StresStimulus supports all major authentication methods. They are divided into two types: server authentication and application authentication.
Server AuthenticationServer authentication refers to any machine, operating system, or domain-level authentication. It includes Basic, Windows Integrated (e.g., NTLM) or other Kerberos authentication. To configure server authentication, provide a set of the credentials that the tested website recognizes, and use the Authentication node in the Workflow Tree to enter the supplied credentials. You can also paste data (from Excel) into the authentication grid. The Domain field might be optional, depending on your server. You can also import credentials stored in a .csv file by clicking Import on the toolbar. The .csv file must have 3 grid columns and no header. Note 1: If you are located in the Authentication section and need to configure form authentication or any other type of application authentication, described below, click Go to Forms Authentication on the toolbar. Note 2: By default, every new VU will use a subsequent set of credentials. If the number of VUs exceeds the number of credentials, then they are assigned using a round-robin algorithm. For example, if you have 10 rows in the Authentication grid and emulate 20 VUs, then VU1 and VU11 will use row 1, VU2, and VU12 will use row 2, and so on. To change this behavior to On-Demand, change the VU-to-row property to On-Demand. For more about on-demand binding see here. Authentication is configured per Test. Credentials created in one test case are used in all test cases |
|
Host-specific credentialsSome web applications use several hosts that require different credentials for authentication. In order to support such authentication schema, you need to enable host-specific credentials. To do so, set the Show host column? property to Yes (a). The Host column (b) appears in the authentication grid. For every set of credentials, enter a host to which the credentials will be submitted. |
|
Client CertificatesIn some cases, every VU would need a unique client certificate to communicate with a server. Client certificate files should be accessible from the StresStimulus machine. For example, in the test folder, create a subfolder Certificates and save there certificate files. Set the Show certificate column? to Yes (c). The Certificate column (d) appears in the authentication grid. For each VU row, enter the name of the certificate files in the Certificates folder. Alternatively, enter a full path of certificate file if it is located in a different folder. Note: If the Host column is not empty, then the client certificate will only be applied to requests to the given host. Note: When using the Certificates feature, the UserName and Password column can be left blank. Note: When using the Certificates feature, the Use a shared connection pool for all VUs? must be set to No to prevent VUs from using connections that were authenticated by other VUs. For more, see connection pools. |
|
Application AuthenticationApplication-level authentication refers to the authentication method that takes place inside the web application (e.g., Form authentication). The test case will store the set of credentials entered during recording. By default, these credentials will be used for all VUs. To test VUs with different credentials, you need to:
1. In the Datasets section, click Create Authentication Dataset on the toolbar. The Credentials dataset will be created. If your authentication process includes additional properties, such as security questions, you can edit the Credentials dataset structure by adding additional fields (see Datasets ). 2. Populate the authentication dataset by entering data, pasting data (from Excel), or importing a .csv file. 3. Find the login request in the test case (it is usually one of the first POST requests). To do so: a. Click Find Session by Content or hit <Crl+F> b. Enter one of the credentials you used in recording (e.g., a username, email address, or password). c. The first highlighted session is a login request. Select it. |
|
Tip: If you cannot find a request recorded with credentials, your application likely uses server authentication (see above).
4. Parameterize the Credential parameters using the Credentials dataset. Use the VU-Bound databinding method.
Tip: Typically, credentials are submitted in the web form. In this case, they will appear in the parameterization grid in the Body tab.
Note: The Credentials are distributed between VUs using a round-robin algorithm.
Encrypting passwords
Starting with StresStimulus v5.7, passwords in authentication datasets can be encrypted to provide additional test script security. After password encryption has been enabled, the following section describes how password encryption works depending on the authentication method.
Server authentication
For applications using server authentication, the Password column of the Authentication dataset is automatically encrypted when saving the test script. It is automatically decrypted when loading the test script. The contents of the Password column are obfuscated with a series of * characters.
Since the recorded server authentication credentials are not stored in the test script, no further action is required to secure the passwords in the test script.
Application authentication
For applications using application authentication, any dataset with a column that contains the word "Password" (for example, Password or ApplicationPassword) used for credential parameterization is stored encrypted. When additional credentials are loaded to the authentication dataset by pasting or typing new values or importing data from another data source, passwords are automatically encrypted. Also, the contents of these columns are obfuscated with a series of * characters.
These columns are automatically decrypted in computer memory to properly playback authentication requests.
Overview
Content Tools
