ANTSLOAD 16 - Simulating Basic Authentication in ANTS Load
Brian Donahue
Posts: 6,590 Bronze 1
In web applications, there are three methods of authentication. One is forms authentication, where the user name and password are posted to a web application and the application’s code manages the security. The second is basic authentication, where the challenge and response is handled by the web server according to the W3C HTTP standard (RFC 2616). The third and final authentication mechanism is Windows Authentication (NTLM), which is proprietary and only supported by Internet Explorer. At this time ANTS Load cannot support virtual clients using Windows Authentication.
For forms authentication, the process is easy to understand. The name of a web control is posted along with its value back to the web server and an Active Server Page will process the information to decide if the user is allowed access. A forms authentication session would look similar to this in ANTS Load:
WebClient.HttpRequest.AddPostData("txtName", “Brian_Donahueâ€, True)
WebClient.HttpRequest.AddPostData("txtPassword", “Passwordâ€, True)
WebClient.HttpRequest.AddPostData("txtCompany", "Aardvark", True)
WebClient.HttpRequest.AddPostData("x", "30", False)
WebClient.HttpRequest.AddPostData("y", "6", False)
WebClient.Post("http://thing/Aardvark/logon.asp")
Basic authentication consists of a ‘challenge’ by the server in the form of a ‘401 Authentication Required’ message when the web browser client requests a page that is password protected.
The client’s response to this challenge is to add an ‘authorization header’ to the request and re-submitting it to the server. The authorization header consists of a name called ‘Authorization’ and a value static the type of authentication (Basic), a space, then a Base64-encoded string made up of the username, a colon : and a password.
To simulate a basic authentication session in ANTS Load, you would wait for a challenge from the webserver and add the appropriate response. A typical basic authentication session would look like this in an ANTS Load script:
Imports System
Imports RedGate.Ants.Engine
Public Class BrowserClient1
Inherits Control.VirtualClient
Protected Overrides Sub Run()
Dim userPassword As String = "JoeBloggs:password"
Dim encodedUserPassword As String = EncodeBase64(userPassword)
' Script created with Internet Explorer on 27/01/2003 10:34:37
' Random pause of between and 1 and 2 seconds
' (Remove this line if you want all scripts to start at the same time)
RandomSleep(1000, 2000)
WebClient.HttpRequest.ProtocolVersion = "HTTP/1.1"
BeginPage("http://localhost/basicauthtest/authtest/index.htm")
WebClient.HttpRequest.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)"
WebClient.Get("http://localhost/basicauthtest/authtest/index.htm")
If WebClient.HttpResponse.Status = 401 Then
WebClient.HttpRequest.Headers.Set("Authorization", "Basic " & encodedUserPassword)
WebClient.Get("http://localhost/basicauthtest/authtest/index.htm")
End If
EndPage("http://localhost/basicauthtest/authtest/index.htm")
' End of page 1 contains 2 request(s).
' End of script contains 1 page(s).
End Sub
Private Function EncodeBase64(ByVal input As String) As String
Dim strBytes() As Byte = System.Text.Encoding.UTF8.GetBytes(input)
Return System.Convert.ToBase64String(strBytes)
End Function
End Class
Note that the EncodeBase64 function has been added to the script to do the Base64 encoding of the user name and password. The Base64 encoding is not included in the ANTS Load WebClient classes.
This example has shown how to support websites that require basic authentication with ANTS Load. If you have any questions about the concepts in this document or the example code, feel free to send an email to support@red-gate.com.
For forms authentication, the process is easy to understand. The name of a web control is posted along with its value back to the web server and an Active Server Page will process the information to decide if the user is allowed access. A forms authentication session would look similar to this in ANTS Load:
WebClient.HttpRequest.AddPostData("txtName", “Brian_Donahueâ€, True)
WebClient.HttpRequest.AddPostData("txtPassword", “Passwordâ€, True)
WebClient.HttpRequest.AddPostData("txtCompany", "Aardvark", True)
WebClient.HttpRequest.AddPostData("x", "30", False)
WebClient.HttpRequest.AddPostData("y", "6", False)
WebClient.Post("http://thing/Aardvark/logon.asp")
Basic authentication consists of a ‘challenge’ by the server in the form of a ‘401 Authentication Required’ message when the web browser client requests a page that is password protected.
The client’s response to this challenge is to add an ‘authorization header’ to the request and re-submitting it to the server. The authorization header consists of a name called ‘Authorization’ and a value static the type of authentication (Basic), a space, then a Base64-encoded string made up of the username, a colon : and a password.
To simulate a basic authentication session in ANTS Load, you would wait for a challenge from the webserver and add the appropriate response. A typical basic authentication session would look like this in an ANTS Load script:
Imports System
Imports RedGate.Ants.Engine
Public Class BrowserClient1
Inherits Control.VirtualClient
Protected Overrides Sub Run()
Dim userPassword As String = "JoeBloggs:password"
Dim encodedUserPassword As String = EncodeBase64(userPassword)
' Script created with Internet Explorer on 27/01/2003 10:34:37
' Random pause of between and 1 and 2 seconds
' (Remove this line if you want all scripts to start at the same time)
RandomSleep(1000, 2000)
WebClient.HttpRequest.ProtocolVersion = "HTTP/1.1"
BeginPage("http://localhost/basicauthtest/authtest/index.htm")
WebClient.HttpRequest.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)"
WebClient.Get("http://localhost/basicauthtest/authtest/index.htm")
If WebClient.HttpResponse.Status = 401 Then
WebClient.HttpRequest.Headers.Set("Authorization", "Basic " & encodedUserPassword)
WebClient.Get("http://localhost/basicauthtest/authtest/index.htm")
End If
EndPage("http://localhost/basicauthtest/authtest/index.htm")
' End of page 1 contains 2 request(s).
' End of script contains 1 page(s).
End Sub
Private Function EncodeBase64(ByVal input As String) As String
Dim strBytes() As Byte = System.Text.Encoding.UTF8.GetBytes(input)
Return System.Convert.ToBase64String(strBytes)
End Function
End Class
Note that the EncodeBase64 function has been added to the script to do the Base64 encoding of the user name and password. The Base64 encoding is not included in the ANTS Load WebClient classes.
This example has shown how to support websites that require basic authentication with ANTS Load. If you have any questions about the concepts in this document or the example code, feel free to send an email to support@red-gate.com.
Comments
Please contact support@red-gate.com if you are interested in this.