Php writes webservice, how to solve the verification problem? -Php Tutorial

Source: Internet
Author: User
Tags send cookies
Php writes webservice, how to solve the verification problem? After checking some information, it seems that every time you call the webservice method, you need to attach the customer verification information. can you log on like a normal web browser, do I need to provide customer verification information for any access during the session period?


Reply to discussion (solution)

Reserve id in session

It is determined by the webservice provider!

It is determined by the webservice provider!

It is determined not only by the webservice provider, but also by the access method. for example, if you use basic for verification and use a browser for access, a verification box is displayed. if the verification passes, a prompt box is not displayed when the same process accesses the website again.

My problem is that if curl requests webservice, it seems that verification information must be provided each time to complete the call. Is there a solution for verification?

You can check whether the cookie contains a value such as id in the HTTP header. this value must be sent to the server each time a request is sent.

You can check whether the cookie contains a value such as id in the HTTP header. this value must be sent to the server each time a request is sent.

The idea is still incomplete

You are talking about browser verification.
User: $ _ SERVER ['php _ AUTH_USER ']
Password: $ _ SERVER ['php _ AUTH_PW ']

Reference: http://php.net/manual/en/features.http-auth.php

Function authenticate () {header ('www-Authenticate: Basic realm = "" '); header ('http/1.0 401 unauthorized '); echo "You must enter a valid login ID and password to access this resource \ n"; exit;} if (addslashes ($ _ SERVER ['php _ AUTH_USER '])! = 'Adminname' | addslashes ($ _ SERVER ['php _ AUTH_PW '])! = 'Adminadmin') {header ('www-Authenticate: Basic realm = "" '); header ('http/1.0 401 unauthorized'); echo "Sorry, you do not have permission to enter! User = ". $ _ SERVER ['php _ AUTH_USER ']. "password = ". $ _ SERVER ['php _ AUTH_PW ']; // I added this sentence for testing.} enter else {echo! User = ". $ _ SERVER ['php _ AUTH_USER ']. "password = ". $ _ SERVER ['php _ AUTH_PW ']; // I added this sentence for testing. echo"

Welcome: {$ _ SERVER ['php _ AUTH_USER ']}
"; // Echo" Old: {$ _ REQUEST ['oldauth ']} "; // echo"

\ N "; echo date ('H: I: s ')."
"; // Pause for 10 seconds sleep (10); // restart echo date ('H: I: s'); header ('www-Authenticate: basic realm = "" '); header ('http/1.0 401 unauthorized');} // you can use it directly to see if you want the result.

You are talking about browser verification.
User: $ _ SERVER ['php _ AUTH_USER ']
Password: $ _ SERVER ['php _ AUTH_PW ']

Reference: http://php.net/manual/en/features.http-auth.php


It should not be what I want. I want to ask two questions:

1. what authentication mechanisms does the open webservice provide? For example, if I say key is a type, http basic verification is also a type, and what other methods are there?

2. I want to know which verification mechanisms are for this purpose: Is there a verification mechanism? When php calls webservice, it only needs to send verification information in the first request, subsequent calls do not need to be verified again-similar to the process of browsing a common page. after you fill in the login information, as long as no timeout occurs, you do not need to log on to any other pages on the website.

Reply by referencing ihefe on the 7 th floor:

You are talking about browser verification.
User: $ _ SERVER ['php _ AUTH_USER ']
Password: $ _ SERVER ['php _ AUTH_PW ']

Reference: http://php.net/manual/en/features.http-auth.php



It should not be what I want. I want to ask two questions:

1. what authentication mechanisms does the open webservice provide? Than ......
This is verification only once. Have you tried the code I gave you? Put the last
Echo date ('H: I: s ');
Header ('www-Authenticate: Basic realm = ""');
Header ('http/1.0 401 unauthorized ');

Remove

Er, that is, http basic verification.

Looking back at this issue today, it seems that curl can be used to send cookies.

Myservice. php

Myproxy. php

Myclient. php

After logging on to myclient. php (or other places), you can directly access myproxy. php and request myservice. php through curl together with cookie in myproxy. php.

What are your comments?

Lz can fully adopt the session mechanism. when you send a request, you establish a session on the server side. after the server processes the user request, it sends the sid to the client, the client can record the information in the cookie. as long as the sid does not expire, verification information does not need to be sent again. Session provides this mechanism.

Lz can fully adopt the session mechanism. when you send a request, you establish a session on the server side. after the server processes the user request, it sends the sid to the client, the client can record the information in the cookie. as long as the sid does not expire, verification information does not need to be sent again. Session provides this mechanism.


But how does the session mechanism apply to webservice?

Reserve id in session

Reserve id in session

It is not clear enough. what is the difference between it and the method I used to pass the verification through the curl proxy?

You do not need to pass the password every time. This poses a security risk and can be solved with a temporary token.

Can I disable cookies, sessions, and other similar mechanisms?

Ah, PHP is not perfect.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.