>
> Hi, > > I am trying to record the script using JMeter for a web application that > has windows authentication enabled. I have setup a proxy in Firefox for > recording purposes. > > However, when I tried recording the script, "Authentication required" > message kept popping up even after I provided valid credentials. If I hit > cancel on the popup message, I see the "401 Unauthorized" message. > > Please note, it happens only during recording. I am able to successfully > login to the website when I was not recording. > > Please let me know how we can resolve this- > > > Thanks > SASTRY > |
Please verify the type of authentication in HTTP request header. In case of
NTLM authentication please follow steps as per: https://www.blazemeter.com/blog/windows-authentication-apache-jmeter On Wed, Sep 9, 2020 at 9:18 AM SAS <[hidden email]> wrote: > > > > Hi, > > > > I am trying to record the script using JMeter for a web application that > > has windows authentication enabled. I have setup a proxy in Firefox for > > recording purposes. > > > > However, when I tried recording the script, "Authentication required" > > message kept popping up even after I provided valid credentials. If I > hit > > cancel on the popup message, I see the "401 Unauthorized" message. > > > > Please note, it happens only during recording. I am able to successfully > > login to the website when I was not recording. > > > > Please let me know how we can resolve this- > > > > > > Thanks > > SASTRY > > > -- Thanks & Regards, Amit Dhumal |
I am not creating manual HTTP requests to add authentication manually.
The issue I am facing is happening during the recording process. shouldn't the tool automatically detect the authentication and pass through this step? Thanks, Sastry On Wed, Sep 9, 2020 at 1:06 AM Amit Dhumal <[hidden email]> wrote: > Please verify the type of authentication in HTTP request header. In case of > NTLM authentication please follow steps as per: > https://www.blazemeter.com/blog/windows-authentication-apache-jmeter > > On Wed, Sep 9, 2020 at 9:18 AM SAS <[hidden email]> wrote: > > > > > > > Hi, > > > > > > I am trying to record the script using JMeter for a web application > that > > > has windows authentication enabled. I have setup a proxy in Firefox > for > > > recording purposes. > > > > > > However, when I tried recording the script, "Authentication required" > > > message kept popping up even after I provided valid credentials. If I > > hit > > > cancel on the popup message, I see the "401 Unauthorized" message. > > > > > > Please note, it happens only during recording. I am able to > successfully > > > login to the website when I was not recording. > > > > > > Please let me know how we can resolve this- > > > > > > > > > Thanks > > > SASTRY > > > > > > > > -- > Thanks & Regards, > Amit Dhumal > -- Thanks SASTRY |
Am 09.09.20 um 14:58 schrieb SAS: > I am not creating manual HTTP requests to add authentication manually. > > The issue I am facing is happening during the recording process. shouldn't > the tool automatically detect the authentication and pass through this > step? JMeter acts as a proxy and doesn't care about the authentication mechanism of the website you are using. To help you here, we probably need more information on the headers, that your client sends and that the webserver is replying with. If you started your test plan (and the proxy) from the template "Recording with think time" (which I recommend), than you will find all the requests in the View Results Tree element under the HTTP(s) Test Script Recorder. Have a look at the headers and if you can, show them to us. Most interesting will be the headers that are named Authorization and WWW-Authenticate. Note, that the value of the Authorization header includes your credentials, so replace them with something safe. Also note, that JMeter will not extract your credentials from the headers. You have to insert those into the test plan by hand after the recording has finished. But I understood that this is not your problem. Felix > > Thanks, > Sastry > > On Wed, Sep 9, 2020 at 1:06 AM Amit Dhumal <[hidden email]> wrote: > >> Please verify the type of authentication in HTTP request header. In case of >> NTLM authentication please follow steps as per: >> https://www.blazemeter.com/blog/windows-authentication-apache-jmeter >> >> On Wed, Sep 9, 2020 at 9:18 AM SAS <[hidden email]> wrote: >> >>>> Hi, >>>> >>>> I am trying to record the script using JMeter for a web application >> that >>>> has windows authentication enabled. I have setup a proxy in Firefox >> for >>>> recording purposes. >>>> >>>> However, when I tried recording the script, "Authentication required" >>>> message kept popping up even after I provided valid credentials. If I >>> hit >>>> cancel on the popup message, I see the "401 Unauthorized" message. >>>> >>>> Please note, it happens only during recording. I am able to >> successfully >>>> login to the website when I was not recording. >>>> >>>> Please let me know how we can resolve this- >>>> >>>> >>>> Thanks >>>> SASTRY >>>> >> >> -- >> Thanks & Regards, >> Amit Dhumal >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
*Here are request headers: I have deleted the value of authorization for
security reasons.* Connection: close Authorization: NTLM {Deleted the value here} Accept-Language: en-US,en;q=0.5 Host: corportaluat.corp.xxxxxx.com Upgrade-Insecure-Requests: 1 Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 *Here are response headers:* <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"" http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Not Authorized</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Not Authorized</h2> <hr><p>HTTP Error 401. The requested resource requires user authentication.</p> </BODY></HTML> I am giving valid credentials and still it says, not authorized. On Wed, Sep 9, 2020 at 9:50 AM Felix Schumacher < [hidden email]> wrote: > > Am 09.09.20 um 14:58 schrieb SAS: > > I am not creating manual HTTP requests to add authentication manually. > > > > The issue I am facing is happening during the recording process. > shouldn't > > the tool automatically detect the authentication and pass through this > > step? > > JMeter acts as a proxy and doesn't care about the authentication > mechanism of the website you are using. > > To help you here, we probably need more information on the headers, that > your client sends and that the webserver is replying with. If you > started your test plan (and the proxy) from the template "Recording with > think time" (which I recommend), than you will find all the requests in > the View Results Tree element under the HTTP(s) Test Script Recorder. > > Have a look at the headers and if you can, show them to us. Most > interesting will be the headers that are named Authorization and > WWW-Authenticate. > > Note, that the value of the Authorization header includes your > credentials, so replace them with something safe. > > Also note, that JMeter will not extract your credentials from the > headers. You have to insert those into the test plan by hand after the > recording has finished. But I understood that this is not your problem. > > Felix > > > > > Thanks, > > Sastry > > > > On Wed, Sep 9, 2020 at 1:06 AM Amit Dhumal <[hidden email]> > wrote: > > > >> Please verify the type of authentication in HTTP request header. In > case of > >> NTLM authentication please follow steps as per: > >> https://www.blazemeter.com/blog/windows-authentication-apache-jmeter > >> > >> On Wed, Sep 9, 2020 at 9:18 AM SAS <[hidden email]> wrote: > >> > >>>> Hi, > >>>> > >>>> I am trying to record the script using JMeter for a web application > >> that > >>>> has windows authentication enabled. I have setup a proxy in Firefox > >> for > >>>> recording purposes. > >>>> > >>>> However, when I tried recording the script, "Authentication required" > >>>> message kept popping up even after I provided valid credentials. If I > >>> hit > >>>> cancel on the popup message, I see the "401 Unauthorized" message. > >>>> > >>>> Please note, it happens only during recording. I am able to > >> successfully > >>>> login to the website when I was not recording. > >>>> > >>>> Please let me know how we can resolve this- > >>>> > >>>> > >>>> Thanks > >>>> SASTRY > >>>> > >> > >> -- > >> Thanks & Regards, > >> Amit Dhumal > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [hidden email] > For additional commands, e-mail: [hidden email] > > -- Thanks SASTRY |
Am 09.09.20 um 16:35 schrieb SAS: > *Here are request headers: I have deleted the value of authorization for > security reasons.* > > Connection: close > Authorization: NTLM {Deleted the value here} This is good, as it shows, that the client has sent some credentials. > Accept-Language: en-US,en;q=0.5 > Host: corportaluat.corp.xxxxxx.com > Upgrade-Insecure-Requests: 1 > Accept-Encoding: gzip, deflate, br > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) > Gecko/20100101 Firefox/68.0 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > > *Here are response headers:* But the below lines are not the response headers. That was the response data. Do you have access to the server you are contacting? It might be easier to look for the headers there (or the absence). If you don't have access, or it is not possible to look at the headers there, you can try to start JMeter with the java option *-Djavax.net.debug=all* I think it will log into the console. It should print out all network traffic, that is routed through JMeter, so it might be quite a lot. Have a look for the headers there, too. Note, I haven't tried NTLM authentication together with the proxy feature. I think it should work, but I can't tell for sure. ** Felix > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"" > http://www.w3.org/TR/html4/strict.dtd"> > <HTML><HEAD><TITLE>Not Authorized</TITLE> > <META HTTP-EQUIV="Content-Type" Content="text/html; > charset=us-ascii"></HEAD> > <BODY><h2>Not Authorized</h2> > <hr><p>HTTP Error 401. The requested resource requires user > authentication.</p> > </BODY></HTML> > > I am giving valid credentials and still it says, not authorized. > > > On Wed, Sep 9, 2020 at 9:50 AM Felix Schumacher < > [hidden email]> wrote: > >> Am 09.09.20 um 14:58 schrieb SAS: >>> I am not creating manual HTTP requests to add authentication manually. >>> >>> The issue I am facing is happening during the recording process. >> shouldn't >>> the tool automatically detect the authentication and pass through this >>> step? >> JMeter acts as a proxy and doesn't care about the authentication >> mechanism of the website you are using. >> >> To help you here, we probably need more information on the headers, that >> your client sends and that the webserver is replying with. If you >> started your test plan (and the proxy) from the template "Recording with >> think time" (which I recommend), than you will find all the requests in >> the View Results Tree element under the HTTP(s) Test Script Recorder. >> >> Have a look at the headers and if you can, show them to us. Most >> interesting will be the headers that are named Authorization and >> WWW-Authenticate. >> >> Note, that the value of the Authorization header includes your >> credentials, so replace them with something safe. >> >> Also note, that JMeter will not extract your credentials from the >> headers. You have to insert those into the test plan by hand after the >> recording has finished. But I understood that this is not your problem. >> >> Felix >> >>> Thanks, >>> Sastry >>> >>> On Wed, Sep 9, 2020 at 1:06 AM Amit Dhumal <[hidden email]> >> wrote: >>>> Please verify the type of authentication in HTTP request header. In >> case of >>>> NTLM authentication please follow steps as per: >>>> https://www.blazemeter.com/blog/windows-authentication-apache-jmeter >>>> >>>> On Wed, Sep 9, 2020 at 9:18 AM SAS <[hidden email]> wrote: >>>> >>>>>> Hi, >>>>>> >>>>>> I am trying to record the script using JMeter for a web application >>>> that >>>>>> has windows authentication enabled. I have setup a proxy in Firefox >>>> for >>>>>> recording purposes. >>>>>> >>>>>> However, when I tried recording the script, "Authentication required" >>>>>> message kept popping up even after I provided valid credentials. If I >>>>> hit >>>>>> cancel on the popup message, I see the "401 Unauthorized" message. >>>>>> >>>>>> Please note, it happens only during recording. I am able to >>>> successfully >>>>>> login to the website when I was not recording. >>>>>> >>>>>> Please let me know how we can resolve this- >>>>>> >>>>>> >>>>>> Thanks >>>>>> SASTRY >>>>>> >>>> -- >>>> Thanks & Regards, >>>> Amit Dhumal >>>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [hidden email] >> For additional commands, e-mail: [hidden email] >> >> |
here are response headers:
HTTP/1.1 401 Unauthorized Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: NTLM {deleted encoded data} Date: Wed, 09 Sep 2020 18:38:29 GMT Connection: close Content-Length: 341 On Wed, Sep 9, 2020 at 12:42 PM Felix Schumacher < [hidden email]> wrote: > > Am 09.09.20 um 16:35 schrieb SAS: > > *Here are request headers: I have deleted the value of authorization for > > security reasons.* > > > > Connection: close > > Authorization: NTLM {Deleted the value here} > This is good, as it shows, that the client has sent some credentials. > > Accept-Language: en-US,en;q=0.5 > > Host: corportaluat.corp.xxxxxx.com > > Upgrade-Insecure-Requests: 1 > > Accept-Encoding: gzip, deflate, br > > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) > > Gecko/20100101 Firefox/68.0 > > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > > > > *Here are response headers:* > > But the below lines are not the response headers. That was the response > data. > > Do you have access to the server you are contacting? It might be easier > to look for the headers there (or the absence). > > If you don't have access, or it is not possible to look at the headers > there, you can try to start JMeter with the java option > *-Djavax.net.debug=all* > > I think it will log into the console. It should print out all network > traffic, that is routed through JMeter, so it might be quite a lot. Have > a look for the headers there, too. > > Note, I haven't tried NTLM authentication together with the proxy > feature. I think it should work, but I can't tell for sure. > ** > > Felix > > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"" > > http://www.w3.org/TR/html4/strict.dtd"> > > <HTML><HEAD><TITLE>Not Authorized</TITLE> > > <META HTTP-EQUIV="Content-Type" Content="text/html; > > charset=us-ascii"></HEAD> > > <BODY><h2>Not Authorized</h2> > > <hr><p>HTTP Error 401. The requested resource requires user > > authentication.</p> > > </BODY></HTML> > > > > I am giving valid credentials and still it says, not authorized. > > > > > > On Wed, Sep 9, 2020 at 9:50 AM Felix Schumacher < > > [hidden email]> wrote: > > > >> Am 09.09.20 um 14:58 schrieb SAS: > >>> I am not creating manual HTTP requests to add authentication manually. > >>> > >>> The issue I am facing is happening during the recording process. > >> shouldn't > >>> the tool automatically detect the authentication and pass through this > >>> step? > >> JMeter acts as a proxy and doesn't care about the authentication > >> mechanism of the website you are using. > >> > >> To help you here, we probably need more information on the headers, that > >> your client sends and that the webserver is replying with. If you > >> started your test plan (and the proxy) from the template "Recording with > >> think time" (which I recommend), than you will find all the requests in > >> the View Results Tree element under the HTTP(s) Test Script Recorder. > >> > >> Have a look at the headers and if you can, show them to us. Most > >> interesting will be the headers that are named Authorization and > >> WWW-Authenticate. > >> > >> Note, that the value of the Authorization header includes your > >> credentials, so replace them with something safe. > >> > >> Also note, that JMeter will not extract your credentials from the > >> headers. You have to insert those into the test plan by hand after the > >> recording has finished. But I understood that this is not your problem. > >> > >> Felix > >> > >>> Thanks, > >>> Sastry > >>> > >>> On Wed, Sep 9, 2020 at 1:06 AM Amit Dhumal <[hidden email]> > >> wrote: > >>>> Please verify the type of authentication in HTTP request header. In > >> case of > >>>> NTLM authentication please follow steps as per: > >>>> https://www.blazemeter.com/blog/windows-authentication-apache-jmeter > >>>> > >>>> On Wed, Sep 9, 2020 at 9:18 AM SAS <[hidden email]> wrote: > >>>> > >>>>>> Hi, > >>>>>> > >>>>>> I am trying to record the script using JMeter for a web application > >>>> that > >>>>>> has windows authentication enabled. I have setup a proxy in Firefox > >>>> for > >>>>>> recording purposes. > >>>>>> > >>>>>> However, when I tried recording the script, "Authentication > required" > >>>>>> message kept popping up even after I provided valid credentials. > If I > >>>>> hit > >>>>>> cancel on the popup message, I see the "401 Unauthorized" message. > >>>>>> > >>>>>> Please note, it happens only during recording. I am able to > >>>> successfully > >>>>>> login to the website when I was not recording. > >>>>>> > >>>>>> Please let me know how we can resolve this- > >>>>>> > >>>>>> > >>>>>> Thanks > >>>>>> SASTRY > >>>>>> > >>>> -- > >>>> Thanks & Regards, > >>>> Amit Dhumal > >>>> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [hidden email] > >> For additional commands, e-mail: [hidden email] > >> > >> > -- Thanks SASTRY |
Am 10.09.20 um 14:48 schrieb SAS:
Please, write to the mailing list, not to the responder directly. Well, I have no direct solution for you, as I don't know enough about your setup. But I have tried to simulate a NTLM server that is reached through JMeter as a proxy. For that I setup the test plan that I attached. It was set up with the template "Recording with think time" and I added a mirror server element to the thread group. Both the mirror server and the proxy server need to be started. The proxy will listen on port 8888 and the mirror server on port 8081. Now to simulate a NTLM authenticating server I use the features of the mirror server, where you can specify the response headers in the request headers using X-SetHeaders and X-SetResponseStatus and generated the request using curl (under linux): $ http_proxy=http://localhost:8888
curl --ntlm -u user:password -D - -H "X-SetHeaders: something:
strange|www-authenticate: Negotiate" -H "X-SetResponseStatus: 401"
localhost:8081 As you can see (besides the strange header and the munged headers), the client got the www-authenticate header and responded with an authorization header. Inside JMeter you can find the requests both in the View Results Tree and the recording controller. In the test plan JMeter should have added a HTTP authorization manager with an entry for the server. I suggest you try to setup this simple test for yourself and see, if you can find all the requests that were made during the recording. After that, I would repeat the more complex setup you are trying and try to find differences in the recorded samples. Felix
--------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
Free forum by Nabble | Edit this page |