The Basic Authentication scheme (RFC2617)
requires that each HTTP client must authenticate itself with a User-ID and
password for each request he does to a HTTP server.
HTTP
server will service the request only if it can validate the user-ID and
password for the path included in request.
In
the case it cannot authorize the request is responding with HTTP 401
(Unauthorized) and in the case that is a Proxy server with HTTP 407 (Proxy
authentication required).
Steps to create the
configuration:
Create
an HTTP Client Activity.
On
the Commands tab from the HTTP Client
activity add a GET Command.
On
the Profile option from the GET command
select New Profile option.
On
the Command Profile Window configure
the Profile Name, enable Basic Authentication and configure the user and
password to be used in the test.
On my example I used the following:
Profile Name= BasicAuthentication
User=usertest
Password=passwordtest
Notes:
***Profile
name can include only a-z, A-Z, 0-9, _ and @ (no space)
***To edit a profile already created click on Edit Profile button from the right-corner from the screen
***To edit a profile already created click on Edit Profile button from the right-corner from the screen
Verify the results:
Verify results using statistics
HTTP Client
Request Sent/Successful
HTTP Request Failed 401 (authorization denied)
HTTP Request Failed 4xx other (includes HTTP 407 responses if proxy server is used)
Verify results using IxAnalyzer:
HTTP Request Failed 401 (authorization denied)
HTTP Request Failed 4xx other (includes HTTP 407 responses if proxy server is used)
Verify results using IxAnalyzer:
Making a capture of the traffic will reveal that
HTTP client request is including the www-authenticate header which specify the
scheme (basic) but also the user and password in clear text.
The server side must have info about user ID and password . For clients request server will match to check authentication. How do you put this info in the server side configuration?
ReplyDelete