Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

SOAP UI - Basic Authentication - where do I find it in Server Code?

SOLVED
Solved
PhilAJ52
Occasional Contributor
‎12-15-2019 02:14 AM
‎12-15-2019 02:14 AM

SOAP UI - Basic Authentication - where do I find it in Server Code?

I have a SOAP Server written in PHP - and am Testing using SOAP UI. Everything works fine and returns results as expected.

 

I am now trying to add in Basic Authentication - have set up in SOAP UI with Username and Password - BUT can't find how to check it in the Server code?

 

I was expecting the credentials to be in the [SERVER] object passed to the server - but they are not.

 

Can anyone help and advise how I check these items?

 

Thanks

 

Phil

0 Kudos
11 REPLIES 11
sonya_m
SmartBear Alumni (Retired)
SmartBear Alumni (Retired)
‎12-23-2019 02:38 AM
‎12-23-2019 02:38 AM

Hi Community, can you please help PhilAJ52? @avidCoder , @nmrao , @AlexKaras ?

Thank you.


Sonya Mihaljova
Community and Education Specialist

0 Kudos
AlexKaras
Champion Level 3
Champion Level 3
‎12-23-2019 03:30 AM
‎12-23-2019 03:30 AM

Hi,

 

Not sure if I got the question...

Authentication is usually handled by web server itself and you, as a user (developer or regular one) should be either granted or denied access.

You should be able to see login/password credentials in the request. For Basic Authentication they are passed in the request header, for SOAP, depending on the implementation, they can be passed in the Header section of SOAP Envelope (passed in the body of request).

Depending on the implementation, you might be able to get an access to the login credentials on the server side in tested application's code, but I am not sure why you would need this for tests.

 

Could you provide more details about your test and what you'd like to be able to do?

 

Regards,
  /Alex [Community Champion]
____
[Community Champions] are not employed by SmartBear Software but
are just volunteers who have some experience with the tools by SmartBear Software
and a desire to help others. Posts made by [Community Champions]
may differ from the official policies of SmartBear Software and should be treated
as the own private opinion of their authors and under no circumstances as an
official answer from SmartBear Software.
The [Community Champion] signature is assigned on quarterly basis and is used with permission by SmartBear Software.
https://community.smartbear.com/t5/Community-Champions/About-the-Community-Champions-Program/gpm-p/252662
================================
0 Kudos
jaforrest21
Occasional Contributor
‎12-30-2019 08:17 AM
‎12-30-2019 08:17 AM

not quite sure what you're asking. Are you just wanting to see confirm that the basic auth credentials are in the http header?

0 Kudos
PhilAJ52
Occasional Contributor
In response to jaforrest21
‎01-03-2020 08:59 AM
‎01-03-2020 08:59 AM

Sorry for late reply, I've been away over Xmas. 

 

Thanks for responses and help - I'll try to clarify my problem.

 

What I have is a SOAP server, written in PHP.
Before using SOAPUI I wrote a small test client of my own, and included a username and password in the definition of the client object;

$uname = "ABCDE";
$pword = "12345";
$client = new SoapClient('http://xyz/abcWSDL.wsdl',array('trace'=>1,'exceptions'=>1, 'login'=>$uname,'password'=>$pword));

then....

$res = $client->function($params);

Within the Server I was able to validate these values using; 

$uname = "ABCDE";
$pword = "12345";

if(($_SERVER['PHP_AUTH_PW']!= $pword
 || $_SERVER['PHP_AUTH_USER'] != $uname)
 || !$_SERVER['PHP_AUTH_USER'])
    {
        header('WWW-Authenticate: Basic realm="Test auth"');
        header('HTTP/1.0 401 Unauthorized');
        echo 'Auth Failed';
        exit;
}

Using SOAPUI I have set the Authorization to BASIC - together with a Username and Password, tried 'Pre-emptive auth' at both settings  - but don't see the values in the SERVER object that is received, nor in the http Header.

Is there another setting somewhere in SOAP UI that will let me do what my own client code does?

 

Thanks in Advance

 

 

 

0 Kudos
jaforrest21
Occasional Contributor
In response to jaforrest21
‎01-03-2020 09:21 AM
‎01-03-2020 09:21 AM

In the upper right corner of the request pane there are 2 tabs. Click the one that says "Raw". Does that get you what you're looking for?

0 Kudos
PhilAJ52
Occasional Contributor
In response to jaforrest21
‎01-03-2020 10:53 AM
‎01-03-2020 10:53 AM

NO jaforrest - that shows the SOAP envelope that is Returned - but doeesn't contain the username / password.

0 Kudos
jaforrest21
Occasional Contributor
In response to PhilAJ52
‎01-03-2020 10:55 AM
‎01-03-2020 10:55 AM

Sorry, I meant upper left. Mine shows the http header with the basic auth encrypted and embedded in the Authorization

0 Kudos
jaforrest21
Occasional Contributor
In response to jaforrest21
‎01-03-2020 11:08 AM
‎01-03-2020 11:08 AM

Mine has the username and password encrypted using RFC2045-MIME variant of Base64. You can use a Base64 decoder like https://www.base64decode.org/ to validate it.

Untitled1.png 

0 Kudos
PhilAJ52
Occasional Contributor
In response to jaforrest21
‎01-03-2020 11:08 AM
‎01-03-2020 11:08 AM

Ok - but no it isn't there....see below

 

 

SoapUI1.jpg

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: