Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

StresStimulus supports all major authentication methods. They are divided into two types: server authentication and application authentication.

Server Authentication

Server authentication refers to any machine, operating system, or domain-level authentication. It includes Basic, Windows Integrated (e.g., NTLM) or other Kerberos authentication.

To configure server authentication, provide a set of the credentials that the tested website recognizes, and use the Authentication node in the Workflow Tree to enter the supplied credentials. You can also paste data (from Excel) into the authentication grid. The Domain field might be optional, depending on your server. You can also import credentials stored in a .csv file by clicking Import on the toolbar. The .csv file must have 3 grid columns and no header.

Note 1: If you are located in the Authentication section and need to configure form authentication or any other type of application authentication, described below, click Go to Forms Authentication on the toolbar.

Note 2: Every new VU will use a subsequent set of credentials. If the number of VUs exceeds the number of credentials, then they are assigned using a round-robin algorithm. For example, if you have 10 rows in the Authentication grid and emulate 20 VUs, then VU1 and VU11 will use row 1, VU2, and VU12 will use row 2, and so on.
Image Removed

Image Added

Authentication is configured per Test. Credentials created in one test case are used in all test cases

Some web applications use several hosts

that Image Removed

which require different credentials for authentication. In order to support such authentication schema, you need to enable host-specific credentials. To do so, check the Host-specific Credentials box (a). The Host column (b) appears in the authentication grid. For every set of credentials, enter a host to which the credentials will be submitted.

Image Removed

Client Certificates

In some cases, every VU would need a unique client certificate to communicate with a server.  Client certificate files should be accessible from the StresStimulus machine.  For example, in the test folder, create a subfolder Certificates and save there certificate files. Check the Certificates checkbox to bring up the Certificate column.

For each VU row, enter the name of the certificate files in the Certificates folder. Alternatively, enter a full path of certificate file if it is located in a different folder.


If the Host column is not empty, then the client certificate will only be applied to requests to the given host.


When using the Certificates feature, the UserName and Password column can be left blank.

Image Added

Application Authentication

Application-level authentication refers to the authentication method that takes place inside the web application (e.g., Form authentication). The test case will store the set of credentials entered during recording. By default, these credentials will be used for all VUs. To test VUs with different credentials, you need to:

  • Provide a set of credentials that the tested website recognizes.
  • Create a dataset, populate it with the provided credentials, and parameterize the appropriate request as described below:

1. In the Datasets section, click Create Authentication Dataset on the toolbar. The Credentials dataset will be created. If your authentication process includes additional properties, such as security questions, you can edit the Credentials dataset structure by adding additional fields (see Datasets ).  

2. Populate the authentication dataset by entering data, pasting data (from Excel), or importing a .csv file.

3. Find the login request in the test case (it is usually one of the first POST requests). To do so:

a. Click Find Session by Content or hit <Crl+F>

b. Enter one of the credentials you used in recording (e.g., a username, email address, or password).

c. The first highlighted session is a login request. Select it.

Image Modified


Tip: If you cannot find a request recorded with credentials, your application likely uses server authentication (see above).