2

Looking for a pointer on how to get HttpClient (httpclient 4.3.6) to Authenticate the current user to IIS REST service.

I can connect no problem using UrlConnection as it seems to handle the WWW-Authentication protocol out of the box.

I have moved to HttpClient to leverage the multi-part POST/PUT (FileEntity) and I have discovered that the HttpClient does not handle the WWW-Authentication, it simply fails with a 401 which is the first part of the process.

I have found some examples out there that present NTLM credentials etc... but I don't want to capture credentials, I want to execute the request using the current windows identity.

Is there some code or an API out there that I can use to manage this on my behalf? I don't want to capture user name and password, I just want to present the current user credentials. Do I need to use a 3rd party library like SPNEGO?

Many thanks in advance

Nicholas
  • 572
  • 6
  • 17

1 Answers1

2

You might want to try out HttpClient 4.4 (to be released as GA soon). It supports native Windows Negotiate, Kerberos and NTLM via SSPI through JNA when running on Windows OS. Please note this feature is still considered experimental. Your mileage may vary.

http://hc.apache.org/httpcomponents-client-4.4.x/httpclient-win/examples/org/apache/http/examples/client/win/ClientWinAuth.java

ok2c
  • 26,450
  • 5
  • 63
  • 71
  • Thanks! This works well! I had to include the JNA libraries and it all worked fine. I also got the proxy and trust store sorted so it works with Fiddler. I'll post my code as it may be helpful to other newbes like me. :-) – Nicholas Jan 23 '15 at 03:24
  • is there anyway for me to prevent sending the body of the initial request? I am uploading a file and it happens twice. – Nicholas Jan 23 '15 at 06:32
  • @Nicholas: try enabling 'expect: continue' handshake. Alternatively you might want to issue a GET or a HEAD against the server to force authentication with a cheap method. – ok2c Jan 23 '15 at 11:40
  • Yes, I tried both. Expect : "100-continue" caused an invalid response from SharePoint, maybe a Microsoft issue? Strangely though the setting works when I am connected via a Fiddler proxy. I issued a GET prior using the same HttpClient (but with a HttpGet and different REST URL) but it didn't keep the session, is there something else that I need to set to retain the session? Or can I just fetch the "Authorization" header? (not sure if that is possible) Thank you again! – Nicholas Jan 23 '15 at 12:07
  • @Nicholas: 'Expect: continue' problems with MS software is a known issue. When using a GET to force authorization name sure to use the same HttpContext. For details see: http://hc.apache.org/httpcomponents-client-4.3.x/tutorial/html/advanced.html#stateful_conn – ok2c Jan 23 '15 at 12:53
  • That worked a treat! You have saved me a whole load of time, thank you for your help. I used the HttpClientContext for the small GET request and then reused the authentication principal. :-) Wish I could up vote your comments! – Nicholas Jan 23 '15 at 13:39