Reputation: 2008
Getting 401.1 web response while testing Silverlight Application with fiddler
I need to stress-test a silverlight application which uses Windows authentication mode. To achieve this task I am using the StressStimulus Fiddler addin.
What I am doing is to log in and doing some stuff like search etc. I captured the HTTP messages transferred in Fiddler and replayed them using the above mentioned tool.
However, when I replay the packages I always get a 401.1 Server responses.
I tried to use different Authorization approaches (NTLM and Negotiate) but I always get the same response message.
Fiddler seems to be properly configured. In the Fiddler options menun "Reuse client connection" is checked as well as "Reuse connection to server". I even raised the KeepAliveTimeout in the registry without any success.
Does anybody have an idea whats going wrong?
Upvotes: 2
Views: 358
Answers (1)
Reputation: 189495
You can't replay authentications such as NTLM and Negotiate. One the most important features of any challange/response authentication is that it must not be replayable. Without this feature an attacker can monitor a successful authentication and then replay the same sequence to gain access to things they aren't entitled.
Upvotes: 1
Related Questions
- Fiddler HTTP/1.1 401 Unauthorized
- Application works with fiddler ON and doesn't works without fiddler?
- 401.2 Invalid Authentication Headers - Fixed by Fiddler
- Fiddler Causes Error to Go Away
- Cross domain web request from silverligh4 application throws security exception
- NTLM v1 authentication only works with Fiddler2 not without
- How do I prevent an https response from throwing an AuthenticationException with Fiddler running?
- Silverlight HttpWebRequest SecurityException
- SecurityException from using HttpWebRequest cross-domain in Silverlight 4
- Silverlight WebRequest fails with "The URI prefix is not recognized"