php soap security

esmok

Hi,

I'm building web services for a exsisting application. It needs authentication for each clien request.
How i can do this - is it ok to use username & password in every request
Is ws-security is supported by php soap

Any suggesion regarding this will be a great help

Thanks

dougal85

As I understand it, data passed is just as secure as say, POST data. Unless you use SSL.

You can send information in the SOAP headers, so that would probably be the best place for the username/password. I don't know how to do it off the top of my head, I've used SOAP web services in .NET more than PHP.

You could consider using an encryption routine for the data if you can't make use of SSL.

Valdhor

I use WSSecurity from Oasis. You can read up on the details at wss-v1.1-spec-os-SOAPMessageSecurity.pdf.

If you need help in implementing WSSecurity, let me know (Also let me know if you are writing client, server or both).

samisa

You can use username token in WS-Security for this. PHP Web services framework has full support for WS-Security, you can try that.