CODEWITHSUNDEEP
phpwcfws-securitysamlsaml-2.0
F.B. ten Kate
F.B. ten Kate

Reputation: 2032

Consuming a WCF Service from PHP

first off let me "warn" you that i am not a PHP developer and am pretty clueless about PHP. I'm the developer of the WCF Service in question and am trying to support the PHP developer on staff who is trying to consume this service.

He doesn't have a Stackoverflow login and is to busy beeing pissed off at WCF to type anything without profanity ;-)

Anyhow, the service is using the following security configuration:

<security mode="Message">
   <message clientCredentialType="UserName" negotiateServiceCredential="true" algorithmSuite="Default" />
</security>

This means the message is encrypted over the line, i believe this requires a certificate which has been installed on the webserver and when consuming the service from .NET works without any problems at all.

We've looked at fiddler communication and suspect RequestSecurityTokenResponse to be of import. I'm suspecting a handshake where a securitytoken is requested by the client, this is generated with a GUID as reference, the value is used to encrypt the request and the GUID is send as a reference.

This is all speculation though, so far we have been unable to get the requests to even remotely look the same.

Any pointers in the right direction would be much appreciated.

So far we're trying this with WSE-PHP, which can be found through google.

EDIT:

We've been able to confirm our thoughts with Fiddler and working clients do seem to do a handshake, there are three requests (and responses) in total which seem to exchange only security information, they are calling the following actions:

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT

After this last call a request is made with an action which seems to indicate a call to the actual webservice method:

http://XXXXXXXXXXXXXX/WCF/ICompany/TestConnection

This seems to have to do with SAML (i love you google) so i added this as a tag.

Upvotes: 1

Views: 5811

Answers (6)

Dessus
Dessus

Reputation: 2177

Why dont you setup a platform independent UI project using something like SOAP UI where it will enable you to have automated tests against your WCF service, guaranteeing your contracts are sound while benefiting the PHP consumer. The reason this benefits the PHP consumer is that he will have automated test cases which he can profile/run/precident he can use to make his php side of things.

One thing to note is that .net namespacing can cause issues for other languages with SOAP. I really really recommend you investigate SOAP UI or a free alternative. Possibly an alternative that is free is fiddler, however I believe that is not automated.

Here are some other helpers for your PHP consumer: http://weblogs.asp.net/gunnarpeipman/archive/2007/09/17/using-wcf-services-with-php.aspx https://github.com/geersch/WcfServicesWithPhp5

Upvotes: 1

Rahul Soni
Rahul Soni

Reputation: 11

After my long workout for Email WCF service with attachment. Now i am able to send an email from PHP using WCF service. Here is code snippet.

<?php
ini_set('display_errors',1);
require_once ('nusoap.php');


$parameters= new StdClass();
$parameters->emailinfo = new StdClass();


$fileAttachmentPath = 'example.csv'; 
$data = base64_encode(file_get_contents($fileAttachmentPath));
$parameters->emlinfo->NoFileInfo = true;
$parameters->emlinfo->FileNameWithExt = "example.csv";
$parameters->emlinfo->FileContentBase64 = $data;

//$parameters->emlinfo->FileAttachment = $parameters->ArrayOfFileAttachment;

//$parameters->emlinfo->FileAttachment = (array) $parameters->emlinfo->FileAttachment;

$parameters->emlinfo->MailTo='';
$parameters->emlinfo->MailFrom='';
$parameters->emlinfo->MailMessage='';
$parameters->emlinfo->MailBody='';
$parameters->emlinfo->MailSubject='';
$parameters->emlinfo->MailType='';
$parameters->emlinfo->UserId='';
$parameters->emlinfo->Password='';
$parameters->emlinfo->SmtpId='';
$parameters->emlinfo->Token='';
$parameters->emlinfo->ApplicationId='';
$parameters->emlinfo->VisitorName='';
$parameters->emlinfo->VendorId='';
$parameters->emlinfo->ReplyTo='';

try {

$braspag = new SoapClient('WSDL Sevice',

        array(
                'trace'                 => 1,
                'exceptions'            => 1,
                'style'                 => SOAP_DOCUMENT,
                'use'                   => SOAP_LITERAL,
                'soap_version'          => SOAP_1_1,
                'encoding'              => 'UTF-8'
        )

);

//$SendEmailResponse = $braspag->__getTypes();
$SendEmailResponse  = $braspag->SendEmail($parameters);
}
catch(SoapFault $fault) {
//echo 'Ocorreu um erro: ' , $fault->getMessage();
}

var_dump($parameters->emlinfo);
?>

Regards,
Rahul Soni.

Upvotes: 1

jlvaquero
jlvaquero

Reputation: 8785

If the server is configured with clientCredentialType="UserName" PHP consumer must use some WS-Security implementation to send Username and Password SOAP security headers to the server.

<soapenv:Envelope>  
<soapenv:Header>
<wsse:Security >
<wsse:UsernameToken>
<wsse:Username>bob</ wsse:Username>
<wsse:Password Type="PasswordText">bob1</ wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body> ... </soapenvBody> 
</soapenv:Envelope>

Keep in mind that the server can be configure to acept plain or hashed password. So the client must send plain or hashed password.

Upvotes: 0

symcbean
symcbean

Reputation: 48357

(this is a bit long to add as comment to Visual Stewart's answer)

clientCredentialType="UserName"....This means the message is encrypted over the line

Not really. The message is not encrypted, but it will be sent via SSL. From the published docs:

Username

Allows the service to require that the client be authenticated with a user name credential. Note that WCF does not allow any cryptographic operations with user names, such as generating a signature or encrypting data. WCF ensures that the transport is secured when using user name credentials.

--

Note the difference between the message and the transport.

Authentication may be derived from a client certificate used for the transport, or negotiated (NTLM).

Upvotes: 0

Visual Stuart
Visual Stuart

Reputation: 661

Yes, there is support for WS-Security in PHP. Some assembly is required. See, for example, Secured Web Services with PHP. The WS-* specifications are written and implemented for interoperability, that is, so that the will operate across different platforms, vendors, transports, and languages. It is widely adopted, and the 1.1 version has been an OASIS standard since 2006.

Perhaps it would help defuse the tenion and be instructive if your PHP developer would show the ability to consume any web service that uses WS-Security, just to take your service and WCF out of the equation for a little while.

Upvotes: 1

Elzo Valugi
Elzo Valugi

Reputation: 27856

I don't know a lot about WCF but it seems that is SOAP based. You can start by looking at php Soap functions. I see that also supports JSON communication, check JSON functions from php.

Upvotes: 0

Related Questions