and Password, tried 'Pre-emptive auth' at both settings  - but don't see the values in the SERVER object that is received, nor in the http Header.

Is there another setting somewhere in SOAP UI that will let me do what my own client code does?


Thanks in Advance




Occasional Contributor

In the upper right corner of the request pane there are 2 tabs. Click the one that says "Raw". Does that get you what you're looking for?

Occasional Contributor

NO jaforrest - that shows the SOAP envelope that is Returned - but doeesn't contain the username / password.

Occasional Contributor

Sorry, I meant upper left. Mine shows the http header with the basic auth encrypted and embedded in the Authorization

Occasional Contributor

Mine has the username and password encrypted using RFC2045-MIME variant of Base64. You can use a Base64 decoder like to validate it.


Occasional Contributor

Ok - but no it isn't there....see below




Showing results for 
Search instead for 
Did you mean: