Reputation: 306
Cannot authorize to WCF Basic Authentication Web Service from JMeter
I am using JMeter to run tests to a WCF Web Service with Basic Auth, the service is working and credentials are correct (I run them successfully from SOAPUI).
From all my research I have configured both the 'HTTP Header Manager' and 'HTTP Basic Authentication' and I cannot see anything wrong with my actual HTTP header when submitting:
What I have done so far:
- Verified that credentials are correct by decoding the base64 string
- Enabled 'serviceSecurityAudit' on the service itself resulting in the following application error:
After some manipulation of the SOAPAction I aligned it to the SOAPUI that works but the JMeter basic auth still fails:
The HTTP response is below but it is standard (I get this from SOAPUI when I intentionally type in wrong credentials)
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><s:Fault><faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode><faultstring xml:lang="en-ZA">An error occurred when verifying security for the message.</faultstring></s:Fault></s:Body></s:Envelope>
I have include the binding configuration below it uses standard basicHttpsBinding's (not wsHttpBinding):
<service name="PayM8.Axis.PaymentsService.V1.HyperLink.HyperLinkService">
<endpoint address="" binding="basicHttpsBinding" bindingConfiguration="DefaultHttpsBinding"
contract="PayM8.Axis.PaymentsService.V1.HyperLink.IHyperLinkService"/>
</service>
<basicHttpsBinding>
<binding name="DefaultHttpsBinding" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpsBinding>
Any idea's what might be wrong with my JMeter Basic Authentication HTTP request?
Upvotes: 0
Views: 766
Answers (2)
Reputation: 306
In short as Dmitri mentioned we are using WS Security, this is enabled when you configure the security mode like below (both under BasicHttpBindings and wsHttpBinding)
<security mode="TransportWithMessageCredential">
Usually basic authentication make use of the HTTP Header adding the below:
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
When using WS Security however the username and password is included in the SOAP payload itself. When I added the object inside in the HTTP Body data in the JMeter HTTP Request it works fine.
Helpful tools, if you don't want to figure out the content of the wsse:security object I suggest sending it off using SOAPUI and then grabbing the formatted object from the SOAPUI logs. Remember to set the WSS-Password Type to PasswordText.
Upvotes: 0
Reputation: 168122
Web Services may have different authentication types, the error you're getting is about missing or incorrect WS-Security header.
There are multiple ways of adding the header to the request, you could try using JMeterSoapPlugin which has some authentication types support.
You could also take a look at Take the Pain out of Load Testing Secure Web Services to see how to bypass different types of web service authentication.
Upvotes: 1
Related Questions
- How to test a WCF Webservice with JMeter?
- WCF endpoint is not being reached using jMeter 3.3
- How to call WCF Service using JMeter?
- SOAP request through JMeter with authentication
- Cannot Get WCF Basic authentication to authenticate user
- WCF service authentication fails
- Can not call web service with basic authentication using WCF
- calling WCF services using SOAP
- WCF webservice - can't use it in production
- Why would Basic Auth not work with my WCF client to Java SOAP Web Service?