how to impersonate a windows domain user for automated web testing?

Question

we are about to build several UI test with selenium-rc and the java client

the app itself is a classic asp web application that uses integrated security to retrieve the user's permissions from a database, and then, according to those permissions, displays a menu with the appropiate options.

we'd like to automate that test, something like

if the logged user is domain/user_test then optionx shoulb be enabled ...

is there some way to programatically impersonate a domain account, so that selenimum-rc, at the server, could "run" the browser with a specified user?

or should I hack a way around so as to pass the user to the app by (for example) the querystring?

how do you handle these kind of tests?

thanks a lot...

Answer 1

You could always use 'RunAs' option to run the browser under different user accounts. If impersonation is enabled on ASP then this is the account the ASP process will run under. This impersonated account should also work with your database since you have integrated security enabled. However, be warned about the classic double hop issue on Windows.

Answer 2

You are validating a user's permissions based on some looked up record and producing a menu for that user.

The following seems to fit....

1. IIS has the role of Identifying the user to the application based upon the authentication.
2. IIS will either identify the user as a KNOWN user or an UNKNOWN user.
3. If the IIS machine is in a domain, the KNOWN users will include both DOMAIN and LOCAL user accounts.

Technically, to your web app, there is no difference between a LOCAL and a DOMAIN user. (unless there are other details not mentioned). You could verify proper operation by defining a local user (or domain user) for each test case and testing each user. It might be easier to test against local users.

To Identify the user, forward your credentials in the url:

http://username:password@hostname/website

Please note that security updates have killed this functionality in IE as of 832894. According to MS: By default, versions of Windows Internet Explorer that were released starting with the release of security update 832894 do not support handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs. The following URL syntax is not supported in Internet Explorer or in Windows Explorer: http(s)://username:password@server/resource.ext

If your are married to IE, you may have to initiate with RUNAS (as mentioned above) and set autoauthentication on.

If you are using FF or OPERA you are OK as long as you configure the IIS website directory security to allow 'Basic authentication'.