{"id":5113,"date":"2018-08-24T10:06:10","date_gmt":"2018-08-24T14:06:10","guid":{"rendered":"https:\/\/www.redline13.com\/blog\/?p=5113"},"modified":"2018-08-24T10:06:10","modified_gmt":"2018-08-24T14:06:10","slug":"http-authorization-manager","status":"publish","type":"post","link":"https:\/\/www.redline13.com\/blog\/2018\/08\/http-authorization-manager\/","title":{"rendered":"HTTP Authorization Manager"},"content":{"rendered":"

Sometimes you will need to load test URLs that are restricted from public access. The types and resources can vary from corporate libraries and knowledge bases to targeted forums or others. All tend to have limited or restricted access. When you try to access such URLs, a browser generates a pop-up window and asks for username and password to authenticate. You should handle this in your JMeter script to get access to the web resources. This is where the HTTP Authorization Manager comes into the picture. Before we begin, let\u2019s understand basic authentication.<\/p>\n

Basic Authentication<\/strong><\/h3>\n

Basic Authentication is a method for an HTTP user agent to provide username and password when making a request. HTTP Basic authentication is the simplest technique for enforcing access controls to a web resource because it does not require\u00a0cookies<\/a>, session identifiers, or login pages. Rather, HTTP Basic authentication uses standard fields in the\u00a0HTTP header<\/a>, removing the need for\u00a0handshakes<\/a>.<\/p>\n

For instance, if you want to download a file from an FTP Server, you would encounter a pop-up window asking for username and password as shown below.<\/p>\n

\"Popup<\/p>\n

The browser generates this pop-up window when a server requires username and password to authenticate.<\/p>\n

Here are the steps to handle basic authentication using an HTTP Authorization Manager.<\/p>\n

HTTP Authorization Manager<\/strong><\/h3>\n

The Authorization Manager lets you specify one or more user logins for web pages that are restricted using server authentication. You see this type of authentication when you use your browser to access a restricted page, and your browser displays a login dialog box. HTTP Authorization Manager provides the ability to add a relevant \u201cAuthorization\u201d HTTP header to subsequent HTTP requests.<\/p>\n

Let\u2019s use httpbin.org<\/a> as an example application to demonstrate the use of JMeter\u2019s HTTP Authorization Manager. HTTPBin provides sample endpoints to call with configurable parameters.<\/p>\n

If you navigate to the endpoint https:\/\/httpbin.org\/basic-auth\/user\/passwd<\/a> in your browser, it should prompt you to enter a username and password<\/p>\n

\"Typical
\nThe default username is\u00a0\u201cuser\u201d\u00a0and the default password is\u00a0\u201cpasswd\u201d. The server should respond with the following json:<\/p>\n

\n{\n\"authenticated\": true,\n\"user\": \"user\"\n}\n<\/pre>\n
If you don\u2019t provide any credentials or if you provide wrong credentials, the server rejects the access to protected resource and responds with an HTTP Status code of 401<\/a><\/p>\n
\"Access<\/p>\n
When you provide correct credentials, the server responds with an HTTP Status code of 200<\/a>, and you can see the browser sending the \u201cAuthorization: Basic dXNlcjpwYXNzd2Q=\u201d HTTP header in the request.
\n\"Authorization<\/p>\n
Let\u2019s see how we can handle this using JMeter\u2019s HTTP Authorization Manager.<\/p>\n
Use the following Configuration in HTTP Authorization Manager to authenticate on httpbin.org<\/a> and place this at the top element in the thread group:<\/p>\n