As a part of the Android project I just started, I need to access a service secured by NTLM. On Windows Mobile this is handled automatically by WebClient. For iPhone I had to make the move from the more modern and high level UrlConnection / UrlRequest API to the old school non object oriented C style CFNetwork API. Android turns out to be a bit of the same story as with the iPhone. I started out with HttpURLConnection, only to disappointed again and redirected to the Apache HttpClient. But unlike CFNetwork on iPhone, HttpClient actually does not support NTLM “out of the box”…
According to the Apache Http Components documentation, this is due to two concerns; Microsoft only just made public the specification for NTLM in February 2008 and for whatever reason it is still not clear whether parts of the protocol are protected by patents. Secondly JCIFS is licensed under the Lesser General Public License and so is not necessarily compatible with the Apache License.
So instead of providing an actual implementation, we get a set of interfaces for clients to provide this functionality them self’s:
org.apache.http.auth.AuthScheme;
org.apache.http.auth.AuthSchemeFactory;
org.apache.http.impl.auth.NTLMScheme;
org.apache.http.impl.auth.NTLMEngine;
org.apache.http.impl.auth.NTLMEngineException;
So how do these classes go together? The HttpClient needs an AuthScemeFactory that will return the AuthScheme descendant NTLMScheme. NTLMScheme requires an implementation of the NTLMEngine interface to operate on. The JCIFS library has functionality for creating type 1 2 & 3 NTLM messages making it a perfect candidate for implementing the NTLMEngine.
Source for the factory and engine and the code for registering the factory with HttpClient is here: http://hc.apache.org/httpcomponents-client/ntlm.html
JCIFS can be had here: http://jcifs.samba.org/
I just imported the JCIFS library, straight copy-pasted the example code and haven’t looked back since.
Update: I just stumbled upon this page: http://jcifs.samba.org/src/docs/httpclient.html describing how the JCIFS NTLM implementation can be applied to HttpURLConnection – I haven’t tested it, so I don’t know if it will work with Android..
Update 2:
One detail i forgot: to start with i kept getting “Bad Request (Invalid Verb)”. It turned out that this is due to HttpClient sending EXPECT_CONTINUE as standard. This line disables that:
httpPost.getParams().setBooleanParameter(CoreProtocolPNames.USE_EXPECT_CONTINUE, false);
Tags: Android, Authentication, AuthScheme, AuthSchemeFactory, CFNetwork, HttpClient, HttpPost, HttpURLConnection, JCIFS, NTLMEngine, NTLMScheme, NTML, UrlConnection
Monsieur Rask 
September 2, 2009 at 2:48 pm |
I like how this sounds, but I don’t like my chances of being able to implement it. I’m a MyTouch (HTC Magic) user with no skillz. 🙂
If you can point me in an ‘Android and NTLM for Dummies’ direction that would help me login to SharePoint sites it would be most appreciated.
September 7, 2009 at 9:28 am |
If you have “no skillz” i wonder how are you going to fair with the ugliness that is the CAML format spit by SharePoint Services ? 🙂
More to the point: Visit the links and give it a try. It’s realy not that hard.
April 22, 2010 at 3:29 pm |
What a life saver this post was. If it wasn’t for that dang setBooleanParameter() call.
June 20, 2010 at 7:49 pm |
Glad to hear it helped 🙂
November 9, 2011 at 4:51 pm |
NO KIDDING!!!!!!!!!!!!!!!!!!! Spent hours on this and that one line saved my life. Thank you.
September 23, 2010 at 7:16 pm |
Literally I spend hours and hours figuring out why my POST requests return ‘bad request (invalid verb)’. I owe you a big one.
THANKS FOR SHARING!!!!!!!!!!
September 23, 2010 at 9:02 pm |
Your welcome – i’m just glad it helped someone. I remember spending quite a bit of time on it my self 🙂
November 30, 2010 at 2:40 am |
[…] the TFS web service. This is where JCIFS comes into play. I managed, with the help of another blog post, to get JCIFS to correctly authenticate with the TFS web service. For the most part you can […]
December 31, 2010 at 12:38 pm |
Hi I have question, It probably will seem silly to you but I cnow how to edit those .class file and other stuff but im newbie in Java and in modifing android system and here is my question: Where I should past that JCIFS libary?
I think that in to /lib folder on my phone but it is gone using that lib automaticli when i try log to sharepoint or i need to do something else?
April 12, 2011 at 1:11 am |
Hi has anyone got this working? I have a webpage that i would like to display in my app but i cant get Auth to pass to website. Can someone please help
May 18, 2011 at 3:01 am |
I cannot get this to authenticate, permission denied on credentials I know work. I tried this also, http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm and same problem 😦
February 1, 2012 at 3:44 pm |
you can try this https://market.android.com/details?id=com.droid.cntlm
April 7, 2012 at 2:20 pm |
In Android, I am trying to fetch data from the “HTTPS” site and this site used NTLM credentials , authentication, when I connect the site (client. execute) it gives a response:
> “401 – Unauthorized: Access is denied due to invalid credentials.”
I am setting UsernamePasswordCredentials, networkcredential, but the response remain same.
I had also follow the the instruction given at [http://hc.apache.org/httpcomponents-client-ga/ntlm.html][1]
and
[http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html][2]
and also implement the same as mention on side
but the response remain same.
May 9, 2012 at 11:29 am |
this is great. thanks for sharing all your findings. saves time for others.
June 24, 2012 at 4:47 am |
[…] like I had everything setup properly, but it just wasn’t working. Then I found the blog post, Android: Authenticating via NTLM, that started me down the proper path. Ah-ha! NTLM authentication is not supported out of the box […]