<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
<title>gSOAP HTTP Digest Authentication: </title>
<link href="doxygen.css" rel="stylesheet" type="text/css">
</head><body>
<!-- Generated by Doxygen 1.3.8 -->
<div class="qindex"><a class="qindex" href="index.html">Main Page</a> | <a class="qindex" href="annotated.html">Class List</a> | <a class="qindex" href="files.html">File List</a> | <a class="qindex" href="functions.html">Class Members</a> | <a class="qindex" href="globals.html">File Members</a> | <a class="qindex" href="pages.html">Related Pages</a></div>
Additional build steps required:<ul>
<li>Compile all sources with -DWITH_OPENSSL</li><li>Link libgsoapssl (libgsoapssl++), or use the lib's stdsoap2.c/.cpp source</li><li>Compile and link with plugin/httpda.c, plugin/md5evp.c, and plugin/threads.c</li></ul>
<h2><a class="anchor" name="httpda_1">
Client-Side Usage</a></h2>
HTTP Basic Authentication is the default authentication supported by gSOAP. The credentials for client-side use age set with:<p>
<div class="fragment"><pre>soap.userid = <span class="stringliteral">"<userid>"</span>;
soap.passed = <span class="stringliteral">"<passwd>"</span>;
<span class="keywordflow">if</span> (soap_call_ns__method(&soap, ...))
... <span class="comment">// error</span>
</pre></div><p>
HTTP Basic Authentication should never be used over plain HTTP, because the user ID and password are sent in the clear. It is safe(r) to use over HTTPS, because the HTTP headers and body are encrypted.<p>
The better alternative is to use HTTP Digest Authentication, which uses the digest (hash value) of the credentials and avoids a plain-text password exchange.<p>
To use HTTP Disgest Authentication with gSOAP, register the http_da plugin:<p>
<div class="fragment"><pre><span class="preprocessor">#include "<a class="code" href="httpda_8h.html">httpda.h</a>"</span>
soap_register_plugin(&soap, http_da);
</pre></div><p>
To make a client-side service call:<p>
<div class="fragment"><pre><span class="keyword">struct </span><a class="code" href="structhttp__da__info.html">http_da_info</a> info;
<a class="code" href="httpda_8h.html#a6">http_da_save</a>(&soap, &info, <span class="stringliteral">"<authrealm>"</span>, <span class="stringliteral">"<userid>"</span>, <span class="stringliteral">"<passwd>"</span>);
<span class="keywordflow">if</span> (soap_call_ns__method(&soap, ...))
... <span class="comment">// error</span>
</pre></div><p>
The "<authrealm>" is a string that is associated with the server's realm. It can be obtained after an unsuccesful non-authenticated call:<p>
<div class="fragment"><pre><span class="keywordflow">if</span> (soap_call_ns__method(&soap, ...))
{
<span class="keywordflow">if</span> (soap.error == 401) <span class="comment">// HTTP authentication is required</span>
{
<span class="keyword">const</span> <span class="keywordtype">char</span> *realm = soap.authrealm;
...
}
<span class="keywordflow">else</span>
... <span class="comment">// error</span>
}
</pre></div><p>
Before a second call is made to the same endpoint that requires authentication, you must restore the authentication state and then finally release it:<p>
<div class="fragment"><pre><span class="keyword">struct </span><a class="code" href="structhttp__da__info.html">http_da_info</a> info;
<a class="code" href="httpda_8h.html#a6">http_da_save</a>(&soap, &info, <span class="stringliteral">"<authrealm>"</span>, <span class="stringliteral">"<userid>"</span>, <span class="stringliteral">"<passwd>"</span>);
<span class="keywordflow">if</span> (soap_call_ns__method(&soap, ...))
... <span class="comment">// error</span>
<a class="code" href="httpda_8h.html#a7">http_da_restore</a>(&soap, &info);
<span class="keywordflow">if</span> (soap_call_ns__method(&soap, ...))
... <span class="comment">// error</span>
soap_destroy(&soap); <span class="comment">// okay to dealloc data</span>
soap_end(&soap); <span class="comment">// okay to dealloc data</span>
<a class="code" href="httpda_8h.html#a7">http_da_restore</a>(&soap, &info);
<span class="keywordflow">if</span> (soap_call_ns__method(&soap, ...))
... <span class="comment">// error</span>
<a class="code" href="httpda_8h.html#a8">http_da_release</a>(&soap, &info);
soap_destroy(&soap);
soap_end(&soap);
soap_done(&soap);
</pre></div><h2><a class="anchor" name="httpda_2">
Client Eample</a></h2>
<div class="fragment"><pre>soap_register_plugin(&soap, http_da);
<span class="comment">// try calling without authenticating</span>
<span class="keywordflow">if</span> (soap_call_ns__method(&soap, ...))
{
<span class="keywordflow">if</span> (soap.error == 401) <span class="comment">// HTTP authentication is required</span>
{
<span class="keywordflow">if</span> (!strcmp(soap.authrealm, authrealm)) <span class="comment">// check authentication realm</span>
{
<span class="keyword">struct </span><a class="code" href="structhttp__da__info.html">http_da_info</a> info; <span class="comment">// to store userid and passwd</span>
<a class="code" href="httpda_8h.html#a6">http_da_save</a>(&soap, &info, authrealm, userid, passwd);
<span class="comment">// call again, now with credentials</span>
<span class="keywordflow">if</span> (soap_call_ns__method(&soap, ...) == SOAP_OK)
{
... <span class="comment">// process response data</span>
soap_end(&soap);
... <span class="comment">// userid and passwd were deallocated (!)</span>
<a class="code" href="httpda_8h.html#a7">http_da_restore</a>(&soap, &info); <span class="comment">// get userid and passwd after soap_end()</span>
<span class="keywordflow">if</span> (!soap_call_ns__method(&soap, ...) == SOAP_OK)
... <span class="comment">// error</span>
<a class="code" href="httpda_8h.html#a8">http_da_release</a>(&soap, &info); <span class="comment">// free data and remove userid and passwd</span>
</pre></div><h2><a class="anchor" name="httpda_3">
Server-Side Usage</a></h2>
Server-side HTTP Basic Authentication can be enforced by simply checking the soap.userid and soap.passwd values in a service method that requires client authentication:<p>
<div class="fragment"><pre>soap_register_plugin(&soap, http_da);
...
soap_serve(&soap);
...
int ns__method(<span class="keyword">struct</span> soap *soap, ...)
{
<span class="keywordflow">if</span> (!soap->userid || !soap->passwd || strcmp(soap->userid, <span class="stringliteral">"<userid>"</span>) || strmp(soap->passwd, <span class="stringliteral">"<passwd>"</span>))
<span class="keywordflow">return</span> 401; <span class="comment">// HTTP authentication required</span>
...
}
</pre></div><p>
HTTP Digest Authentication is verified differently:<p>
<div class="fragment"><pre>soap_register_plugin(&soap, http_da);
...
soap_serve(&soap);
...
int ns__method(<span class="keyword">struct</span> soap *soap, ...)
{
<span class="keywordflow">if</span> (soap->authrealm && soap->userid)
{
passwd = ... <span class="comment">// database lookup on userid and authrealm to find passwd</span>
<span class="keywordflow">if</span> (!strcmp(soap->authrealm, authrealm) && !strcmp(soap->userid, userid))
{
<span class="keywordflow">if</span> (!<a class="code" href="httpda_8h.html#a4">http_da_verify_post</a>(soap, passwd)) <span class="comment">// HTTP POST DA verification</span>
{
... <span class="comment">// process request and produce response</span>
<span class="keywordflow">return</span> SOAP_OK;
}
}
}
soap->authrealm = authrealm; <span class="comment">// realm to send to client</span>
<span class="keywordflow">return</span> 401; <span class="comment">// Not authorized, challenge with digest authentication</span>
</pre></div><p>
The <a class="el" href="httpda_8h.html#a4">http_da_verify_post()</a> function checks the HTTP POST credentials. To verify an HTTP GET operation, use <a class="el" href="httpda_8h.html#a5">http_da_verify_get()</a>.<h2><a class="anchor" name="httpda_4">
Server Example</a></h2>
<div class="fragment"><pre>soap_register_plugin(&soap, http_da);
...
soap_serve(&soap);
...
int ns__method(<span class="keyword">struct</span> soap *soap, ...)
{
<span class="keywordflow">if</span> (soap->userid && soap->passwd) <span class="comment">// Basic authentication</span>
{
<span class="keywordflow">if</span> (!strcmp(soap->userid, userid) && !strcmp(soap->passwd, passwd))
{
... <span class="comment">// can also check soap->authrealm </span>
... <span class="comment">// process request and produce response</span>
<span class="keywordflow">return</span> SOAP_OK;
}
}
<span class="keywordflow">else</span> <span class="keywordflow">if</span> (soap->authrealm && soap->userid) <span class="comment">// Digest authentication</span>
{
passwd = ... <span class="comment">// database lookup on userid and authrealm to find passwd</span>
<span class="keywordflow">if</span> (!strcmp(soap->authrealm, authrealm) && !strcmp(soap->userid, userid))
{
<span class="keywordflow">if</span> (!<a class="code" href="httpda_8h.html#a4">http_da_verify_post</a>(soap, passwd)) <span class="comment">// HTTP POST DA verification</span>
{
... <span class="comment">// process request and produce response</span>
<span class="keywordflow">return</span> SOAP_OK;
}
}
}
soap->authrealm = authrealm; <span class="comment">// realm to send to client</span>
<span class="keywordflow">return</span> 401; <span class="comment">// Not authorized, challenge with digest authentication</span>
}
</pre></div><h2><a class="anchor" name="httpda_5">
HTTP Digest Authentication Limitations</a></h2>
HTTP Digest Authentication cannot be used with streaming MTOM/MIME/DIME attachments. Streaming is turned off by the plugin and attachment data is buffered. <hr size="1"><address style="align: right;"><small>Generated on Thu Apr 22 14:04:00 2010 for gSOAP HTTP Digest Authentication by
<a href="http://www.doxygen.org/index.html">
<img src="doxygen.png" alt="doxygen" align="middle" border=0 ></a> 1.3.8 </small></address>
</body>
</html>
