Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to use Digest authentication in android?

Tags:

android

I am creating an Android app where I am authenticating username/password through a server.Initially server was implementing Basic authentication so my code was working fine but now server has changed to Digest authentication so my old code is not working.

What changes should do make for using Digest authentication?

My code is as follows:

private boolean authenticateUser() 

{

   try 
   {
        String url_str = "http://serverweb.com/checkauthentication.php"; 

        HttpPost post = new HttpPost(url_str);

        Log.v("AUTHENTICATION URL = ", url_str);
        post.addHeader("Authorization","Basic "+getCredentials());
        ResponseHandler<String> responseHandler=new BasicResponseHandler();
        String response_body = client.execute(post, responseHandler);

        Log.v("SERVER RESPONSE DATA = ", response_body);

        XMLDataParser.parseXML(XMLDataParser.USER_INFORMATION_PARSER_CODE, response_body);

        List<Cookie> cookies = client.getCookieStore().getCookies();
        if (!cookies.isEmpty()) 
        {
         for (int i = 0; i < cookies.size(); i++) 
         {
           XMLData.cookie = cookies.get(i);
         }
        }

        return true;
    }
    catch (MalformedURLException mue) 
    { 
      Log.i("MalformedURLException", " "+mue.getMessage());
      displayDialog("User Does Not exist");
      return false;
    } 
    catch (IOException ioe) 
    { 
       Log.i("IOException", " "+ioe.getMessage());
       displayDialog("User Does Not exist");
       return false;
    }
    catch (Exception e) 
    { 
       Log.i("Exception", " "+e.getMessage());
       displayDialog("Error");
       return false;
    }
}
private String getCredentials()
{
    String u=edit_username.getText().toString();
    String p=edit_password.getText().toString();

    Log.v("USER NAME = ",u);
    Log.v("PASSWORD = ",p);
    return(Base64.encodeBytes((u+":"+p).getBytes()));
}
like image 655
Arun Badole Avatar asked Jul 15 '11 08:07

Arun Badole


People also ask

How do I enable Digest Authentication?

In Control Panel, click Programs and Features, and then click Turn Windows features on or off. Expand Internet Information Services, expand World Wide Web Services, expand Security, and then select Digest Authentication. Click OK.

What is Digest Authentication at account?

Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller. The domain controller sends a special key, called a digest session key, to the server that received the original request.

What is the difference between Basic Authentication and Digest Authentication?

Digest Authentication communicates credentials in an encrypted form by applying a hash function to: the username, the password, a server supplied nonce value, the HTTP method and the requested URI. Whereas Basic Authentication uses non-encrypted base64 encoding.

What is Digest Authentication in API?

When an HTTP Digest Authentication filter is configured, API Gateway requests the client to present a user name and password digest as part of the HTTP digest challenge-response mechanism. API Gateway can then authenticate this user against a user profile stored in the API Gateway's local repository.


1 Answers

You need to create a HttpHost and HttpContext object with required credentials and give it to execute method.

This is a sample code where your authentication is independent of backend auth. http client of android will take care of converting it to appropriate format. Check this sample code, this is only for your reference and not to be used directly in your code. :)

This code is in your activity:

@Override
public void onResume(){
    super.onResume();
    AsyncTask<String, Void, Void> httpTask = new TestHttpThread();
    httpTask.execute("test_url","test_user","test_password");
}

Sample AsyncActivity:

private class TestHttpThread extends AsyncTask<String, Void, Void>{

    @Override
    protected Void doInBackground(String... params) {
       if(params.length > 0){
            String url = params[0];
            String username = params[1];
            String password = params[2];

            try {
                AndroidHttpClient httpClient = AndroidHttpClient.newInstance("test user agent");

                URL urlObj = new URL(url);
                HttpHost host = new HttpHost(urlObj.getHost(), urlObj.getPort(), urlObj.getProtocol());
                AuthScope scope = new AuthScope(urlObj.getHost(), urlObj.getPort());
                UsernamePasswordCredentials creds = new UsernamePasswordCredentials(username, password);

                CredentialsProvider cp = new BasicCredentialsProvider();
                cp.setCredentials(scope, creds);
                HttpContext credContext = new BasicHttpContext();
                credContext.setAttribute(ClientContext.CREDS_PROVIDER, cp);

                HttpGet job = new HttpGet(url);
                HttpResponse response = httpClient.execute(host,job,credContext);
                StatusLine status = response.getStatusLine();
                Log.d(TestActivity.TEST_TAG, status.toString());
                httpClient.close();
            }
            catch(Exception e){
                e.printStackTrace();
            }

        }
        return null;
    }
}
like image 144
Naresh Avatar answered Oct 05 '22 13:10

Naresh