0

I'm trying to connect, as the question suggests, an Android device to a Digest secured server with websockets but I keep getting 401 Unauthorized returns.

I have managed to POST and GET to the same server using apache.http (which supports Digest) and can continue to send these basic commands by returning the cookies received during the initial request but these same cookies don't work when I send them with the websocket handshake.

I've sniffed the packets and can see that, as expected, even the successful connection starts with a 401 from which the apache library extracts the necessary information and resends an Authorization header with all the Digest hashes etc. This returns a new, approved response with the cookies that I'm grabbing and storing for future use.

My assumption is that in the change from an http:// address to a ws:// address I need to reauthenticate but I haven't found an android websocket library that supports authentication and those that i have found and tested don't let me see the server's 401 response (again, seen that it exists by sniffing the packets between the two and it contains all the information I need to generate a new Digest response even if that means writing it myself).

Any help/suggestions would be gratefully appreciated.

Relevant but unsuccessful questions I still have open:

Open WebSocket connection with authentication cookie

Websockets and cookies in Android

Tested Libraries:

Autobahn

AndroidAsync

Java-Websocket (Currently pushing on with this)

Community
  • 1
  • 1
Seb Andraos
  • 357
  • 3
  • 15
  • [Netty](http://netty.io/) has both an HTTP Digest handler and a WebSocket handler. The library does work fine on Android, but I found it to be rather too heavy for my needs last time. I'm not sure if the Digest module plays well with the WebSocket, but even if it doesn't their modular design should make it relatively painless for you to shim in support for this. – Saran Tunyasuvunakool Mar 04 '15 at 21:48
  • Thanks Saran, I'm currently playing with AssyncHttpClient which implements Netty by default but am having issues authorising the websocket. I can make HTTP requests with no problem but some element either isn't receiving the 401 or is ignoring it (I fear the latter because I can see an acknowledge packet ping back from android in response). I'll try and handle the authorization myself when I get the 401 but I feel this is getting rather hacky and d.i.y. – Seb Andraos Mar 06 '15 at 22:44
  • Netty allows you to set up a stack of inbound/outbound handlers. I'd imagine that you could put a Digest authenticator in front of everything else so that all HTTP-based traffic must go through first... – Saran Tunyasuvunakool Mar 07 '15 at 12:11

0 Answers0