This week's book giveaway is in the Android forum.
We're giving away four copies of Head First Android and have Dawn & David Griffiths on-line!
See this thread for details.
The moose likes Servlets and the fly likes NTLM Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "NTLM Authentication" Watch "NTLM Authentication" New topic
Author

NTLM Authentication

Pankaj Bagul
Greenhorn

Joined: Dec 27, 2007
Posts: 7
Hi,

I have to authenticate a windows user with his windows XP loginId and to log him directly in my application which is running in a local intranet.
so that the user need not make a seperate loginId/password. Instead, he can use the same windows loginId.


i tried with the following code:


String auth = httpRequest.getHeader("Authorization");

if (auth == null)
{
httpResponse.setStatus(httpResponse.SC_UNAUTHORIZED);
httpResponse.setHeader("WWW-Authenticate", "NTLM");
httpResponse.flushBuffer();

return;
}
if (auth.startsWith("NTLM "))
{
byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
if (msg[8] == 1)
{
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P',
z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z,
(byte)1, (byte)130, z, z,z, (byte)2, (byte)2,
(byte)2, z, z, z, z, z, z, z, z, z, z, z, z};
httpResponse.setHeader("WWW-Authenticate", "NTLM " +
new sun.misc.BASE64Encoder().encodeBuffer(msg1));
httpResponse.sendError(httpResponse.SC_UNAUTHORIZED);


return;
}
else if (msg[8] == 3)
{
off = 30;

length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+18];
String remoteHost = new String(msg, offset, length);

length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
String domain = new String(msg, offset, length);

length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
String username = new String(msg, offset, length);

--------------------------------------------------------

What happens is that it takes the windows loginId but it doesnot authenticates it.

when i run my application it popups a login window in which i enter my windows loginId/password.

What is wrong here is, if i enter a wrong loginId/password still it logs him which should not happen.
It should authenticate only valid users.

If anybody knows the solution please help me out or still i need to do some more configuration settings or should i use some different code?

Please help me out solving this problem.I am really strucked.

Any help would be highly appreciated.
thanks in advance

Pankaj
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: NTLM Authentication
 
It's not a secret anymore!