简体繁体 English

使用NTLM身份验证进行压力测试

[英]Stress Testing with NTLM Authentication

原文 2009-10-15 06:56:43 8 3 authentication/ testing/ ntlm

Looking for an open source web testing tool that can do Windows Authentication. 寻找可以进行Windows身份验证的开源Web测试工具。

I've used openSTA and Pylot in very small amounts but found neither to do windows. 我已经使用了很少量的openSTA和Pylot，但发现它们都没有做窗户。 openSTA says you can do NTLM here: http://www.opensta.org/docs/sclref/build-auth-blob.htm openSTA说你可以在这里做NTLM： http ： //www.opensta.org/docs/sclref/build-auth-blob.htm

I could not get it working - probably due to some config on the network or maybe my own mistake. 我无法让它工作 - 可能是由于网络上的一些配置或者我自己的错误。

3 个解决方案

It would be a shame to limit your testing tool due to a matter of authentication. 由于身份验证问题，限制您的测试工具将是一种耻辱。 It is more practical to turn off NTLM / Windows Auth during stress testing. 在压力测试期间关闭NTLM / Windows Auth更实用。 We have done this by adding a configuration parameter that allows the user name to be passed via URL only when configured in a stress / load testing environment. 我们通过添加配置参数来完成此操作，该参数仅允许在压力/负载测试环境中配置时通过URL传递用户名。 This causes a behavior change in exactly one place where we load and cache the current user. 这会导致我们加载和缓存当前用户的一个地方的行为更改。 And it works with virtually any testing tool. 它几乎适用于任何测试工具。

If you are testing an ASP.NET app, it is a matter of creating your own user principal and assigning it to the HttpContext.Current.User. 如果您正在测试ASP.NET应用程序，则需要创建自己的用户主体并将其分配给HttpContext.Current.User。 A good place to do this is in the AuthenticateRequest event of an HttpModule or Membership Provider that you configure in only in the stress testing environment. 执行此操作的好地方是在仅在压力测试环境中配置的HttpModule或成员资格提供程序的AuthenticateRequest事件中。

There is not much downside to this technique. 这种技术没有多少缺点。 This operates under the assumption that Windows authentication is relatively cheap and relatively small compared to the performance of the overall application. 这是在假设Windows身份验证相对便宜且与整个应用程序的性能相比相对较小的情况下运行的。 We have enjoyed a high confidence in our stress test results without it. 没有它我们对压力测试结果很有信心。 The one caveat here is that IE will do a challenge/response with NTLM, so while it is not a perfect test, it is a very good test. 这里需要注意的是，IE将使用NTLM进行挑战/响应，因此虽然它不是一个完美的测试，但它是一个非常好的测试。 And the perfect is the enemy of the good. 而完美是善的敌人。

Maybe I am missing something about Windows Authentication, but I think that Selenium should be able to do that. 也许我错过了一些关于Windows身份验证的内容，但我认为Selenium应该能够做到这一点。 Have you tried? 你有没有尝试过？

You could try out the Grinder project: NTLM support is a bit tricky but there are some details here: 您可以尝试Grinder项目：NTLM支持有点棘手，但这里有一些细节：

http://grinder.sourceforge.net/faq.html#spnego (embedd link now dead - see comment from CruiZen) http://grinder.sourceforge.net/faq.html#spnego （嵌入链接现已死亡 - 请参阅CruiZen的评论）

or 要么

http://bb10.com/java-grinder-user/2007-08/ http://bb10.com/java-grinder-user/2007-08/