0

We have searched and searched and still cannot seem to get a resolution to this issue. We have a REST web service and are trying to access it from our Android app. The web service URL work when accessed from a web browser or from the Advanced Rest Client extension in Chrome. Our URL looks like:

http://10.52.1.1:8080/GPService/Tenants(Name=DefaultTenant)/Companies(Fabrikam,%20Inc.)/Items(128%20SDRAM).JSON

And once this is typed into the browser we are prompted for credentials. After credentials are entered, the JSON result is returned.

In our Android app we are trying the following:

    Authenticator.setDefault(new Authenticator() {
        protected PasswordAuthentication getPasswordAuthentication() {
            return new PasswordAuthentication("domain\\user", "password".toCharArray());
        }
    });

    URL url = new URL(urlstring);
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
    conn.setDoOutput(false);
    conn.setDoInput(true);
    conn.setRequestMethod("GET");
    conn.setConnectTimeout(60000);
    InputStream istream = conn.getInputStream();

Any ideas what we are doing wrong? We tried different methods, similar to this Connecting to remote URL which requires authentication using Java and http://www.muneebahmad.com/index.php/archives/127 but with no success at all, we are constantly getting the 401 Unauthorized error.

As per a comment received: our service is using NTLM authentication.

Thanks for any help!

Community
  • 1
  • 1
user2573690
  • 5,493
  • 9
  • 43
  • 61
  • What kind of authentication your web service is using? Form or Basic? – Juned Ahsan Sep 09 '14 at 21:13
  • @JunedAhsan we are actually using NTLM authentication. Added that detail to the original question. – user2573690 Sep 09 '14 at 21:15
  • Did you check the answer here: http://stackoverflow.com/questions/20505207/android-authentication-scheme-ntlm-not-supported. Android doesn't actually have a concrete implementation of Authenticator that does NTLM. – Erik Nedwidek Sep 09 '14 at 21:25
  • @ErikNedwidek we did take a look at that example but for some reason it doesn't look like its even going into the Authenticator part of the code. We placed a Print statement inside the getPasswordAuthentication() method and it using the debugger we don't even hit that statement/breakpoint. – user2573690 Sep 09 '14 at 21:41
  • *nods*. Yes, I believe that is to be expected. The PasswordAuthentication is just a holder for the user/password pair. The concrete implementation of Authenticator calls getPassword when it needs it. When the HttpUrlConnection object sees WWW-Authenticate: NTLM header, it realizes that it doesn't have a concrete implementation for that method and leaves the connection as 401. Actually rereading the documentation, it says that the Android HttpUrlConnection only supports basic auth. – Erik Nedwidek Sep 09 '14 at 22:22
  • Throwing some sort of AuthenticationMethodNotSupported exception would be about 100x more useful than leaving it at the 401. – Erik Nedwidek Sep 09 '14 at 22:24
  • @ErikNedwidek that makes sense. Is there any NTLM implementation that you know of or can suggest to allow NTLM in Android? In the link you sent previously I know there are some libraries we can include, is that our best bet for getting NTLM authentication to work? – user2573690 Sep 09 '14 at 23:11
  • I'm not aware of any others than that one. NTLM uses a 4 way handshake as detailed here: http://www.innovation.ch/personal/ronald/ntlm.html. So a library seems like it'd be much easier than rolling your own solution. – Erik Nedwidek Sep 09 '14 at 23:16
  • An example using HttpURLConnection : http://stackoverflow.com/a/34321230/2073804 – ron190 Dec 20 '15 at 02:49

2 Answers2

0

conn.setRequestProperty("Authorization", "Basic " + Base64.encodeToString("usernameUsed:passwordUsed".getBytes(), Base64.NO_WRAP));

Above code worked for me.

rajeesh
  • 937
  • 10
  • 11
0

I had the same issue. In my case, I was sending a timestamp (base encoded) as one of the headers. The device's (in which I was testing) time was set to a past time which made authorization failure.

(I know this post is old. Just added my experience, it might be of use to someone)

Rakesh
  • 1,205
  • 1
  • 14
  • 33