HTTP Basic Authentication issue on Android Jelly Bean 4.1 using HttpURLConnection

Asked 27/1, 2013 at 17:38 Answered 9/4, 2013 at 4:34

Solved android authentication basic-authentication httpurlconnection android-4.2-jelly-bean

We are making HttpURLConnection based request to the Web server using HTTP Basic Authentication. Code works great on Android versions 2.x, 3.x., 4.0.x Now with Jelly Bean and v4.1.x authentication fails with the following messages in the LogCat:

01-27 10:54:18.886: ...::doReadRawData(731): An exception occured while reading data from remote host. httpURLConn.responseCode = 401 / httpURLConn.responseMessage = UNAUTHORIZED
01-27 10:54:18.886: ...::doReadRawData(731): java.io.IOException: No authentication challenges found

The Authentication code we using for HttpURLConnection as in the Android documentation:

private void doAuthorize() {
        Authenticator.setDefault(new Authenticator() {
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication(USER, PASSWORD.toCharArray());
            }
        });
    }

Upon further investigation and troubleshooting we found out that this code is not being called in 4.1 Jelly Bean!

What are the workarounds or proper ways for basic authentication in Android Jelly Bean 4.1?

Someone found different in the Android source code in this related topic, I think issue we having is related to that difference: HttpURLConnection worked fine in Android 2.x but NOT in 4.1: No authentication challenges found

Sawbuck answered 27/1, 2013 at 17:38 Comment(0)

We were able to solve Jelly Bean not calling getPasswordAuthentication() of the Authenticator via the following new method:

@TargetApi(Build.VERSION_CODES.FROYO) 
private void setJellyBeanAuth(HttpURLConnection httpConn) {
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
        byte[] auth = (USER + ":" + PASSWORD).getBytes();
        String basic = Base64.encodeToString(auth, Base64.NO_WRAP);
        httpConn.setRequestProperty("Authorization", "Basic " + basic);
    }
}

Then just call this function after opening the connection:

httpURLConn = (HttpURLConnection) url.openConnection();
setJellyBeanAuth(httpURLConn);

The @TargetApi for Froyo annotation is only necessary since we are still supporting API 7 while Base64 was added in API 8

Suppletory answered 27/1, 2013 at 19:49 Comment(1)

This header trick doesn't work for me when i'm trying to do a multipart – Briarwood 28/5, 2013 at 8:55

For a 401 UNAUTHORIZED response with Android's httpURLConnection your server must send back a authenticate header like this...
WWW-Authenticate: Bogus realm="blahblah", comment="use form to log in"
as per
https://www.rfc-editor.org/rfc/rfc2616 search "10.4.2 401 Unauthorized"

Jinx answered 9/4, 2013 at 4:34 Comment(1)

This is the true solution. The Android HttpURLConnectionImpl rely on the server to provide a way for the client to authenticate. – Dimerous 12/8, 2013 at 19:2

Recommended topics

Hot tags