ANTSLOAD 17 - Testing websites with Windows authentication
Brian Donahue
Posts: 6,590 Bronze 1
- Date: 1 March 2006
- Version affected: ANTS Load 1.7-1.75
ANTS Load 1.7 has a new authentication library that can generate user credentials for any user for basic, NTLMv1, and NTLMv2 authentication. NTLMv1 and v2 are two types of authentication that can be used if the website requires Windows authentication. NTLMv2 is a newer, more secure version of NTLM and NTLMv1 is included only for backwards-compatability in simulating a Windows 95 client. You will most likely use NTLM v2 because Windows Server 2003 will require it by default and should reject any NTLMv1 requests.
To start a recording session for your test website, you will need to temporarily change the authentication type in IIS administrator to basic. This will effectively send usernames and passwords in the clear (actually the data is in easily-reversable BASE64 encoding). Once you are finished recording the test scripts, you may change the website in IIS again to require Windows authentication.
Next, you must edit the ANTS Load test script by clicking the Edit Script button. First, ensure that all requests use the HTTP/1.1 protocol. Look for lines in the script that begin with WebClient.HttpRequest.ProtocolVersion="HTTP/1.0" and replace them with "HTTP/1.1". NTLM authentication must maintain connections and will only work with HTTP/1.1. Next, use search and replace to find any headers that were recorded for basic authentication to nothing. In other words, remove these lines from the test script. They will look similar to this:
WebClient.HttpRequest.Headers.Add("Authorization", "Basic...
If you are making requests to only one server or web application, you will only need to add your credentials to your request once in the test script, only for the first GET or POST request to the server. If you make requests to more than one server, you will need to add credentials to the first request to each different web server or application.
To add Windows credentials to your web requests, use the AddCredentials method of the HttpRequest object. For instance:
WebClient.HttpRequest.AddCredentials(Authentication.AuthType.NTLMv2, "DOMAIN", "UserName", "UserPassword")This allows you to simulate different users for every virtual client. For instance, you could set state information with user names and passwords and each virtual client could be logging in and performing actions as a different user.
The ANTS Load authentication library also supports basic authentication for the same reason. For instance, if you had recorded a test script against a web server, the usernames and passwords would be difficult to replace as they are hard-coded into the script and base64 encoded as well. To simulate basic authentication, you can replace the WebClient.HttpRequest.AddHeader("Authorization", "Basic... with WebClient.HttpRequest.AddCredentials(Authentication.AuthType.Basic, "DOMAIN", "UserName", "Password"). This will create the necessary authorization headers for basic authentication.
Testing Webservices
If webservices (rather than websites) are being load tested, there is no direct way to pass NTLM credentials to them, however, there is a workaround using the methods described above. The workaround is to construct a quick Get for the .asmx webservice page with NTLM credentials attached before calling the webservice method as in the example below. Please note that you do not need to change the webservice to use basic authentication in order to add the web reference because the WSDL.exe included with ANTS Load transparently passes the logged-in user credentials.
Imports System Imports RedGate.Ants.Engine Imports localhost 'Automatically generated template code for testing a web service. Public Class WebServiceClient1 Inherits Control.VirtualClient Protected Overrides Sub Run() 'The web service is located at http://localhost/antsloadtutorialwebservice/employees.asmx BeginPage("http://localhost/antsloadtutorialwebservice/employees.asmx") WebClient.HttpRequest.ProtocolVersion = "HTTP/1.1" WebClient.HttpRequest.AddCredentials(Authentication.AuthType.NTLMv2, "DOMAIN", "UserName", "UserPassword") WebClient.Get("http://localhost/antsloadtutorialwebservice/employees.asmx") EndPage("http://localhost/antsloadtutorialwebservice/employees.asmx") 'Create an instance of the proxy. Dim webService As New Employees 'Uncomment and complete the following code to test the methods. webService.GetEmployeeDetails(3) 'Random think time of between 1 and 2 seconds RandomSleep(1000, 2000) End Sub End Class