Site

People

Authentication Plug-in for PHPBB using SOAP and .NET
Friday, June 27, 2008 1:21:08 AM (GMT Standard Time, UTC+00:00)

Whew.

Spent this evening firstly trying to get PHP to play nicely with my nice Windows 2003 Server, and then intalling PHPBB on top of that. Once that was done, I wanted to tie together PHPBB with my current authentication system. And that is where the fun really started.

There isn't a lot out there on writing authentication modules for PHPBB, most people seem to write plug-ins for other web software to authenticate against PHPBB rather than the other way around. I decided therefore that the best way would be to take the LDAP plug-in provided with PHPBB and rip the relevant bits out, replacing them with a SOAP web service call to my existing authentication system.

That's right, I'm authenticating across a web service instead of going directly into the database. I couldn't be faffed playing about with the hashing method I use in the ASP.NET application for salting the passwords and storing them in the database, so I decided to use my existing .NET code to do the legwork for me.

It wasn't actually that hard in the end, although I came across a few problems that I should probably document in case I ever have to try this again.

  1. Creating a SoapClient around my ASP.NET WSDL endpoint - remember to add ?wsdl to the end of the url for the web service, so that the SoapClient actually gets the wsdl instead of the html placeholder...
  2. Calling into the Webservice method.
    • $authToken = $Client->Login($username, $password); did not work
    • $authToken = $Client->Login( array( 'username' => $username, 'password' => $password, ) ); did work. I don't know why this is the case, as the docs didn't demonstrate this way of calling the method.
    • My web service method returns a 'string', but in PHP this is represented as a standard StdClass, meant to deal with potentially complex return types from the web service. The actual string, can be found in $authToken->LoginResult - go figure...

  3. In PHP, the md5 method returns a lower-case hexadecimal string. In .NET, most examples tend to use the format string "X2", which creates an upper-case hexadecimal string. Wrapping up the password hash with strotupper before passing it to .NET solved this.

The actual process of writing the authentication plug-in couldn't be simpler using the LDAP plug-in as a base. Simply take the username and password, and attempt to authenticate against the web service. If this fails, then try going through the database directly. If it succeeds and the user doesn't exist in PHPBB, then tell PHPBB to create the user. Store the password in a PHPBB hash and retrieve the user's details from the web service. If it exists, then just make sure the password is up to date and carry on.
This way, if the web service goes down due to Scrobbles being updated or whatever, my users can still log in and complain on the forums. Happy days.

# Disclaimer Comments [0] Trackback

Feeds

  • RSS 2.0 RSS
  • Atom 1.0 ATOM

Recent

Pushing hard
JsonFX and the MSScriptControl
On Scrobbles and Work
Tan Hill
Scrobbles Progress
Scrobbles, A Continuation
Kendal Calling 2008
Making Flags

Archive

January, 2009 (1)
October, 2008 (1)
September, 2008 (2)
August, 2008 (3)
July, 2008 (7)
June, 2008 (16)
May, 2008 (1)
March, 2008 (3)
January, 2008 (2)
December, 2007 (1)
November, 2007 (2)
October, 2007 (2)
September, 2007 (2)
August, 2007 (2)
July, 2007 (3)
May, 2007 (4)
March, 2007 (1)
February, 2007 (3)
January, 2007 (7)

Categories

 
 
 
 
 
 
 
 
 

Admin

Sign In