I'm using Firefox 79 and since some update month ago I get the basic auth password prompt each time when opening the developer tools. This happens on a password protected staging site.
The curious thing is I logged in before and an auth cookie is set so I can browse the site after that. When opening the developer tools the password prompt shows up again. When I close it and hit refresh I'm still logged in.
When inspecting the server log it shows another GET request is made to the current page in the moment opening the developer tools. But it seems the auth cookie is not sent in this one request (401 Unauthorized). Navigating the site with dev tools open after this automatic request then works without logging in again.
I wonder why this automatic request is happening and/or why the auth cookie isn't sent here?
Related
I accidentally revoked auth for Github for Visual Studio app on this page https://github.com/settings/applications > Authorized OAuth Apps, added it back and now when I try to sign back in I get the 'Sign in from Browser' Option.
When I try to sign in, it takes me to this localhost https://localhost:42549/?browser_session_id=XYZ location and gives me this response.
This site can’t provide a secure connection localhost sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR
I am trying to record a test script with JMeter for an internal website hosted on company intranet. I can record only till navigation of the login page, submitting username/password, and click on login button. The login page reloads all the time. Nothing else happens.
Steps to reproduce ->
1) I started the JMTeter HTTP Test script recorder
2) I changed the browser settings to point it to the proxy.
3) Navigated to login page, keyed in username/password, and clicked login
4) The login page reloads, nothing else happens.
I tried it on all the browser. It's same everywhere. I recorded testes on gmail and facebook successfully. I did not face any issue there for navigation. Please help me. Is it an issue with the server where the site is hosted?
What kind of login authentication that you used in your internal website? Is it the same authentication as gmail or facebook (using login form, then compare it to database)? Or is it Active Directory User (windows account) authentication (usually, there is browser popup to enter username and password).
You can try this:
Start the JMTeter HTTP Test script recorder
changed the browser settings to point it to the proxy
Navigate to login page, keyed in username/password, and clicked login. From this point, you will have sampler for login step
changed the browser settings to not using JMeter proxy
Navigate to login page, keyed in username/password, and clicked login. It should be working
changed the browser settings to point it to the proxy again
Do the rest recording normally to get the rest scenarios.
I hope that will help you.
I am doing performance testing of a .net application. Whenever we enter url into the browser a browser window opens asking for username and password. After entering that page of site appears.
After setting proxy when I clicked on start button to record script and entered URL to the browser, a message:
An error has occurred. Please go back or close the browser and try again.
appeared.
Now no login window is getting opened.
What you see is HTTP authentication window. It can be of 3 types: Basic, Digest, NTLM.
JMeter supports only Basic and NTLM authentication. If your site uses it, you can add HTTP Authorization Manager with correct base url, username and password to your test plan.
I have an application that requires Windows authentication with fallback to Forms authentication. I built it in this way: http://msdn.microsoft.com/en-us/library/ms972958.aspx and everything works fine.
So basically I create forms authentication cookie for a domain based on the outcome of Windows authentication. The cookie is valid as long as the browser stays open. I do not have problems with that in Firefox or Chrome, not even IE8 on Windows XP machines. Unfortunately all Windows7 machines with IE8 experience the same problem: a login prompt shows up when you try to refresh the page after around 30minutes of inactivity. Even if I provide valid Windows credentials I still cannot log in to the application. Nothing helps, but closing the browser and starting it again. Then I am again logged in automatically and it will be fine as long as I stay active. After 30 minutes of inactivity - again log in prompt. After some research I found out that if I delete the auth cookie using developer tools (F12) and then refresh, I get automatically logged in without the prompt (just what you would expect from Windows authentication).
Does anyone of you have an idea what can go wrong and how can I get it to work correctly on Windows7 machines? Or maybe ideas on where to look? Is it IIS problem (I use IIS6 on Windows 2003 Server), client problem? What makes Win7 IE8 so special that it fails?
I don't know why it expires, but I managed to get rid of the problem. Somehow on IE8 on Win7 it cannot continue, because it tries to auth, but the old auth cookie is supplied. If I clean the cookies on the request and then forward to the login page, it works. It's not a solution to the problem, but at least the user gets re-authenticated...
I have a website that I would like to allow both Forms and Windows Auth for. My problem is that it seems that when you setup IIS to allow both anonymous (Required for forms auth) and Windows auth that the browser won't send the user's network credentials.
It just uses the anonymous login. Is there any way either in IE8 or IIS to have it try Windows Auth 1st and then fall back to Anonymous?
Thanks for any help.
You can't ask for HTTP authentication (whether that's Basic Authentication or Integrated Windows Authentication) without causing the authentication dialogue box to pop in the case where there are no credentials yet.
So in general for hybrid HTTP-auth+cookie-auth approaches you enable both anonymous and authenticated access for the bulk of the site, but allow only authenticated access to one particular script.
When the user accesses a page without either kind of auth, you spit out a page with a login form for the cookie-based auth, and also a link to the one URL that allows only authenticated access. The user can fill out the form for cookies&forms auth, or hit the link to log in with HTTP auth instead.
If the user follows that link, they will be given a 401 response and must provide HTTP authentication, either through the auth dialog, or potentially automatically using integrated Windows authentication. Once this has happened once, the browser will start submitting the same credentials to every future page, so IIS will decode the credentials to give you the expected REMOTE_USER when your main site scripts are run.
Browsers will only submit the credentials to pages in the same directory as the 401 script, or subdirectories of this. For this reason it is best to put the HTTP-auth-required script in the root, for example as /login.aspx.
However, there are a few browsers that won't automatically submit credentials for further pages, and require every HTTP request to respond 401 first, before sending the request again with credentials. This makes optional-auth and hybrid-auth schemes impossible (as well as making browsing of protected sites much slower!). The only modern browser that does this is Safari. You may not care, as Safari's support for Integrated Windows Authentication has traditionally been shaky anyway, and it can still use the forms+cookies auth type.