NTLM a suite of Microsoft security protocol and is successor to the authentication protocol in Microsoft LAN Manager. It is used for the authentication and negotiation of secure DCE purpose. Being an android development company, we help you guide through
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Android NTLM Authentication
1. NTLM Authentication in Android
With the increasing usage of smart phone in our daily life, this usage is getting more quantitative
as well as qualitative by each passing day. It started with basic telephony then gaming and now it
has graduated to Apps which helps in managing and exchanging important data like mails,
financial details, payrolls and many more. Such heavy exchanges from or to the outer world is
done by interacting with different server through legacy communication protocols and that
involves different types of authentication handshakes.
Recently we came across a requirement of communicating to a server which is using NTLM
authentication protocol. Now some of you would think “What is NTLM” so here is the answer::
NTLM is a suite of Microsoft security protocol and is successor to the authentication protocol in
Microsoft LAN Manager. It is used for the authentication and negotiation of secure DCE purpose.
NTLM Security Service Provider (NTLMSSP) implements some core operations and these are::
1) Authentication :: Clients would be able to prove their respective identities
2) Signing :: It provides digital “signature” security.
3) Sealing :: It keeps the data confidential by providing symmetric-Key encryption.
More about NTLM and its authentication mechanism can be read in details at
http://www.innovation.ch/personal/ronald/ntlm.html
http://davenport.sourceforge.net/ntlm.html#whatIsNtlm
Here is the solution for successfully authenticating and communicating with a server using NTLM
authentication protocol:
Step 1: We need to have the JCIF library.
JCIFS can be downloaded from: http://jcifs.samba.org/
Step 2: Create a class which is the AuthSchemeFactory interface:
public class NTLMSchemeFactory implements AuthSchemeFactory
{
public AuthScheme newInstance(HttpParams params)
{
return new NTLMScheme(new JCIFSEngine());
}
}
Step 3: Create a class for acting as a NTLM engine interface, which does all the type message
validation and verification.
public class JCIFSEngine implements NTLMEngine
{
private static final int TYPE_1_FLAGS =
NtlmFlags.NTLMSSP_NEGOTIATE_56 |
NtlmFlags.NTLMSSP_NEGOTIATE_128 |
NtlmFlags.NTLMSSP_NEGOTIATE_NTLM2 |
NtlmFlags.NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NtlmFlags.NTLMSSP_REQUEST_TARGET;
public String generateType1Msg(String domain, String workstation) throws
NTLMEngineException
2. {
final Type1Message type1Message = new Type1Message(TYPE_1_FLAGS, domain,
workstation);
return Base64.encode(type1Message.toByteArray());
}
public String generateType3Msg(String username, String password,String domain, String
workstation, String challenge) throws NTLMEngineException
{
Type2Message type2Message;
try
{
type2Message = new Type2Message(Base64.decode(challenge));
}
catch (final IOException exception)
{
throw new NTLMEngineException("Error in type2 message", exception);
}
final int type2Flags = type2Message.getFlags();
final int type3Flags = type2Flags & (0xffffffff ^
(NtlmFlags.NTLMSSP_TARGET_TYPE_DOMAIN | NtlmFlags.NTLMSSP_TARGET_TYPE_SERVER));
final Type3Message type3Message = new Type3Message(type2Message, password, domain,
username, workstation, type3Flags);
return Base64.encode(type3Message.toByteArray());
}
}
Step 4: Register the NTLM Scheme Factory with HttpClient instance and other domain credentials
to do the handshake. It has been observed that deviceIP and domainName is not required on a
mandatory basis. These can be set as null also.
String webserviceUrl = "<Your server url>"; // url of the web service.
String webserviceIP = "<server IP>"; // IP of the server.
String username = “<domain username>”; // Domain username
String password = “<domain password>”; // Domain password
String deviceIP = “<device ip address>”; // Device IP
String domainName = "<Your domain name>"; // Domain name
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory());
httpclient.getCredentialsProvider().setCredentials(new AuthScope(webserviceIP, -1), new
NTCredentials(username, password, deviceIP, domainName));
HttpGet httpGet = new HttpGet(webserviceUrl);
httpGet.getParams().setBooleanParameter(CoreProtocolPNames.USE_EXPECT_CONTINUE, false);
HttpResponse response = httpclient.execute(httpGet);
String responseXML = EntityUtils.toString(response.getEntity());
NB: to get the IP address of the device, use the following method: