Authentication error: Unable to respond to any of these challenges: {} Android - 401 Unauthorized

Question

Authentication error: Unable to respond to any of these challenges: {} Android - 401 Unauthorized

I have taken reference from this link Authentication Error when usi

Answer 1

You might try to check: How to do http post using apache httpclient with web authentication?

It uses a HttpInterceptor to inject the authentication data, when required

Answer 2

I was running into the same "DefaultRequestDirector: Authentication error: Unable to respond to any of these challenges: {}" problem with Drupal services using the loopj android-async-http library (highly recommend it).

The key to the solution for me was in Jose L Ugia's comment in one of the answers regarding paying special attention to the JSON output from Drupal. I was trying to catch a JSONObject but the real message was in array format "["Wrong username or password."]". Switching to JSONArray caught the error properly and allowed me to handle it. In your case I believe it is because you are not posting the login credentials as drupal services expects it.

You should remember with Drupal Services you should do system/connect and grab the session, followed by user/login (and the user/password passed in as parameters) and grab the session and then all your subsequent requests should work. This is why I like using the loopj library because it makes all these requests more manageable. Here is a very basic example of connecting to drupal with loopj. All subsequent posts are easily done using the params.

public class Loopj {
  private static final String TAG = "loopj";

  private static AsyncHttpClient client = new AsyncHttpClient();
  private final PersistentCookieStore myCookieStore;


  public Loopj(Context context) {
    myCookieStore = new PersistentCookieStore(context);
    client.setCookieStore(myCookieStore);
    client.addHeader("Content-type", "application/json");
  }


  public void systemConnect(String uri) throws JSONException {
    client.post(uri + "/endpoint/system/connect", new JsonHttpResponseHandler() {
      @Override
      public void onSuccess(JSONObject json) {
        Log.i("TAG", "Connect success =" + json.toString());
      }

      @Override
      public void onFailure(Throwable e, String response) {
        Log.e("TAG", "Connect failure");
      }
    });
  }

  public void userLogin(String uri) throws JSONException {
    RequestParams params = new RequestParams();
    params.put("username", username);
    params.put("password", password);
    client.post(uri + "/endpoint/user/login", params, new JsonHttpResponseHandler() {
      @Override
      public void onSuccess(JSONArray response) {
        Log.i("TAG", "Login success =" + response.toString());
      }

      @Override
      public void onFailure(Throwable e, JSONArray json) {
        Log.e("TAG", "Login failure");
      }
    });
  }

Answer 3

I'd suggest to test first the PHP side out the app. There are several ways to make your own calls including headers and auth. From curl to GraphicalHttpClient (http://itunes.apple.com/us/app/graphicalhttpclient/id433095876?mt=12 , I personally use that and it works decently). There some other options like REST client debugger (https://addons.mozilla.org/en-US/firefox/addon/restclient/)

This way you'll be able to test your call in so many ways which is pain doing directly in the client (sometimes it's just changing from http to https or adding the type of your token in the Authorization header and that's much easier to be madeo n the fly).

Once everything works as expected, reproduce the same call, headers and body in your client and you are ready to go.

Answer 4

How come it works from the PhoneGap but not Java. PhoneGap runs the app in a web container and so already has been authenticated - and you have all the right cookies. AJAX will share the same session that and everything 'just works'.

However HTTPClient is a completely different - you are initiating a brand new HTTP session and everything has to be right.

A few comments on how HTTP Auth works:

There are several HTTP authentication methods - and it's the web server that chooses which. Before going any further, check your Drupal configuration to work out whether it is:

• Basic Auth (username and password). Everyone and their dog supports this, but it's very insecure. See http://en.wikipedia.org/wiki/Basic_access_authentication for more details
• Digest (username and challenge/response hash with MD5. This is more secure but much more complex. Note that MD5 is generally considered weak now. Many libraries support it, including Apache. See http://en.wikipedia.org/wiki/Digest_access_authentication for more details
• NTLM (a variant of Kerberos/SPEGNO) which is implemented on IIS. This is not generally supported from Java, although HTTPClient does profess to - but using a different Credentials object. See http://hc.apache.org/httpclient-3.x/authentication.html#NTLM

(Note also that the web container has the 'smarts' to be able to try different authentication methods as requested by the server, all behind the scenes)

Also check the Drupal web logs. A few pointers:

• Did you see the HTTPClient connect at all. And is the URL going to the correct resource. Always worth checking from the server's perspective...
• Did it go to the right server? One example of what could go wrong: Are you using IP addresses in the URL against a multi-homed web server, so the request goes to the wrong server?
• Check that the authentication sent by the client pre-emptively is the correct type (basic, digest, NTLM)

Let me know if this helps. If not, and you can give more details as per this post, I can follow up with more advice.