LoadRunner & HTTP 401 Authentication (Updated)
Posted by Kim on Wednesday, December 23, 2009
In one of my recent projects I stumbled upon an interesting problem situation with the HTTP Authentication mechanism.
I had a Machine to Machine (M2M) interface, where clients used HTTP authentication to identify themselves to the server while sending data. In this scenario there was no HTTP 401 response from the server, because the client included the authentication info in the initial request.
I discovered that LoadRunner does not do the same. It waits for the HTTP 401 response before actually sending the authentication information. This is correct behavior if we would be simulating a web service meant for humans, but in my case this lead to a situation where LoadRunner was doing 1 extra POST request which had catastrophic results since I now did two POST requests instead of just one!
The negative effect was that I was POST:in the double amount of data over the network and doubling the amount of requests to the server, thus effectively doubling the throughput and connections (load) to the server!
To solve this problem I had to include the Authorization header in the initial request. To do that I used my Base64 Encoder to produce the needed Basic HTTP Authorization header information and then add it to the request using the web_add_header() function.
Below is code snippet from the project that shows how to create and use the custom made authentication header:
// Must remove std auth mechanism since this causes 2 POSTS instead of one
// web_set_user( "{Username}", "{Password}", "{Domain}:8000" );
// Create Base64 encoded string
b64_encode_string( "{Username}:{Password}", "BasicAuth" );
// Add HTTP Authorization header "Authorization: Basic XXXXXXXXXXXXXXXXXX==\r\n"
web_add_header("Authorization", lr_eval_string("Basic {BasicAuth}"));
lr_start_transaction("Custom_HTTP_Auth");
web_custom_request("Custom_HTTP_Auth",
"Method=POST",
"EncType=text/xml; charset=\"UTF-8\"",
"URL=http://{Domain}/{Path}/{Document}"
"BodyFilePath=XML.xml",
LAST);
lr_end_transaction("Custom_HTTP_Auth", LR_AUTO);
EDIT: I also found another way to possibly do this. This method has only been tested to work with LR version 11.03.
// Standard Web Set User here
web_set_user( "{Username}", "{Password}", "{Domain}:8000" );
// Set UNDOCUMENTED socket option to make LR send Authentication headers with every request to the domain
web_set_sockets_option("INITIAL_BASIC_AUTH","1");
lr_start_transaction("Custom_HTTP_Auth");
// Now the HTTP request adds the Authentication header automatically without receiving
// a HTTP 401 first and then sending the auth header.
web_custom_request("Custom_HTTP_Auth",
"Method=POST",
"EncType=text/xml; charset=\"UTF-8\"",
"URL=http://{Domain}/{Path}/{Document}"
"BodyFilePath=XML.xml",
LAST);
lr_end_transaction("Custom_HTTP_Auth", LR_AUTO);
Enjoy!
