I'm trying to connect my Android app to an IIS server using the HttpUrlConnection class.
My server needs the user to be authenticate, so it is sending the following challenge to the client :
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
My problem is that HttpUrlConnection doesn't seems to parse it. So getPasswordAuthentication() is never call, and it return an IOException "no authentication challenges found".
Here is my code :
Authenticator.setDefault(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("myUsername", "myPassword".toCharArray());
}
});
URL url = new URL(myUrl);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
conn.setRequestProperty("Accept-Encoding", "gzip");
conn.setRequestProperty("Accept-Charset", "UTF-8");
conn.setRequestProperty("Accept", "*/*");
conn.setRequestProperty("Connection", "close");
conn.setDoOutput(true);
conn.setDoInput(true);
try
{
conn.connect();
status_code = conn.getResponseCode();
}catch (IOException e) {
...
}
I'm really starting to think that NTLM challenge is just not supported by HttpUrlConnection. I saw some libraries that seems to do the work, but I would prefer not to use external libraries.
Can somebody confirm if it is possible or not to make HttpUrlConnection handle NTLM challenge without external libs?
I've only been able to make it work with HttpClient by setting the AuthScheme and the library below: http://jcifs.samba.org/src/jcifs-krb5-1.3.17.zip.
HttpClient httpclient = new HttpClient(httpParameters, context);
NTCredentials creds = new NTCredentials(“username”, “password”, "", "dir");
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(context.getString(“whatever is your main URL”), -1), creds);
httpclient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory());
Then you implement the the JCIFS engine and factory. You can find samples in http://hc.apache.org/httpcomponents-client-4.2.x/ntlm.html