0

Does anyone know how to avoid WCAT recording unexpected "401 Unauthorized" HTTP Status codes when testing a web application that uses NTLM authentication? An example of the code I am using for a request is below:

    request
    {
    url = "http://server";
    authentication = NTLM;
    username = "user";
    password = "xxxx";
    statuscode = 200;
    }

To clarify, this script works fine and does manage to retrieve the content but when ran against an IIS7 server the NTLM negotiation (I believe) means that the initial 401 code is recorded as well as the final 200 code.

This means that after a test the report shows the same amount of 401 codes as 200 codes, and unfortunately the 401s are recorded as unexpected codes/errors.

I realise this is a similar question to one asked earlier, but this one is specifically asking if there is a way to avoid the unexpected status codes.

Thanks!

Chris
  • 3,081
  • 3
  • 32
  • 37

1 Answers1

3

What you need (I think) is a transaction { ... } with a number of request { ... } elements inside, some of which expect a 401 statuscode:

transaction
{
    id = "home";
    weight = 1000;
    request
    {
        url = "/";
        statuscode = 401;
        redirect = true;
        cookies = true;
    }
    request
    {
        url = "/";
        statuscode = 401;
        authentication = NTLM;
        username = "domain\\username";
        password = "password";
        redirect = true;
        cookies = true;
    }
    request
    {
        url = "/";
        authentication = NTLM;
        username = "domain\\username";
        password = "password";
        statuscode = 200;
        redirect = true;
        cookies = true;
    }
}
Phil Peace
  • 733
  • 1
  • 7
  • 20
  • (Just reviewing my SO account hence the late reply!) – Chris Oct 04 '11 at 10:09
  • I think i tried this in June but still got some issues. I recall it was better but not a complete solution but thanks for the help :) – Chris Oct 04 '11 at 10:09
  • Sorry for the necro but I just wanted to comment this exact issue is dealt with in the documentation in the wcat/doc directory, wcat.doc, page 23. Phil appears to be on the right track in this regard. – pseudocoder May 04 '12 at 16:11
  • I tried every combination but it just doesn't work. It sends the Authorization header but somehow, it still receives 401 – tugberk Jun 04 '13 at 09:10