Symfony2 authentication using a webservice

0
votes

My application uses a webservice to check if the username and password are correct. I just send the username and password from the login form in a simple manner like this:

https://host/check?user=admin&password=12345"

The webservice is on another server and it's only accessible from the app also the communication is encrypted.

After authentication the webservice returns all the information i need about the user (name, email etc) so because of this i don't keep anything in the database.

In symfony 1 this was very easy to do but i see that the symfony 2 security component likes to complicate the things a lot.

What is the best approach to implement this kind of authentication in symfony 2?

Thank you

3
phpweb-servicessymfonyauthentication

3 Answers

3
votes

I believe that what you want to do has it's own page in the documentation. Take a look at How to create a custom user provider, it gives a nice walkthrough of how you can use a webservice to authenticate your user.

UPDATE:

Yes, the link I shared tells you how to create a User Provider. And that is exactly what you must do. In the very first paragraph of this page, it says:

When a user submits a username and password, the authentication layer asks the configured user provider to return a user object for a given username.

So you need to create a class that extends the UserInterface, and this class should have all the properties that are returned from your web service (also by default, the UserInterface requires a few properties, such as username, password, salt, and roles. But salt and roles can be blank if you don't use them).

Then you create a User Provider that implements the UserProviderInterface. This will make it so that the function loadUserByUsername is called when you perform a login. In this function, you perform your webservice request, sending the credentials. The response of your request can then be mapped to your User class that you created. Then you return the User object that you created with the data that was returned from your webservice.

In order for Symfony to know that you want to use your custom User Provider for your form login, you need to create a service for your user provider. So in src/Acme/WebserviceUserBundle/Resources/config/services.yml (you may need to create the file), you can add a service as it outlines in the docs:

parameters:
    # path to the user provider you just created
    webservice_user_provider.class: Acme\WebserviceUserBundle\Security\User\WebserviceUserProvider

services:
    webservice_user_provider:
        class: "%webservice_user_provider.class%"

Once you have this service created, then you just tell your form login to use this custom provider. In security.yml:

security:
    providers:
        webservice:
            # this id is the name of the service you created
            id: webservice_user_provider

Also, if your password is encrypted in your webservice, you should make sure that Symfony encrypts it the same way to do the comparison. So in security.yml you can add

security:
    encoders:
        Acme\WebserviceUserBundle\Security\User\WebserviceUser: sha512 # or md5, or others
0
votes

In fact, you need an Authentication Provider and use WSSE security.

There is a lot of tutorials explaining how to set up WSSE for Symfony around the web.

-1
votes

I had the same problem with symfony2 and don't understand why this framework is working like this. It's very common to authenticate against a webservice by providing username and password and this is something you don't get out of the box in symfony2. I worked around the problem by passing username and password as one concatenated string separated by a special delimiter (something like ##||##) to the loadUserByUsername()-method. I don't remember the details but it was not to hard to modify the parts of the code where this method is called. So I could call the webservice's authentication service within the loadUserByUsername()-method by providing username and password and when getting back a user let symfony do the rest.