有没有坚实的方式来处理与Windows集成(NTLM)从一个Android应用程序的认证? [英] Is there any solid way to deal with Windows integrated (NTLM) authentication from an android app?
问题描述
正如标题状态,我们正在寻找一种方式来访问.NET 3.5的Web服务,它的背后是一个Windows集成(NTLM)身份验证。
As the title states, we're looking for a way to access a .NET 3.5 Web service that is behind a Windows integrated (NTLM) authentication.
我们这整个星期搜查了互联网和这个论坛上,我们还没有找到一个解决这个问题。
We've searched the internets and this forum this entire week, and we've yet to find a solution to this problem.
我们已经尽力了,DefaultHttpConnections,HttpPost,HTTPGET不同的变化等。
We've tried, DefaultHttpConnections, different variations of HttpPost, HttpGet etc.
不过,我们试图验证自己再碰上这些:
However we try to authenticate ourselves we run into these:
SSLHandshakeException
或
Authentication scheme ntlm not supported
Authentication error: Unable to respond to any of these challenges:
ntlm=WWW-Authenticate: NTLM, negotiate=WWW-Authenticate: Negotiate
IIS身份验证设置如下:
The IIS authentication is set as follows:
我们试图访问的页面是一个子文件夹的默认站点一个.aspx,和我们没有previliges也不是安全的身份验证更改为默认的站点。
The page we're trying to access is an .aspx in a subfolder to the default site, and we dont have previliges and neither is it safe to change the authentication to the default site.
我知道很多人赫然出现在互联网络也有类似的问题。
I know many others out there in the internets has similar problems.
而且,我们正在开发的应用程序不应该使用网观点。
And also, the app we're developing is not supposed to use web-views.
有关如何解决这个问题将是非常美联社preciated任何建设性的指针。提前致谢。
Any constructive pointers about how to solve this will be highly appreciated. Thanks in advance.
更新::我们现在已经改变了服务执行基本和NTLM身份验证。
UPDATE: We have now changed the service to perform both basic and ntlm authentication.
当我们运行下面到本地主机测试服务器,我们获得正确的响应code,本地主机没有任何形式的认证机制。响应如下:
When we run the code below to a localhost test-server we get the proper response, the localhost does not have any sort of authentication mechanism. The response as follows:
<soap:Body>
<FooResponse xmlns="uri:FlexAPI">
<FooResult>
<typeFooBar>
<FooNumber>4545</FooNumber>
<BarNumber>1</BarNumber>
</typeFooBar>
</FooResult>
</FooResponse>
</soap:Body>
然而,当我们我们的认证服务器上运行的code以下,我们得到这一点。
However, When we run the code below on our authenticated server we get this.
org.xmlpull.v1.XmlPullParserException:预期: START_TAG {http://schemas.xmlsoap.org/soap/envelope/}Envelope (位置:START_TAG @ 2:44 java.io.InputStreamReader@4054b398)
org.xmlpull.v1.XmlPullParserException: expected: START_TAG {http://schemas.xmlsoap.org/soap/envelope/}Envelope (position:START_TAG @2:44 in java.io.InputStreamReader@4054b398)
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
request.addProperty("Foo", Bar.getText().toString());
request.addProperty("Foo", Bar.getText().toString());
request.addProperty("Foo", Bar() );
request.addProperty("Foo", Bar.getText().toString());
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
envelope.dotNet = true;
envelope.setOutputSoapObject(request);
envelope.encodingStyle = "utf-8";
envelope.implicitTypes = false;
String myUrlz= "http://" + myUrl.getText().toString() +"/Foo/Bar.asmx";
HttpTransportBasicAuth auth = new HttpTransportBasicAuth(myUrlz, "Foo", "Bar");
auth.debug = true;
try
{
auth.call(SOAP_ACTION, envelope); // Fails on this line.
System.out.println("Dump" + auth.responseDump);
// all the other stuff.....
}
catch (FooException Bar)
{
// ¯\_(ツ)_/¯
}
因此,基本上,我们要访问受保护的服务时recieveing XML的HTML响应代替。是的,本地主机服务和尖锐的服务是除了验证部分完全一样。
So basically, we're recieveing html response instead of xml when accessing the protected service. And yes, the localhost service and the sharp service are exactly the same except for the authentication part.
推荐答案
简短的答案是否定的,有出的现成的没有方法NTLM在Android上。
The short answer is no, there is no out-of-the-box method for NTLM on android.
长的答复是,有黑客攻击一起使用Apache的HttpClient自己的解决方案获得了成功的尝试。请访问以下链接:
The long answer is that there have been successful attempts in hacking together your own solution using the Apache HttpClient. See the following links:
http://danhounshell.com/blog/android-using -ntlm认证与 - HttpClient的/ HTTP://mrrask.word$p$ pss.com/2009/08/21/android-authenticating-via-ntlm/
这篇关于有没有坚实的方式来处理与Windows集成(NTLM)从一个Android应用程序的认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
