HTTP Basic Auth via URL in Firefox does not work?

Question

I know that normally you can login to sites that require HTTP basic authentication with Selenium by passing the username and password in the URL, e.g.:

selenium.open("http://myusername:[email protected]/mypath");

I've been running a Selenium test with Firefox 2 or 3 and there I still get the "Authentication Required" dialog window?

Update: It seems not to be a Selenium problem but rather a Firefox issue. If I enter the URL manually within FF I'll get the authentication dialog, but if I enter the URL in Opera, my page is displayed without showing an authentication dialog.

Thanks for any hints!

Peter

Answer 1

Hi!

You could try to manipulate the headers directly like this:

First when you start, you have to enable Selenium ti manipulate headers: selenium.start("addCustomRequestHeader=true");

Then you have to use some basic encoding and header manipulation like this:

    String authHeader = "";
    try {
    BASE64Encoder coder = new BASE64Encoder();
    authHeader = coder.encode("developers:Str492ight".getBytes());
    }
    catch (Exception e)
    {
    e.printStackTrace();
    }
    setUpSelenium();
    startSelenium();
    selenium.addCustomRequestHeader("Authorization", "Basic " + authHeader);
    selenium.open("/");
    selenium.waitForPageToLoad("10000");

The space after Basic is necessary. This is how a basic HTTP authentication header looks like..

Further more you could use some Http Watchers to see if the request contains your auth request.

Either use Wireshark, or better is Fiddler or Charles Proxy.

Hope that helped. Gergely.

Answer 2

I have a solution for Firefox and Internet Explorer.

For Firefox, you need to go into about:config and create the integer network.http.phishy-userpass-length with a length of 255. This tells Firefox not to popup an authentication box if the username and password are less than 255 characters. You can now use http://user:[email protected] to authenticate.

For Internet Explorer, you must edit the registry. In the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, create the DWORD values iexplore.exe and explorer.exe and make sure their values are 0.

I had to override NTLM authentication aswell. To NTLM authenticate using the HTTP basic authentication syntax in Firefox, simply specify the domains being used in the Firefox config string network.automatic-ntlm-auth.trusted-uris (accompanying the first config option). This will work in IE with the registy edit alone.

Answer 3

Hello,

As mentioned, the addCustomRequestHeader solution can only work with proxy injection mode. But when I tried to implement it, I got into other issues related to that proxy injection mode.

It's not clear to me if proxy injection even work at all when using the Java client. Anytime I would call open(), I got a weird error stating: "this.onXhrStateChange.bind is not a function". The only solution I found implied that you need to add an extra parameter with the value 'true' to the open() method but the Java client API only accepts a single parameter.

So I had to settle for the browser config solutions explained above which I don't really feel comfortable with since they depend on the vendor's willingness to support them.

Porting your tests to Selenium 2 (still alpha as of now) might be a better prospect but in my case it won't be possible until Selenium Grid supports Selenium 2.

Hope that can help anyone, Sebastien