LoadRunner & HTTP 401 Authentication (Updated)

In one of my recent projects I stumbled upon an interesting problem situation with the HTTP Authentication mechanism.

I had a Machine to Machine (M2M) interface, where clients used HTTP authentication to identify themselves to the server while sending data. In this scenario there was no HTTP 401 response from the server, because the client included the authentication info in the initial request.

I discovered that LoadRunner does not do the same. It waits for the HTTP 401 response before actually sending the authentication information. This is correct behavior if we would be simulating a web service meant for humans, but in my case this lead to a situation where LoadRunner was doing 1 extra POST request which had catastrophic results since I now did two POST requests instead of just one!

The negative effect was that I was POST:in the double amount of data over the network and doubling the amount of requests to the server, thus effectively doubling the throughput and connections (load) to the server!

To solve this problem I had to include the Authorization header in the initial request. To do that I used my Base64 Encoder to produce the needed Basic HTTP Authorization header information and then add it to the request using the web_add_header() function.

Below is code snippet from the project that shows how to create and use the custom made authentication header:

	// Must remove std auth mechanism since this causes 2 POSTS instead of one
	// web_set_user( "{Username}", "{Password}", "{Domain}:8000" );

	// Create Base64 encoded string
	b64_encode_string( "{Username}:{Password}", "BasicAuth" );

	// Add HTTP Authorization header "Authorization: Basic XXXXXXXXXXXXXXXXXX==\r\n"
	web_add_header("Authorization", lr_eval_string("Basic {BasicAuth}"));


		"EncType=text/xml; charset=\"UTF-8\"",

	lr_end_transaction("Custom_HTTP_Auth", LR_AUTO);

EDIT: I also found another way to possibly do this. This method has only been tested to work with LR version 11.03.

	// Standard Web Set User here
	web_set_user( "{Username}", "{Password}", "{Domain}:8000" );

	// Set UNDOCUMENTED socket option to make LR send Authentication headers with every request to the domain


	// Now the HTTP request adds the Authentication header automatically without receiving
	// a HTTP 401 first and then sending the auth header.
		"EncType=text/xml; charset=\"UTF-8\"",

	lr_end_transaction("Custom_HTTP_Auth", LR_AUTO);



10 thoughts on “LoadRunner & HTTP 401 Authentication (Updated)

  1. Hi,

    I am having a similar issue with soap_request (it’s a HTTP request) the request through SOAPUI tool manually is working fine but through LR11.0 im getting below error.

    “The reason for the SOAP fault is:”Error reading XMLStreamReader.”

    I have tried with the below option

    web_add_auto_header(“Authorization”,”Basic VE9X…….”);

    //VE9X…….. is the base64 encoding that i took from the SOAPUI tool header request


    // below is the api key to be added in header



    Can you please suggest?


  2. Have you ever thought about adding a little bit more than just
    your articles? I mean, what you say is valuable and everything.
    However think about if you added some great pictures or video clips to give
    your posts more, “pop”! Your content is excellent but with pics and clips, this website could definitely be one of the best in its niche.

    Terrific blog!

  3. when I added this line “web_set_sockets_option(“INITIAL_BASIC_AUTH”,”1″);” before the web_set_user line, I did not see http 401. Can I use this “INITIAL_BASIC_AUTH” set to 1 instead of using the base64 as mentioned in your post?

  4. Hi,

    Aslo , please tell where I can insert the below custom request , it’s before the enter the credentials or at top of the action part, like we added the We_set_User ?

    “EncType=text/xml; charset=\”UTF-8\””,

    • The line:

      // Set UNDOCUMENTED socket option to make LR send Authentication headers with every request to the domain

      is the magic that sets the headers for every request. The rest of the calls I have are just examples..
      Without knowing more about your script it’s impossible to say how you should do the rest.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s