HOWTO: HTTP Basic Authentication with Selenium and Cloud Testing
If you need to run tests against a web server that has HTTP Basic Authentication (HTTP Auth) on, there is a simple way to make it work with Cloud Testing and Selenium.
When you access the server manually you get one of the pop-up dialogs, depending on which browser you are using.
HTTP Authentication pop-up in Chrome
HTTP Authentication pop-up in Safari
HTTP Authentication pop-up in Opera
HTTP Authentication pop-up in Internet Explorer
HTTP Authentication pop-up in Firefox
If you fail to get the username and password correct after a number of retries (usually three), you will get a 401 Unauthorised HTTP result code from the server.
HTTP result code 401 - Unauthorized
So how do we get round this in Selenium? As we have mentioned in our articles, Selenium does not start processing until the onLoad() event has fired. Since no content has yet been delivered by the web server to the browser, this hasn’t yet happened, so we’re stuck.
Fortunately, there is a workaround. In RFC 1738, which covers URLs (Uniform Resource Locators), we are able to use a username and password in the URL. The following quote from the RFC explains how a URL is constructed:
; URL schemeparts for ip based protocols: ip-schemepart = "//" login [ "/" urlpath ] login = [ user [ ":" password ] "@" ] hostport hostport = host [ ":" port ] host = hostname | hostnumber hostname = *[ domainlabel "." ] toplabel domainlabel = alphadigit | alphadigit *[ alphadigit | "-" ] alphadigit toplabel = alpha | alpha *[ alphadigit | "-" ] alphadigit alphadigit = alpha | digit hostnumber = digits "." digits "." digits "." digits port = digits user = *[ uchar | ";" | "?" | "&" | "=" ] password = *[ uchar | ";" | "?" | "&" | "=" ] urlpath = *xchar ; depends on protocol see section 3.1 ; HTTP httpurl = "http://" hostport [ "/" hpath [ "?" search ]] hpath = hsegment *[ "/" hsegment ] hsegment = *[ uchar | ";" | ":" | "@" | "&" | "=" ] search = *[ uchar | ";" | ":" | "@" | "&" | "=" ]
Or as a simplified version, your URL needs to look like:
http://username:password@www.mydomain.com/secretarea/
Note that this won’t work on Internet Explorer, since Microsoft has disabled usernames/passwords in URLs as a security measure. If you want to get round this on an installation you have access to, you can add that functionality back in by modifying your registry, as described in the Microsoft Knowledge Base article http://support.microsoft.com/kb/834489.
How to disable the new default behavior for handling user information in HTTP or HTTPS URLs
// To disable the new default behavior in Windows Explorer and Internet Explorer, create iexplore.exe and explorer.exe DWORD values in one of the following registry keys and set their value data to 0.
- For all users of the program, set the value in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE- For the current user of the program only, set the value in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
If you use Selenium RC (Remote Control), this is done automatically, as of version 0.9.2. As Cloud Testing is built upon Selenium RC, this is taken care of for you already.
For full details of the services and features available from Cloud testing see www.cloudtesting.com
Did you enjoy this post? Why not subscribe to our feed and get articles like this delivered automatically to your feed reader.
[...] This post was mentioned on Twitter by Cloud Testing, Guy Mason. Guy Mason said: Good way to get around HTTP Auth when coding #Selenium scripts RT @CloudTesting: Selenium – HTTP Basic Auth http://bit.ly/8ndhND [...]