Session-based authentication
Services provides the ability for clients to log in to a remote server as a specific user, and perform further actions using that session.
On the remote server:
1) Install Services, enable the Services, XMLRPC Server, and User Service
module.
2) Services run as the anonymous user, so you will need to modify the anonymous user's permissions as necessary. For this example, you will need to give the anonymous user 'access services' (under services_module) and 'get own user data' (under user_services module).
3) Go to Administer->Site Building->Services->Settings and check 'Use SessID'. Submit the form. All services calls are now required to include session ID information.
In order to prevent bots from cluttering up the sessions table, you must have an active anonymous session before logging in to Drupal. So that is the first thing we do with system.connect. This session ID is saved to the 'deploy_sessid' variable, which all other xmlrpc calls to the remote server pass.
// Get anon session. system.connect is the only service that does
// not require a sessionid even when you have 'Use Sess ID' checked.
$xmlrpc_url = 'http://localhost/services/xmlrpc';
$anon_session = xmlrpc($xmlrpc_url, 'system.connect');
// Use anon session id to login with authentication
$user = 'foo';
$password = 'bar';
$authenticated_session = xmlrpc($xmlrpc_url, 'user.login', $anon_session['sessid'], $user, $password);
// Now we have an anuthenticated session, and when this ID is passed to services, it will run under that user's permissions
$xmlrpc_result = xmlrpc($xmlrpc_url, 'user.get', $authenticated_session['sessid'], 0);
if ($xmlrpc_result === FALSE) {
print '<pre>' . print_r(xmlrpc_error(), TRUE) . '<pre>';
}
else {
print '<pre>' . print_r($xmlrpc_result, TRUE) . '<pre>';
}If this code runs successfully, then you should see the anonymous user's information printed. Otherwise you will see an error.
is this how anonymous amfphp
is this how anonymous amfphp services are 'secured' too?