HTTP basic authentication in SOAP::Lite

mohan2monks has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks, I am accessing a .NET based web service using PERL's SOAP::Lite module. Though the code is working fine for me during one of perforamnce tests by the service provider the guy from other end told me that he is receiving requests from my server twice the first one being sent as a null request and the other one which i actually want to send. I get the response correctly and my trace log also shows request being sent and response received as it should be, This service requires a HTTP authorisation which i do as directed in module, after much discussion with the service provider he told me that it might be happening because of my application sending first null request to authenticate which results in exception on their end and he also told that the clients written in .NET need to set a directive to TRUE in order to stop this kind of behaviour but unfortunately i dont know .NET and he is not aware of PERL.

I am writing this after searching on google and perlmonks about http basic authentication used in SOAP Lite but could manage to find questions about them not working correctly and not about the behaviour also tried to read code from LWP::Useragent to find out how it works but did not understand much of it. I request you to please tell me if this is because of authentication and how authentication works.

This is my code 
       #$PARAM has all the parameters needed to make client 
    use SOAP::Lite +trace =>'debug';
    my $xmlRequest = '<Request>'.(shift).'</Request>';
    my $xmlFilter = '<Filter>'.(shift).'</Filter>';
    my $webService = SOAP::Lite-> uri($PARAM->{NAMESPACE})
                   -> on_action(sub{sprintf '%s/%s', @_ })
                   -> outputxml("1")
                   -> proxy($PARAM->{ENDPOINT});
    my $response='';
    eval{
        $response = $webService->call(SOAP::Data->name("SubmitXml")->a
+ttr({xmlns => $PARAM->{NAMESPACE}}),
                          SOAP::Data->name(Profile => $PARAM->{PROFILE
+})->type('string'),
                                              SOAP::Data->name(Request
+ => $xmlRequest)->type('xml'),
                                              SOAP::Data->name(Filter 
+=> $xmlFilter)->type('xml')
                    );
     };
     if($@){print $@;}

        print $response;



    sub SOAP::Transport::HTTP::Client::get_basic_credentials{ 
    return $PARAM->{USER_ID} => $PARAM->{PASS};
    }

    Trace reported by Client

    SOAP::Transport::new: ()
    SOAP::Serializer::new: ()
    SOAP::Deserializer::new: ()
    SOAP::Parser::new: ()
    SOAP::Lite::new: ()
    SOAP::Transport::HTTP::Client::new: ()
    SOAP::Data::new: ()
    SOAP::Data::new: ()
    SOAP::Data::new: ()
    SOAP::Data::new: ()
    SOAP::Lite::call: ()
    SOAP::Serializer::envelope: ()
    SOAP::Serializer::envelope: SOAP::Data=HASH(0xeb4240) SOAP::Data=H
+ASH(0xeb58f0) SOAP::Data=HASH(0xeb59b0) SOAP::Data=HASH(0xeb5a70)
    SOAP::Data::new: ()
    SOAP::Data::new: ()
    SOAP::Data::new: ()
    SOAP::Data::new: ()
    SOAP::Transport::HTTP::Client::send_receive: HTTP::Request=HASH(0x
+ee4820)
    SOAP::Transport::HTTP::Client::send_receive: POST https://webservi
+ces.xxxxxxxx.com HTTP/1.1
    Accept: text/xml
    Accept: multipart/*
    Accept: application/soap
    Content-Length: 2025
    Content-Type: text/xml; charset=utf-8
    SOAPAction: http://webservices.xxxxxxx.com/SubmitXml



    <?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:xsi="ht
+tp://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schema
+s.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSc
+hema" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 
+xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><Su
+bmitXml xmlns="http://webservices.xxxxxx.com"><Profile xsi:type="xsd:
+string"></Profile><Request></Request><Filter><_/></Filter></SubmitXml
+></soap:Body></soap:Envelope>
    SOAP::Transport::HTTP::Client::send_receive: HTTP::Response=HASH(0
+x1215920)
    SOAP::Transport::HTTP::Client::send_receive: HTTP/1.1 200 OK
    Connection: close
    Date: Thu, 02 Apr 2009 10:38:09 GMT
    Server: Apache-Coyote/1.1
    Content-Type: text/xml;charset=utf-8
    Client-Date: Thu, 02 Apr 2009 10:35:43 GMT
    Client-Peer: 12.17.227.105:443
    Client-Response-Num: 1
    Client-SSL-Cert-Issuer: /C=US/O=Equifax/OU=Equifax Secure Certific
+ate Authority
    Client-SSL-Cert-Subject: /C=US/ST=Georgia/L=Atlanta
    Client-SSL-Cipher: RC4-MD5


    <?xml version="1.0" encoding="UTF-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/e
+nvelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="htt
+p://www.w3.org/2001/XMLSchema-instance">
     <soapenv:Body><SubmitXmlResponse xmlns="http://webservices.xxxxx.
+com"><SubmitXmlResult>
     </SubmitXmlResult></SubmitXmlResponse></soapenv:Body></soapenv:En
+velope>
    SOAP::Lite::DESTROY: ()
    SOAP::Deserializer::DESTROY: ()
    SOAP::Parser::DESTROY: ()
    SOAP::Transport::DESTROY: ()
    SOAP::Transport::HTTP::Client::DESTROY: ()
    SOAP::Serializer::DESTROY: ()
    SOAP::Data::DESTROY: ()
    SOAP::Data::DESTROY: ()
    SOAP::Data::DESTROY: ()
    SOAP::Data::DESTROY: ()
    SOAP::Data::DESTROY: ()
    SOAP::Data::DESTROY: ()
    SOAP::Data::DESTROY: ()
    SOAP::Data::DESTROY: ()
[download]

Comment on HTTP basic authentication in SOAP::Lite Download Code

Replies are listed 'Best First'.
Re: HTTP basic authentication in SOAP::Lite by Corion (Patriarch) on Apr 03, 2009 at 07:40 UTC
Note: I haven't done anything with SOAP::Lite. It seems that SOAP::Transport::HTTP is using LWP::UserAgent under the hood, which would explain the double-request approach, because that's what LWP::UserAgent does if you're not specific enough in supplying your credentials. The first and possibly simplest approach to fixing this would be to include the credentials in the URL, that is `http://${USER}:${PASS}@webservices.xxxxx.com`. This is possibly less than ideal if the URL is visible somewhere. The next approach would be not to use `SOAP::Transport::HTTP::Client::get_basic_credentials` but to use the `credentials` method to set the credentials for the hostname. I don't know if you can get at the client instance that SOAP::Lite will use - this would be preferrable to overriding the `credentials` method in `SOAP::Transport::HTTP::Client`.	[reply] [d/l] [select]
Re: HTTP basic authentication in SOAP::Lite by jhourcle (Prior) on Apr 03, 2009 at 15:05 UTC
The first request must be sent to retrieve the domain component to send for HTTP authentication. You can try using the 'credentials' method, and see if that'll prevent the extra request, but it'll make your client more fragile as it'll break if they change the domain, host, etc..	[reply]
Re: HTTP basic authentication in SOAP::Lite by rahed (Scribe) on Apr 17, 2009 at 13:41 UTC
You can also try basic authorization this way: `$authoriz = 'Basic '.encode_base64('passwd'); $webService->transport->http_request->headers->push_header('Authorizat +ion' => $authoriz);` [download] I had to encode into base64 to use this with some server.	[reply] [d/l]
Re^2: HTTP basic authentication in SOAP::Lite by rahed (Scribe) on Apr 17, 2009 at 13:48 UTC
Parameter to encode_base64 should actually read 'user:passwd'.	[reply]