As the title states, we're looking for a way to access a .NET 3.5 Web service that is behind a Windows integrated (NTLM) authentication.
We've searched the internets and this forum this entire week, and we've yet to find a solution to this problem.
We've tried, DefaultHttpConnections, different variations of HttpPost, HttpGet etc.
However we try to authenticate ourselves we run into these:
SSLHandshakeException
or
Authentication scheme ntlm not supported
Authentication error: Unable to respond to any of these challenges:
ntlm=WWW-Authenticate: NTLM, negotiate=WWW-Authenticate: Negotiate
The IIS authentication is set as follows:
The page we're trying to access is an .aspx in a subfolder to the default site, and we dont have previliges and neither is it safe to change the authentication to the default site.
I know many others out there in the internets has similar problems.
And also, the app we're developing is not supposed to use web-views.
Any constructive pointers about how to solve this will be highly appreciated. Thanks in advance.
UPDATE: We have now changed the service to perform both basic and ntlm authentication.
When we run the code below to a localhost test-server we get the proper response, the localhost does not have any sort of authentication mechanism. The response as follows:
<soap:Body>
<FooResponse xmlns="uri:FlexAPI">
<FooResult>
<typeFooBar>
<FooNumber>4545</FooNumber>
<BarNumber>1</BarNumber>
</typeFooBar>
</FooResult>
</FooResponse>
</soap:Body>
However, When we run the code below on our authenticated server we get this.
org.xmlpull.v1.XmlPullParserException: expected: START_TAG {http://schemas.xmlsoap.org/soap/envelope/}Envelope (position:START_TAG @2:44 in java.io.InputStreamReader@4054b398)
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
request.addProperty("Foo", Bar.getText().toString());
request.addProperty("Foo", Bar.getText().toString());
request.addProperty("Foo", Bar() );
request.addProperty("Foo", Bar.getText().toString());
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
envelope.dotNet = true;
envelope.setOutputSoapObject(request);
envelope.encodingStyle = "utf-8";
envelope.implicitTypes = false;
String myUrlz= "http://" + myUrl.getText().toString() +"/Foo/Bar.asmx";
HttpTransportBasicAuth auth = new HttpTransportBasicAuth(myUrlz, "Foo", "Bar");
auth.debug = true;
try
{
auth.call(SOAP_ACTION, envelope); // Fails on this line.
System.out.println("Dump" + auth.responseDump);
// all the other stuff.....
}
catch (FooException Bar)
{
// ¯\_(ツ)_/¯
}
So basically, we're recieveing html response instead of xml when accessing the protected service. And yes, the localhost service and the sharp service are exactly the same except for the authentication part.
NTLM (New technology LAN Manager) is a proprietary Microsoft authentication protocol.
NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks.
The short answer is no, there is no out-of-the-box method for NTLM on android.
The long answer is that there have been successful attempts in hacking together your own solution using the Apache HttpClient. See the following links:
http://danhounshell.com/blog/android-using-ntlm-authentication-with-httpclient/ http://mrrask.wordpress.com/2009/08/21/android-authenticating-via-ntlm/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With