Android: Authenticating via NTLM

As a part of the Android project I just started, I need to access a service secured by NTLM. On Windows Mobile this is handled automatically by WebClient. For iPhone I had to make the move from the more modern and high level UrlConnection / UrlRequest API to the old school non object oriented C style CFNetwork API. Android turns out to be a bit of the same story as with the iPhone. I started out with HttpURLConnection, only to disappointed again and redirected to the Apache HttpClient. But unlike CFNetwork on iPhone, HttpClient actually does not support NTLM “out of the box”…

According to the Apache Http Components documentation, this is due to two concerns; Microsoft only just made public the specification for NTLM in February 2008 and for whatever reason it is still not clear whether parts of the protocol are protected by patents. Secondly JCIFS is licensed under the Lesser General Public License and so is not necessarily compatible with the Apache License.

So instead of providing an actual implementation, we get a set of interfaces for clients to provide this functionality them self’s:

org.apache.http.auth.AuthScheme;
org.apache.http.auth.AuthSchemeFactory;
org.apache.http.impl.auth.NTLMScheme;
org.apache.http.impl.auth.NTLMEngine;
org.apache.http.impl.auth.NTLMEngineException;

So how do these classes go together? The HttpClient needs an AuthScemeFactory that will return the AuthScheme descendant NTLMScheme. NTLMScheme requires an implementation of the NTLMEngine interface to operate on. The JCIFS library has functionality for creating type 1 2 & 3 NTLM messages making it a perfect candidate for implementing the NTLMEngine.

Source for the factory and engine and the code for registering the factory with HttpClient is here: http://hc.apache.org/httpcomponents-client/ntlm.html

JCIFS can be had here: http://jcifs.samba.org/

I just imported the JCIFS library, straight copy-pasted the example code and haven’t looked back since.

Update: I just stumbled upon this page: http://jcifs.samba.org/src/docs/httpclient.html describing how the JCIFS NTLM implementation can be applied to HttpURLConnection – I haven’t tested it, so I don’t know if it will work with Android..

Update 2:
One detail i forgot: to start with i kept getting “Bad Request (Invalid Verb)”. It turned out that this is due to HttpClient sending EXPECT_CONTINUE as standard. This line disables that:

httpPost.getParams().setBooleanParameter(CoreProtocolPNames.USE_EXPECT_CONTINUE, false);
About these ads

Tags: , , , , , , , , , , , ,

15 Responses to “Android: Authenticating via NTLM”

  1. John Gleason Says:

    I like how this sounds, but I don’t like my chances of being able to implement it. I’m a MyTouch (HTC Magic) user with no skillz. :)

    If you can point me in an ‘Android and NTLM for Dummies’ direction that would help me login to SharePoint sites it would be most appreciated.

  2. Olav Rask Says:

    If you have “no skillz” i wonder how are you going to fair with the ugliness that is the CAML format spit by SharePoint Services ? :)

    More to the point: Visit the links and give it a try. It’s realy not that hard.

  3. Ben Monro Says:

    What a life saver this post was. If it wasn’t for that dang setBooleanParameter() call.

  4. szczepan Says:

    Literally I spend hours and hours figuring out why my POST requests return ‘bad request (invalid verb)’. I owe you a big one.

    THANKS FOR SHARING!!!!!!!!!!

  5. Inside the TFS 2010 Build Monitor for Android Says:

    [...] the TFS web service. This is where JCIFS comes into play. I managed, with the help of another blog post,  to get JCIFS to correctly authenticate with the TFS web service. For the most part you can [...]

  6. Newbie Says:

    Hi I have question, It probably will seem silly to you but I cnow how to edit those .class file and other stuff but im newbie in Java and in modifing android system and here is my question: Where I should past that JCIFS libary?
    I think that in to /lib folder on my phone but it is gone using that lib automaticli when i try log to sharepoint or i need to do something else?

  7. John Smith Says:

    Hi has anyone got this working? I have a webpage that i would like to display in my app but i cant get Auth to pass to website. Can someone please help

  8. Anthony Says:

    I cannot get this to authenticate, permission denied on credentials I know work. I tried this also, http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm and same problem :(

  9. AIS Says:

    you can try this https://market.android.com/details?id=com.droid.cntlm

  10. Chetan Bhoyar Says:

    In Android, I am trying to fetch data from the “HTTPS” site and this site used NTLM credentials , authentication, when I connect the site (client. execute) it gives a response:

    > “401 – Unauthorized: Access is denied due to invalid credentials.”

    I am setting UsernamePasswordCredentials, networkcredential, but the response remain same.

    I had also follow the the instruction given at [http://hc.apache.org/httpcomponents-client-ga/ntlm.html][1]
    and
    [http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html][2]

    and also implement the same as mention on side
    but the response remain same.

  11. Alibek Says:

    this is great. thanks for sharing all your findings. saves time for others.

  12. Using NTLM authentication with HttpClient | Addicted to Android Says:

    [...] like I had everything setup properly, but it just wasn’t working. Then I found the blog post, Android: Authenticating via NTLM, that started me down the proper path. Ah-ha! NTLM authentication is not supported out of the box [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: