Support BASIC and Digest HTTP authentication #34

Open
lukeis opened this Issue Mar 2, 2016 · 93 comments

Comments

Projects
None yet
1 participant
Owner

lukeis commented Mar 2, 2016

Originally reported on Google Code with ID 34

There should be an easy to use API for authenticating using standard HTTP mechanisms

Reported by simon.m.stewart on 2007-11-05 16:13:45

Owner

lukeis commented Mar 2, 2016

I think it is worth mentioning that it is possible to do BASIC HTTP authentication --
in an ugly way - even now, by extending the driver.
@Override
protected WebClient newWebClient() {
    WebClient client = super.newWebClient();
    DefaultCredentialsProvider  provider = new DefaultCredentialsProvider();
    provider.addCredentials("username","password");
    client.setCredentialsProvider(provider);
    return client;
    }

Reported by turkoglu.deniz on 2008-08-12 10:02:34

Owner

lukeis commented Mar 2, 2016

We are using version 0.6.870 and note that the newWebClient() method signature is
different to that above. We have found that the following works ok. because
newWebClient is called by the default constructor in the super class, you can't just
pass the usernam and password in the constructor, so we hacked about a bit with the
statics:

public class AuthenticatedHtmlUnitDriver extends HtmlUnitDriver {

    public static void setCredentials(String username, String password) {
        USERNAME = username;
        PASSWORD = password;
    }

    private static String USERNAME;
    private static String PASSWORD;

    public AuthenticatedHtmlUnitDriver() {
    }

    @Override
    protected WebClient newWebClient(BrowserVersion browserVersion) {       
        System.out.println("Logging in with: [username:" + USERNAME + "]");
        WebClient client = super.newWebClient(browserVersion);
        DefaultCredentialsProvider provider = new DefaultCredentialsProvider();
        provider.addCredentials(USERNAME, PASSWORD);
        client.setCredentialsProvider(provider);
        return client;
    }

}



Reported by jim.barritt on 2009-04-14 13:10:51

Owner

lukeis commented Mar 2, 2016

Slightly nicer version is to have a factory method instead of setCredentials:

public static WebDriver create(String username, String password) {
        USERNAME = username;
        PASSWORD = password;
        return new AuthenticatedHtmlUnitDriver();
    }

Reported by jim.barritt on 2009-04-14 13:17:41

Owner

lukeis commented Mar 2, 2016

I can only find the WebClient stuff inside HtmlUnit. Is there any solution/work
around to make this work with say the InternetExplorerDriver?

Reported by per.olesen on 2009-07-03 06:59:15

Owner

lukeis commented Mar 2, 2016

If you’re using the Firefox driver there is an even dirtier work-around. It’s
possible to specify the username and password on the URL. e.g. 
http://username:password@www.basicauthprotected.com/.

The next hurdle is an anti-phishing dialogue box. This can however be suppressed
using aboubt:config, creating a new entry named network.http.phishy-userpass-length
with a type of Integer and a value of 255.

Reported by robdkay on 2010-04-27 11:02:33

Owner

lukeis commented Mar 2, 2016

Reported by jari.bakken on 2010-06-17 00:28:34

  • Labels added: Component-WebDriver
Owner

lukeis commented Mar 2, 2016

Having also some issues (dialog box) with Basic Authentication on IE. As read in the
OpenQA Wiki this is handled automatically by the remote control. There should also
be such a feature for the InternetExplorerDriver. Is there any workaround so far?

Reported by roland.schaer on 2010-07-20 08:38:41

Owner

lukeis commented Mar 2, 2016

Code for Handling HTTP Basic Authentication for FireFox driver is as follows. I know
this is a crude way but its working for now.

FirefoxProfile profile = new FirefoxProfile();
profile.setPreference("network.http.phishy-userpass-length", 255);
driver = new FirefoxDriver(profile);
driver.get(http://username:password@www.basicauthprotected.com/);

Reported by arun280780 on 2010-12-07 09:05:22

Owner

lukeis commented Mar 2, 2016

Doesn't  work in my situation ( I have domain\username and password  )

http://domain\username:password@www.basicauthprotected.com

Reported by Mochalin.Igor on 2011-04-26 14:15:17

Owner

lukeis commented Mar 2, 2016

Additional information 
doesn't work  in FireFox and  Chrome  

Reported by Mochalin.Igor on 2011-04-26 14:30:10

Owner

lukeis commented Mar 2, 2016

How to prevent the anti phishing dialogue box in safari. Any pointers

Thanks 

Reported by crab19 on 2011-05-27 22:45:21

Owner

lukeis commented Mar 2, 2016

Issue 1786 has been merged into this issue.

Reported by simon.m.stewart on 2011-06-08 13:12:38

Owner

lukeis commented Mar 2, 2016

does anyone know if this issue is logged in the java forum somewhere.  i am having the
same problem with selenium rc/java.  i am also attempting this with domain\username.
 i keep reading that selenium rc "handles" basic authentication for me - yet there
is no explanation for this that i can find.  i have attempted everything this issue
mentions plus the following and nothing works so far.  should i create and issue for
this with a java implementation or can this issue be modified??

i have tried this approach as well with no luck (addCustomRequestHeader)
http://stackoverflow.com/questions/3021602/http-basic-auth-via-url-in-firefox-does-not-work

i apologize in advance if i have hijacked this issue in any way.  please let me know.

thanks!
-allen

Reported by otwoblue on 2011-06-20 07:25:30

Owner

lukeis commented Mar 2, 2016

Firefox workaround - store your password in firefox manually. Reuse this existing profile
in code, for example:
    new FirefoxDriver(profile)

Reported by whittet on 2011-09-02 15:19:52

Owner

lukeis commented Mar 2, 2016

Maybe I'm naive and correct me if I'm wrong, but for comment 16 isn't the Firefox passwords
only for websites? I believe no browser ever store's your HTTP Basic/Digest authentication
username & passwords. It may get cached (by server?) for the browser session once you
log in, but for every new session you have to login again.

Stored passwords are only for website form logins.

Reported by mangaroo on 2011-09-02 19:39:06

Owner

lukeis commented Mar 2, 2016

Has anyone tried escaping the \ in domain\username for Firefox Basic HTTP auth? For
example,

http://domain%5cusername:password@www.basicauthprotected.com

I know for one of our sites we have to escape symbols like % and ! in the password
or it does not work.

Reported by darrell.grainger on 2011-09-03 02:44:35

Owner

lukeis commented Mar 2, 2016

Unfortunately the http://user:pass@address.tld is not always a usable workaround, currently
I am facing the authentication window after I submitted a (language setting) form.
It should be considered when designing a solution.

Reported by jr.visko on 2011-09-23 09:00:28

Owner

lukeis commented Mar 2, 2016

Couple of things I've done to handle cases on various browsers for basic authentication:

First of all, I always pass via the URL with http://user:pass@domain.com/folder_with_auth_required/

There are less issues on certain browsers if the trailing slash is included (notably
Opera) for reasons I won't detail here. 

Many browsers will still give a prompt for the user/pass even though it's in the URL,
or some will ask for confirmation before proceeding.  There are profile settings in
the browsers that can turn this off, notably FF as mentioned above.

FirefoxProfile profile = new FirefoxProfile();
profile.setPreference("network.http.phishy-userpass-length", 255); 

With version of selenium before 2.6, Firefox needed this setting but it is included
for you in version 2.6+ so is unnecessary:

With OperaDriver, you can disable the preference "Enable Trust Rating" to help, but
depending on the Opera version you will still get a confirmation prompt.  In those
cases, I have a timeout thread that basically presses the Enter key via Robot so the
driver can continue.

For those of you commenting that this should be fixed asap, remember this is open source
project and feel free to download the source, make fixes, and submit those patches.
 At that point you may see the difficulty involved in getting solutions to work cross-browser.

What I am basically saying here, is that yes, submit comments and well documented issues,
but put the time in where things aren't working ideally to create your own work arounds.
 I'm able to use basic auth across all browser drivers but it's not going to work out
of the box.  

Reported by luke.kende on 2011-09-26 03:43:20

Owner

lukeis commented Mar 2, 2016

On comment 20, I wonder how often the workarounds for cross-browser support are non
destkop GUI based (AutoIt, Sikuli, whatever Robot). This includes stuff like file download
& upload beyond the authentication, and applies even more for Selenium RC. The reason
to bring this up is that sadly, this GUI type of workaround is (or can be) then broken
in a Selenium Grid or SauceLabs deployment, which don't have a complementary infrastructure
to pair GUI automation with it to handle such workarounds. That kind of pairing integration
would be worth thinking if we ever still need to pair GUI automation with browser automation.

Reported by mangaroo on 2011-09-26 06:41:37

Owner

lukeis commented Mar 2, 2016

I am using the "network.http.phishy-userpass-length" setting described in comment 20,
but since the page I am testing is using Ajax heavily, I also need to set this on all
subsequent XHR requests. I have done this by using a proxy (littleshoot) and it works
quite well. In addition to the "network.http.phishy-userpass-length" setting I use
the following:

      profile.setPreference("network.proxy.type", 1);
      profile.setPreference("network.proxy.http", "127.0.0.1");
      profile.setPreference("network.proxy.http_port", 8080);
      profile.setPreference("network.proxy.no_proxies_on", "");

Then in my test, in @BeforeClass, I start the proxy like this:

      HttpRequestFilter requestFilter = new HttpRequestFilter() {
         @Override
         public void filter(HttpRequest httpRequest) { httpRequest.addHeader("Authorization",
"Basic " + BASE64EncodedAuthorizationString); }
      };

      final HttpProxyServer server = new DefaultHttpProxyServer(8080, requestFilter,
new HashMap<String, HttpFilter>());
      server.start();

I've also tried removing the "network.http.phishy-userpass-length" property, but it
is still required with selenium-firefox-driver-2.16.1 at least.

Reported by stian.lindhom.lemontree.no on 2012-01-12 07:09:59

Owner

lukeis commented Mar 2, 2016

This is very important feature. Currently we're thinking about selenium usage for a
major project which uses Basic Http Authentication and this issue is the only thing
which stops us. Does somebody has any estimates?

Reported by bakaev.dmitriy on 2012-01-17 11:04:08

Owner

lukeis commented Mar 2, 2016

You have to write your own script for Digest Based Authentication, no
testing tool provides it.

Reported by qasim.zaman@softrove.com on 2012-01-17 11:17:48

Owner

lukeis commented Mar 2, 2016

The following proposed solution is not working in Firefox 9.0.1:

FirefoxProfile profile = new FirefoxProfile();
profile.setPreference("network.http.phishy-userpass-length", 255);
driver = new FirefoxDriver(profile);
driver.get(http://username:password@www.basicauthprotected.com/);

Reported by rui.abreu on 2012-01-17 18:14:23

Owner

lukeis commented Mar 2, 2016

it worked for me like this:

FirefoxProfile profile = new FirefoxProfile();
profile.setPreference("network.http.phishy-userpass-length", 255);
profile.setPreference("network.automatic-ntlm-auth.trusted-uris", "<host>");
driver = new FirefoxDriver();
selenium = new WebDriverBackedSelenium(driver, "http://<user>:<password>@<host>");

Reported by krueger.fab on 2012-01-21 22:30:49

Owner

lukeis commented Mar 2, 2016


This one is working for me to certain extent.

web1.get("http://<userName>:<password>@<URL>");

I am getting the problem when I click a button and it is asking for Authentication

In this case I am not able to handle. 

Hope this enhancement handle this :)

Reported by sharan.m.mailar on 2012-03-06 07:58:57

Owner

lukeis commented Mar 2, 2016

Hey,

I was able to find some workaround for this:
selenium.start("addCustomRequestHeader=true");
selenium.windowMaximize();
selenium.addCustomRequestHeader( "Authorization","Basic "+"YWRpZGFzOmFkaWRhczEyMyM="
);

where YWRpZGFzOmFkaWRhczEyMyM= is the encoded password. This works fine with me :)

Reported by mayank0905 on 2012-03-06 09:33:57

Owner

lukeis commented Mar 2, 2016

Hi.

I tried the code below for web proxy authorization.
(using selenium-java-2.20.0 & junit3.8)
But I missed.

package com.example;

import junit.framework.TestCase;

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebDriverBackedSelenium;
import org.openqa.selenium.ie.InternetExplorerDriver;

import sun.misc.BASE64Encoder;

public class SampleTest extends TestCase {

    public void test01() {

        String baseUrl = "http://www.google.co.jp/";
        String proxy_user = "my proxy username";
        String proxy_passwd = "my proxy password";
        WebDriver driver = new InternetExplorerDriver();
        WebDriverBackedSelenium selenium = new WebDriverBackedSelenium(driver,
                baseUrl);
        BASE64Encoder encoder = new BASE64Encoder();
        String authHeader = encoder.encode((proxy_user + proxy_passwd).getBytes());

        selenium.start("addCustomRequestHeader=true");
        selenium.addCustomRequestHeader("Proxy-Authorization", "Basic" + " "
                + authHeader);

        selenium.open("/");
        selenium.close();

    }

}


java.lang.RuntimeException: Could not start Selenium session: Unsure how to process:
addCustomRequestHeader=true
    at com.thoughtworks.selenium.DefaultSelenium.start(DefaultSelenium.java:125)
    at com.example.SampleTest.test01(SampleTest.java:32)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at junit.framework.TestCase.runTest(TestCase.java:168)
    at junit.framework.TestCase.runBare(TestCase.java:134)
    at junit.framework.TestResult$1.protect(TestResult.java:110)
    at junit.framework.TestResult.runProtected(TestResult.java:128)
    at junit.framework.TestResult.run(TestResult.java:113)
    at junit.framework.TestCase.run(TestCase.java:124)
    at junit.framework.TestSuite.runTest(TestSuite.java:243)
    at junit.framework.TestSuite.run(TestSuite.java:238)
    at org.eclipse.jdt.internal.junit.runner.junit3.JUnit3TestReference.run(JUnit3TestReference.java:130)
    at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
Caused by: java.lang.UnsupportedOperationException: Unsure how to process: addCustomRequestHeader=true
    at org.openqa.selenium.WebDriverCommandProcessor.start(WebDriverCommandProcessor.java:92)
    at com.thoughtworks.selenium.DefaultSelenium.start(DefaultSelenium.java:115)
    ... 19 more


Reported by nabedge on 2012-03-12 06:17:42

Owner

lukeis commented Mar 2, 2016

I believe the addRequestHeader method only or primarily works for Firefox. And it's
not necessarily supported (yet) in some (RC) language bindings like PHP.

Reported by mangaroo on 2012-03-12 16:59:09

Owner

lukeis commented Mar 2, 2016

BTW, there is a solution to send keys in a blind mode, just simulate key press. For
instance: 
SendKeys("myUser");
SendKeys("{TAB}");
SendKeys("MyPassword");
SendKeys("~"); // Enter

Works really awful...  but works... 

Hey, Selenium Guys!! =) Crowd is still waiting for this feature.

Reported by bakaev.dmitriy on 2012-03-20 12:43:28

Owner

lukeis commented Mar 2, 2016

i read the whole thread. i am surprised that i did not have this problem with authentication.
my firefox and chrome driver able to do auth via url e.g. http://username:password@google.com


But it's not working on IE. Read on some other thread that new Internet explorer does
not allow auth in urls like this one. 

is someone knows any workaround to get through IE? 

Reported by Rajesh.huria on 2012-04-01 21:51:37

Owner

lukeis commented Mar 2, 2016

Issue 3694 has been merged into this issue.

Reported by dawagner on 2012-04-10 21:06:32

Owner

lukeis commented Mar 2, 2016

someone helped me with this one.

Fixed the problem by a registry hack for IE.
http://support.microsoft.com/kb/834489

Once thats done you should be able to pass user name and password in the url for login.

Reported by Rajesh.huria on 2012-04-11 08:30:06

Owner

lukeis commented Mar 2, 2016

Re: #31, the addRequestHeader method works for all browsers.  For more details, I wrote
up a howto:

http://blog.mogotest.com/2010/06/23/how-to-perform-basic-auth-in-selenium/

However, note that this only works for the RC protocol.  The issue at hand is for WebDriver
support.  That should be doable via a similar mechanism using the BrowserMob Proxy,
although I don't believe anyone has written up docs for it yet.

Reported by nirvdrum on 2012-04-11 09:27:55

Owner

lukeis commented Mar 2, 2016

Issue 3265 has been merged into this issue.

Reported by dawagner on 2012-04-11 11:20:53

Owner

lukeis commented Mar 2, 2016

Hi Simon,

Thanks for your reply.  Can you tell me how can I put in a request for this? There
is a couple of solutions posted earlier, but none works for me.  e.g., autoit - I need
to run my testes on all browsers; prefix in url - in my case, it is a redirect so prefix
will not work.

Thank you.

Regards,

Stephen

Reported by mrstephenkwok on 2012-09-24 17:13:18

Owner

lukeis commented Mar 2, 2016

Requests for this to go into official roadmap? I'd like to know the process as well.

Otherwise, I assume standard practice is to file an issue like this one (hence no need
to file anymore duplicates) and just wait & hope for fix inclusion in future release.

And as Simon mentions, if can't wait for whenever that happens, you (or you get someone)
to figure out a "true" solution, implement it, and submit the patch by attaching to
this issue or contacting the Selenium developers directly.

Reported by mangaroo on 2012-09-24 23:24:07

Owner

lukeis commented Mar 2, 2016

Hi Simon,

Can you please make a comment?

Regards,

Stephen

Reported by mrstephenkwok on 2012-09-26 05:27:29

Owner

lukeis commented Mar 2, 2016

As I commented above: there is no roadmap, and, as such, there's no process to put things
on the roadmap. 

What we _do_ have, however, is a clearly defined way for you to send us patches that
address particular issues (essentially, attach a patch to this issue if that patch
fixes this issue)

For the record, a lot of the developers of selenium are working on the project because
they think it's a fun thing to do. Those of the team who are being funded by a company
are normally picking the work they do based on the needs of that company. This really
is a genuinely Open Source project. Come and join us!

Reported by simon.m.stewart on 2012-09-26 16:47:28

Owner

lukeis commented Mar 2, 2016

On Firefox 17, Selenium 2.28.0, I've found that I can do:

    FirefoxProfile profile = new FirefoxProfile();
    profile.setPreference("network.negotiate-auth.trusteduris", hostname);
    driver = new FirefoxDriver(profile);
    driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS);
    selenium = new WebDriverBackedSelenium(driver, "http://" + username + ":" + password
+ "@"
        + hostname + ":" + port + baseUrl);

And this enables the username ':' password processing.  

I have been able to use this for DigestAuth logins.

Reported by mitchellsundt on 2013-01-15 23:10:24

Owner

lukeis commented Mar 2, 2016

Issue 5059 has been merged into this issue.

Reported by barancev on 2013-01-23 16:02:55

Owner

lukeis commented Mar 2, 2016

Need a working solution for Chrome on Linux using webdriver.

The http://user@pass:host method doesn't appear to work.

Preferably a non-platform specific workaround (no resorting to external tools or browser
plugins).  If all browsers allow for adding the auth header to a request, this should
be easy.

(If it's not already on the roadmap, I'd recommend thinking about both basic & digest
auth, as I foresee people asking about this too)

Reported by TrinitronX on 2013-02-12 06:28:33

Owner

lukeis commented Mar 2, 2016

This got me thinking, like cookies, and file download, can HTTP authentication be handled
by an external library and then swapped back to WebDriver? If say a session cookie
was used to verify/indicate success authentication after it has occurred? I don't work
with HTTP authentication (Basic or Digest or Windows) enough to know the details.

I'm thinking create a web/HTTP client via your language bindings HTTP libraries, passing
it your current Selenium cookies (and maybe fake user-agent header in the HTTP client)
to pretend to be your Selenium browser, and then use HTTP client facilities to navigate
to the authentication URL, and perform the authentication (all in HTTP client code),
once that succeeds (HTTP 200 OK, redirected to new logged in URL, authenticated session
established - via URL parameter or cookie), then pass that session info from the HTTP
client back into Selenium (e.g. if session cookie, add cookie to Selenium, if URL param,
append to Selenium requests where applicable).

If that works, it would be a cross-platform approach though language binding specific,
and does not necessarily require extending/modfiying the WebDriver code. Though you
could wrap the WebDriver code in more user friendly API.

Thoughts on this?

Reported by mangaroo on 2013-02-12 21:52:34

Owner

lukeis commented Mar 2, 2016

Issue 5181 has been merged into this issue.

Reported by barancev on 2013-02-18 22:39:11

Owner

lukeis commented Mar 2, 2016

Works for me using java.awt.Robot, Firefox 18.0.2 and selenium-server-standalone-2.31.0.jar.
I will post my code that explains itself, just replace the values on MY_URL, USERNAME
and PASSWORD constants. Only works for me if I use some Thread.sleeps, maybe not necessary
for all of you:

import java.awt.Robot;
import java.awt.Toolkit;
import java.awt.datatransfer.Clipboard;
import java.awt.datatransfer.StringSelection;
import java.awt.event.KeyEvent;

import org.openqa.selenium.Alert;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;


public class FillAuthAlert {
    private static final String MY_URL = "https://myurl.com";
    private static final String USERNAME= "myuser";
    private static final String PASSWORD= "mypass";

    public static void main(String[] args) throws Exception {

        WebDriver driver = new FirefoxDriver();
        driver.get(MY_URL);
        Alert alert = driver.switchTo().alert();
        Robot robot = new Robot();
        Thread.sleep(1000);
        type(robot, USERNAME);
        robot.keyPress(KeyEvent.VK_TAB);
        robot.keyRelease(KeyEvent.VK_TAB);
        Thread.sleep(1000);
        type(robot, PASSWORD);
        alert.accept();
    }

    public static void type(Robot robot, String characters) {
        Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();
        StringSelection stringSelection = new StringSelection( characters );
        clipboard.setContents(stringSelection, null);

        robot.keyPress(KeyEvent.VK_CONTROL);
        robot.keyPress(KeyEvent.VK_V);
        robot.keyRelease(KeyEvent.VK_V);
        robot.keyRelease(KeyEvent.VK_CONTROL);
    }
}

Reported by kikoyah on 2013-03-01 04:17:48

Owner

lukeis commented Mar 2, 2016

Thanks for your support.
Let me try this and will revert you soon.

Reported by kaushikkanishka on 2013-03-01 04:58:15

Owner

lukeis commented Mar 2, 2016

java, firefox this worked for me:

        FirefoxDriver driver = null;
        File scrFile = null;
        try {

            FirefoxProfile ffprofile = new FirefoxProfile();
            ffprofile.setPreference("network.http.phishy-userpass-length", 255);
            ffprofile.setPreference("network.automatic-ntlm-auth.trusted-uris",
                    getTrustedUrl()); // Set this to your DOMAIN, instead of
                                        // Server
            ffprofile.setPreference(
                    "network.automatic-ntlm-auth.allow-non-fqdn", "true");
            ffprofile.setPreference("network.ntlm.send-lm-response", "true");

            driver = new FirefoxDriver(ffprofile);
            driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS);
            driver.manage().window().maximize();
            logger.info("grabbing " + getGrabberUrl());

            driver.get(getGrabberUrl());
            Keyboard keyboard = driver.getKeyboard();
            keyboard.sendKeys(getUser());
            keyboard.pressKey(Keys.TAB);
            keyboard.releaseKey(Keys.TAB);
            keyboard.sendKeys(getPassword());
            keyboard.pressKey(Keys.ENTER);
            keyboard.releaseKey(Keys.ENTER);
            // WebDriverBackedSelenium webDriverBackedSelenium = new
            // WebDriverBackedSelenium(driver,getGrabberUrl());
            // webDriverBackedSelenium.
            // webDriverBackedSelenium.captureScreenshotToString()
            scrFile = ((TakesScreenshot) driver)
                    .getScreenshotAs(OutputType.FILE);

        } catch (Exception e) {
            logger.error("got error", e);
            ResponseBuilder response = Response.serverError().entity(e);
            return response.build();
        } finally {
            if (driver != null) {
                driver.quit();
            }

        }

Reported by nino.martinez.wael on 2013-03-13 19:54:43

Owner

lukeis commented Mar 2, 2016

Issue 5347 has been merged into this issue.

Reported by barancev on 2013-03-15 10:05:04

Owner

lukeis commented Mar 2, 2016

Issue 5444 has been merged into this issue.

Reported by barancev on 2013-04-10 20:45:11

Owner

lukeis commented Mar 2, 2016

Using C# code, please some one tell me how to change mouse focus to "Authentication
Required" window pop-up and then enter the User name and password.

Reported by hosurma on 2013-04-12 07:27:41

Owner

lukeis commented Mar 2, 2016

i have tried with all position able to achieve. could any one please help me to done

FirefoxDriver driver = null;
File scrFile = null;

FirefoxProfile ffprofile = new FirefoxProfile();
ffprofile.setPreference("network.http.phishy-userpass-length", 255);
ffprofile.setPreference("network.automatic-ntlm-auth.trusted-uris","xx.xx.xxx.xxx");
            ffprofile.setPreference("network.automatic-ntlm-auth.allow-non-fqdn", "true");
ffprofile.setPreference("network.ntlm.send-lm-response", "true");
driver = new FirefoxDriver(ffprofile);
driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS);
driver.manage().window().maximize();
driver.get("http://xx.xx.xxx.xxx");
driver.manage().timeouts().implicitlyWait(5, TimeUnit.SECONDS);
Keyboard keyboard = driver.getKeyboard();
keyboard.sendKeys("test");
keyboard.pressKey(Keys.TAB);
keyboard.releaseKey(Keys.TAB);
keyboard.sendKeys("test@123");
keyboard.pressKey(Keys.ENTER);
keyboard.releaseKey(Keys.ENTER);
scrFile = ((TakesScreenshot) driver).getScreenshotAs(OutputType.FILE);






Reported by amsathishkumar on 2013-06-07 14:46:11

Owner

lukeis commented Mar 2, 2016

it does not work in htmlunit when using basic auth like "http://username:password@www.test.com",
but it works in firefox and chrome.
someone tell me how to login a website which using basic authencation by htmlunitdriver.
ps: i use python.

Reported by ghlangbaobao on 2013-07-08 12:45:35

Owner

lukeis commented Mar 2, 2016

Issue 6143 has been merged into this issue.

Reported by james.h.evans.jr on 2013-08-21 11:16:03

Owner

lukeis commented Mar 2, 2016

I came across a blog post related to this area, about downloading files stored under
a secured directory that required basic HTTP authentication. Cookies was used to transfer
the authenticated state information from Selenium to a REST/HTTP client to then download
the file (in browser agnostic way). The basic HTTP authentication with Selenium of
course is done via passing login with URL workaround mentioned here.

But I was wondering, if cookies can be used to pass/store that authentication state,
could we not do the reverse to solve this issue here? Use REST/HTTP client to do the
basic/digest HTTP authentication then pass the authentication cookie from the REST/HTTP
client to Selenium (add cookie method against current URL browser is on or the current
URL the REST/HTTP client hit for the authentication). And do this all behind the scenes
in a wrapped Selenium API method that the Selenium user simply calls, something like

driver.authenticate(username, password); //against current URL

or 

driver.authenticate(url, username, password);

or am I too naive in assuming how HTTP authentication works? If what that blog post
mentions works, I don't see why the reverse technique would not work.

If feasible, this would be a browser agnostic solution, and each client language binding
would implement it's own solution to this issue since it is REST/HTTP client specific,
unless we unify and make this done at the Selenium server side in Java (and not the
client binding side).

Reported by mangaroo on 2013-09-11 00:11:51

Owner

lukeis commented Mar 2, 2016

Spoke too soon, forgot to paste in the blog post I mention: http://elemental-selenium.com/tips/15-download-secure-files

Reported by mangaroo on 2013-09-11 00:12:31

Owner

lukeis commented Mar 2, 2016

Issue 6462 has been merged into this issue.

Reported by luke.semerau on 2013-10-24 17:45:51

Owner

lukeis commented Mar 2, 2016

As I was browsing trough the bug tracker to see if there are bugs or enhancments I could
contribute to, I stumbled on this ne.
This is was (partially still is) an issue which made me research a bit longer.

I implemented different solutions which I shortly pitch here, code that has been written
is closed and getting them outside has big hurdles to take first but may just the idea
give you a help to solve it for your purposes.

For Internet Explorer, first approach was using windws own UI Automation with C# which
does the certificate selection (we use client certificates as authentication) and also
clicking away the unsecure ssl message (why test server shouldnt have a valid certificate
from the companies own CA stays unclear to me) and wrapping that all in a Java library
to use by our DriverManager which abstracts all the technical details of how to use
the drivers inside our infrastructure.
This method works but still IE is very slow in that parts, especially when you have
installed more than a handful of client certificates.

Second approach, and that is the one which I think could fit selenium core the best
to be browser independent was to implement a MITM proxy which gets started and stopped
again in the DriverManager and which translates all url get requests on https into
using http on the target browser and handles the endpoint to the target server injecting
client certificates (same method I used in a custom HTMLUnit driver), this worked on
all browsers I tested so far and also eliminated all the native IE errors/notification
about SSL and security. 

Reported by michel.racic on 2014-02-16 19:42:03

Owner

lukeis commented Mar 2, 2016

Issue 7067 has been merged into this issue.

Reported by barancev on 2014-03-06 18:31:39

Owner

lukeis commented Mar 2, 2016

@michel racic. I am interested in learning more about the code you developed for authenticating
via certificates with IE. Do you have any code you can share?

Reported by jenktom1@aol.com on 2014-03-07 04:16:52

Owner

lukeis commented Mar 2, 2016

This is working in Firefox for me:


package org.core.selenium;

import java.util.concurrent.TimeUnit;

import org.apache.log4j.Logger;
import org.apache.log4j.xml.DOMConfigurator;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.firefox.FirefoxProfile;
import org.core.helpers.SeleniumHelpers;
import org.core.settings.GlobalSettings;

public class BasicAthentication {

    public String className                 = BasicAthentication.class.getName();
    public GlobalSettings globalSettings    = new GlobalSettings();
    public Logger log;
    public SeleniumHelpers selHelpers;

    public FirefoxDriver driver;
    public FirefoxProfile ffProfile         = new FirefoxProfile();

    public String URL                       = new String("browserspy.dk/password-ok.php");
    public String username                  = new String("test");
    public String password                  = new String("test");

    public BasicAthentication() {
    }

    public static void main(String args[]) {
        BasicAthentication basic    = new BasicAthentication();
        basic.webDriverVersion();
    }

    public void webDriverVersion() {

        this.log                = Logger.getLogger(this.className);
        DOMConfigurator.configure(this.globalSettings.getDomConfig());

        try {

            /* preferences */
            this.ffProfile.setPreference("network.automatic-ntlm-auth.trusted-uris", this.URL);
            /* driver */
            this.driver         = new FirefoxDriver(ffProfile);
            this.driver.manage().timeouts().implicitlyWait(this.globalSettings.getWaitTime(),
TimeUnit.SECONDS);
            this.driver.manage().window().maximize();
            /* helpers */
            this.selHelpers     = new SeleniumHelpers(this.driver, this.log, this.className);
            /* go to url */
            this.driver.navigate().to("http://" + this.username + ":" + this.password + "@"
+ this.URL);
            /* screenshot */
            this.selHelpers.screenPrint();
            /* sleep */
            Thread.sleep(5000);     

        } catch (Exception e) {
            log.error("got error", e);
        } finally {
            if (driver != null) {
                driver.quit();
            }
        }
    }
}

Reported by otwoblue on 2014-03-27 04:25:03

Owner

lukeis commented Mar 2, 2016


0
down vote
Hi, i'm using this and it's working for me.

public void login(String username, String password){
        WebDriver driver = getDriver();
        String URL = "http://" + username + ":" + password + "@" + "link";
        driver.get(URL);
        driver.manage().window().maximize();
    }

Reported by holaszkati on 2014-07-28 11:36:09

Owner

lukeis commented Mar 2, 2016

Comment #89, #90 and other which mention the workaround that first appeared in comment
#5 and everyone is very likely to be aware of already - using fancy browser features
is not the same thing as testing the authentication dialog that real users will see
- also IE7+ deliberately doesn't support user:pass@my.page syntax http://support.microsoft.com/default.aspx?scid=kb;[LN];834489

I have no idea what is the business case to create automated TESTS of web pages without
being able to test them in Internet Explorer (I know there are workarounds for that
too, to use a proxy server, but this bug is about not having to use workarounds for
such a basic task).

Reported by Peter.Hozak on 2014-07-28 11:59:45

Owner

lukeis commented Mar 2, 2016

The link given in #91 also gives details of how to enable use of the workaround in IE,
which allows you to test your site and your authentication but not the authentication
dialogue box.

Reported by David.R.Bisset on 2014-08-25 13:47:03

Owner

lukeis commented Mar 2, 2016

How to handle chrome authentication pop up using Webdriver any one please

Reported by rajeshchevronne on 2014-09-06 12:23:20

Owner

lukeis commented Mar 2, 2016

"driver.get(http://username:password@www.basicauthprotected.com/);"

this works for chromeDriver as well.

Reported by jason.smiley@1stdibs.com on 2014-10-03 19:10:26

Owner

lukeis commented Mar 2, 2016

for firefox and chrome this is working to me: 

  webDriver->get("http://username:password@domain");

but not for Internet Explorer, any idea on how to login in the Authoritation Required
popup subwindow? 

Has anyone an example with webDriver->getWindowHandles(); in phpwebdriver that works?




Reported by alejandro.zambrano@tecnilogica.com on 2014-10-08 17:01:14

Owner

lukeis commented Mar 2, 2016

for firefox and chrome this is working to me: 

  webDriver->get("http://username:password@domain");

but not for Internet Explorer, any idea on how to login in the Authoritation Required
popup subwindow? 

Has anyone an example with webDriver->getWindowHandles(); in phpwebdriver that works?




Reported by alejandro.zambrano@tecnilogica.com on 2014-10-09 11:45:47

Owner

lukeis commented Mar 2, 2016

For Chrome, I resolve this issue (Basic HTTP Authentication) by adding a plugin on the
fly wich resolve the problem.

I explain my logic here : https://github.com/RobinDev/Selenium-Chrome-HTTP-Private-Proxy.
With some customization on the js function callbackFn(details) in the plugin, it can
be adapt to a lot of test needed one.

But maybe, if we can access to `chrome.webRequest.onAuthRequired.addListener`configuration
problem, it will solve the problem directly from webDriver.

Reported by onrobindev on 2014-11-16 11:02:39

Owner

lukeis commented Mar 2, 2016

For chrome NTLM authentication, http://stackoverflow.com/a/28048163/351708

Reported by rohitkandhal on 2015-01-20 16:06:32

Owner

lukeis commented Mar 2, 2016

Follow-up: https://github.com/SeleniumHQ/selenium/issues/453

Reported by kenorb on 2015-05-04 19:59:02

Owner

lukeis commented Mar 2, 2016

Reported by luke.semerau on 2015-09-17 17:44:23

  • Labels added: Restrict-AddIssueComment-Commit

@lukeis lukeis locked and limited conversation to collaborators Mar 3, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.