Is there any solid way to deal with Windows integrated (NTLM) authentication from an android app?

Question

As the title states, we're looking for a way to access a .NET 3.5 Web service that is behind a Windows integrated (NTLM) authentication.

We've searched the internets and this forum this entire week, and we've yet to find a solution to this problem.

We've tried, DefaultHttpConnections, different variations of HttpPost, HttpGet etc.

However we try to authenticate ourselves we run into these:

    SSLHandshakeException

or

   Authentication scheme ntlm not supported
   Authentication error: Unable to respond to any of these challenges: 
   ntlm=WWW-Authenticate: NTLM, negotiate=WWW-Authenticate: Negotiate

The IIS authentication is set as follows:

The page we're trying to access is an .aspx in a subfolder to the default site, and we dont have previliges and neither is it safe to change the authentication to the default site.

I know many others out there in the internets has similar problems.

And also, the app we're developing is not supposed to use web-views.

Any constructive pointers about how to solve this will be highly appreciated. Thanks in advance.

---

---

---

UPDATE: We have now changed the service to perform both basic and ntlm authentication.

When we run the code below to a localhost test-server we get the proper response, the localhost does not have any sort of authentication mechanism. The response as follows:

<soap:Body>
<FooResponse xmlns="uri:FlexAPI">
<FooResult>
<typeFooBar>
<FooNumber>4545</FooNumber>
<BarNumber>1</BarNumber>
</typeFooBar>
</FooResult>
</FooResponse>
</soap:Body>

However, When we run the code below on our authenticated server we get this.

org.xmlpull.v1.XmlPullParserException: expected: START_TAG {http://schemas.xmlsoap.org/soap/envelope/}Envelope (position:START_TAG @2:44 in java.io.InputStreamReader@4054b398)

        SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);



        request.addProperty("Foo", Bar.getText().toString());
        request.addProperty("Foo", Bar.getText().toString());
        request.addProperty("Foo", Bar() );
        request.addProperty("Foo", Bar.getText().toString());



        SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);


        envelope.dotNet = true;
        envelope.setOutputSoapObject(request);

        envelope.encodingStyle = "utf-8";
        envelope.implicitTypes = false;

        String myUrlz= "http://" + myUrl.getText().toString() +"/Foo/Bar.asmx"; 



        HttpTransportBasicAuth auth = new HttpTransportBasicAuth(myUrlz, "Foo", "Bar");

        auth.debug = true;

---

try
{

auth.call(SOAP_ACTION, envelope); // Fails on this line. 
System.out.println("Dump" + auth.responseDump);


// all the other stuff.....


}
catch (FooException Bar)
{

                // ¯\_(ツ)_/¯

}

So basically, we're recieveing html response instead of xml when accessing the protected service. And yes, the localhost service and the sharp service are exactly the same except for the authentication part.

Answer 1

The short answer is no, there is no out-of-the-box method for NTLM on android.

The long answer is that there have been successful attempts in hacking together your own solution using the Apache HttpClient. See the following links:

http://danhounshell.com/blog/android-using-ntlm-authentication-with-httpclient/ http://mrrask.wordpress.com/2009/08/21/android-authenticating-via-ntlm/