Forum Discussion

PhilAJ52's avatar
PhilAJ52
Occasional Contributor
5 years ago

SOAP UI - Basic Authentication - where do I find it in Server Code?

I have a SOAP Server written in PHP - and am Testing using SOAP UI. Everything works fine and returns results as expected.

 

I am now trying to add in Basic Authentication - have set up in SOAP UI with Username and Password - BUT can't find how to check it in the Server code?

 

I was expecting the credentials to be in the [SERVER] object passed to the server - but they are not.

 

Can anyone help and advise how I check these items?

 

Thanks

 

Phil

Authentication
Data-Driven Testing
php
Scripting
SOAP
SoapUI
  • jaforrest21's avatar
    jaforrest21
    5 years ago

    I have to use a domain value, not sure if that matters for you. And you've tried "Authenticate pre-emptively" instead of "Use global preference"?

  • AlexKaras's avatar
    AlexKaras
    Champion Level 3
    5 years ago

    Hi,

     

    Not sure if I got the question...

    Authentication is usually handled by web server itself and you, as a user (developer or regular one) should be either granted or denied access.

    You should be able to see login/password credentials in the request. For Basic Authentication they are passed in the request header, for SOAP, depending on the implementation, they can be passed in the Header section of SOAP Envelope (passed in the body of request).

    Depending on the implementation, you might be able to get an access to the login credentials on the server side in tested application's code, but I am not sure why you would need this for tests.

     

    Could you provide more details about your test and what you'd like to be able to do?

     

  • jaforrest21's avatar
    jaforrest21
    Occasional Contributor
    5 years ago

    not quite sure what you're asking. Are you just wanting to see confirm that the basic auth credentials are in the http header?

    • PhilAJ52's avatar
      PhilAJ52
      Occasional Contributor
      5 years ago

      Sorry for late reply, I've been away over Xmas. 

       

      Thanks for responses and help - I'll try to clarify my problem.

       

      What I have is a SOAP server, written in PHP.
      Before using SOAPUI I wrote a small test client of my own, and included a username and password in the definition of the client object;

      $uname = "ABCDE";
      $pword = "12345";
      $client = new SoapClient('http://xyz/abcWSDL.wsdl',array('trace'=>1,'exceptions'=>1, 'login'=>$uname,'password'=>$pword));

      then....

      $res = $client->function($params);

      Within the Server I was able to validate these values using; 

      $uname = "ABCDE";
      $pword = "12345";

      if(($_SERVER['PHP_AUTH_PW']!= $pword
 || $_SERVER['PHP_AUTH_USER'] != $uname)
 || !$_SERVER['PHP_AUTH_USER'])
    {
        header('WWW-Authenticate: Basic realm="Test auth"');
        header('HTTP/1.0 401 Unauthorized');
        echo 'Auth Failed';
        exit;
}

      Using SOAPUI I have set the Authorization to BASIC - together with a Username and Password, tried 'Pre-emptive auth' at both settings  - but don't see the values in the SERVER object that is received, nor in the http Header.

      Is there another setting somewhere in SOAP UI that will let me do what my own client code does?

       

      Thanks in Advance

       

       

       

    • jaforrest21's avatar
      jaforrest21
      Occasional Contributor
      5 years ago

      In the upper right corner of the request pane there are 2 tabs. Click the one that says "Raw". Does that get you what you're looking for?

      • PhilAJ52's avatar
        PhilAJ52
        Occasional Contributor
        5 years ago

        NO jaforrest - that shows the SOAP envelope that is Returned - but doeesn't contain the username / password.