I am creating an Android app where I am authenticating username/password through a server.Initially server was implementing Basic
authentication so my code was working fine but now server has changed to Digest
authentication so my old code is not working.
What changes should do make for using Digest
authentication?
My code is as follows:
private boolean authenticateUser()
{
try
{
String url_str = "http://serverweb.com/checkauthentication.php";
HttpPost post = new HttpPost(url_str);
Log.v("AUTHENTICATION URL = ", url_str);
post.addHeader("Authorization","Basic "+getCredentials());
ResponseHandler<String> responseHandler=new BasicResponseHandler();
String response_body = client.execute(post, responseHandler);
Log.v("SERVER RESPONSE DATA = ", response_body);
XMLDataParser.parseXML(XMLDataParser.USER_INFORMATION_PARSER_CODE, response_body);
List<Cookie> cookies = client.getCookieStore().getCookies();
if (!cookies.isEmpty())
{
for (int i = 0; i < cookies.size(); i++)
{
XMLData.cookie = cookies.get(i);
}
}
return true;
}
catch (MalformedURLException mue)
{
Log.i("MalformedURLException", " "+mue.getMessage());
displayDialog("User Does Not exist");
return false;
}
catch (IOException ioe)
{
Log.i("IOException", " "+ioe.getMessage());
displayDialog("User Does Not exist");
return false;
}
catch (Exception e)
{
Log.i("Exception", " "+e.getMessage());
displayDialog("Error");
return false;
}
}
private String getCredentials()
{
String u=edit_username.getText().toString();
String p=edit_password.getText().toString();
Log.v("USER NAME = ",u);
Log.v("PASSWORD = ",p);
return(Base64.encodeBytes((u+":"+p).getBytes()));
}
In Control Panel, click Programs and Features, and then click Turn Windows features on or off. Expand Internet Information Services, expand World Wide Web Services, expand Security, and then select Digest Authentication. Click OK.
Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller. The domain controller sends a special key, called a digest session key, to the server that received the original request.
Digest Authentication communicates credentials in an encrypted form by applying a hash function to: the username, the password, a server supplied nonce value, the HTTP method and the requested URI. Whereas Basic Authentication uses non-encrypted base64 encoding.
When an HTTP Digest Authentication filter is configured, API Gateway requests the client to present a user name and password digest as part of the HTTP digest challenge-response mechanism. API Gateway can then authenticate this user against a user profile stored in the API Gateway's local repository.
You need to create a HttpHost
and HttpContext
object with required credentials and give it to execute method.
This is a sample code where your authentication is independent of backend auth. http client of android will take care of converting it to appropriate format. Check this sample code, this is only for your reference and not to be used directly in your code. :)
This code is in your activity:
@Override
public void onResume(){
super.onResume();
AsyncTask<String, Void, Void> httpTask = new TestHttpThread();
httpTask.execute("test_url","test_user","test_password");
}
Sample AsyncActivity
:
private class TestHttpThread extends AsyncTask<String, Void, Void>{
@Override
protected Void doInBackground(String... params) {
if(params.length > 0){
String url = params[0];
String username = params[1];
String password = params[2];
try {
AndroidHttpClient httpClient = AndroidHttpClient.newInstance("test user agent");
URL urlObj = new URL(url);
HttpHost host = new HttpHost(urlObj.getHost(), urlObj.getPort(), urlObj.getProtocol());
AuthScope scope = new AuthScope(urlObj.getHost(), urlObj.getPort());
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(username, password);
CredentialsProvider cp = new BasicCredentialsProvider();
cp.setCredentials(scope, creds);
HttpContext credContext = new BasicHttpContext();
credContext.setAttribute(ClientContext.CREDS_PROVIDER, cp);
HttpGet job = new HttpGet(url);
HttpResponse response = httpClient.execute(host,job,credContext);
StatusLine status = response.getStatusLine();
Log.d(TestActivity.TEST_TAG, status.toString());
httpClient.close();
}
catch(Exception e){
e.printStackTrace();
}
}
return null;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With