ID: 31747 User updated by: Jared dot Williams1 at ntlworld dot com Reported By: Jared dot Williams1 at ntlworld dot com Status: Closed Bug Type: SOAP related Operating System: Windows 2000/IIS PHP Version: 5CVS-2005-01-28 (dev) Assigned To: dmitry New Comment:
Using php5-win32-200502021130 snapshot. Now works, with the authentication option present, or missing. Response Headers: HTTP/1.1 200 OK Transfer-Encoding: chunked Date: Wed, 02 Feb 2005 11:58:04 GMT Content-Type: text/xml; charset=utf-8 Server: Orion/2.0.2 Response: <?xml version='1.0' encoding='utf-8'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:SOAP-ENC='http://schemas.xmlsoap.org/soap/encoding/'> <SOAP-ENV:Body> <ns1:downloadResponse SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:ns1='urn:TMSWebServices'> <xtvdResponse xsi:type='ns1:xtvdResponse'> <messages xsi:type='ns1:messages'> ... Previous Comments: ------------------------------------------------------------------------ [2005-02-02 11:39:59] [EMAIL PROTECTED] Fixed in CVS (HEAD and PHP_5_0). Please verify me. I haven't login on labs.zap2it.com. With new version you can use additional otpion 'authentication' => SOAP_AUTHENTICATION_DIGEST in SoapClient constructor. This option is not necessary, however without it SOAP will first try to login using basic authentication and then using digest authentication. ------------------------------------------------------------------------ [2005-01-28 19:46:29] Jared dot Williams1 at ntlworld dot com Description: ------------ This is related to http://bugs.php.net/bug.php?id=28041 Using the php5.0-win32-200501280930 snapshot, still seem unable to use Digest Authentication against labs.zap2it.com. Request Headers: POST /tvlistings/xtvdService HTTP/1.1 Host: datadirect.webservices.zap2it.com Connection: Keep-Alive User-Agent: PHP SOAP 0.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "urn:TMSWebServices:xtvdWebService#download" Content-Length: 584 Authorization: Basic ******************* Does appear to be sending Basic authentication details, even thou the service requests only digest. (Security issue). WWW-Authenticate Digest realm="TMSWebServiceRealm", nonce="********************************************************************************", opaque="****************", algorithm=MD5, qop="auth" Reproduce code: --------------- $client = new SoapClient('xtvd.wsdl', array( 'trace' => 1, 'exceptions' => 0, 'login' => USER, 'password' => PASSWORD)); $result = $client->download(time() - 60*3, time() + 60*60*12); echo "<pre>\n"; echo "Response Headers:\n", htmlspecialchars($client->__getLastResponseHeaders()), "\n"; echo "Response:\n", htmlspecialchars($client->__getLastResponse()),"\n"; echo "</pre>"; ?> Expected result: ---------------- XML listings Actual result: -------------- Response Headers: HTTP/1.1 100 Continue Date: Fri, 28 Jan 2005 18:41:23 GMT Server: Orion/2.0.2 Response: <HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY><H1>401 Unauthorized</H1></BODY></HTML> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31747&edit=1
