堆栈内存溢出
  简体   繁体   English

Secure Webservice(NTLM) - Jmeter

[英]Secure Webservice (NTLM) - Jmeter

 原文  2010-06-28 06:15:52       authentication/ web-services/ ntlm/ jmeter

问题描述

I am trying to test a web service with Jmeter. 我正在尝试使用Jmeter测试Web服务。 The web service is protected with NTLM authentication(windows).I can able to load WSDL using WebService(SOAP) Request sampler. Web服务受NTLM身份验证(windows)保护。我可以使用WebService(SOAP) Request采样器加载WSDL。 Currently it works only when I use proxy server with BurpSuit mentioned in this SO answer (Instead of SOUP UI, I'm using Jmeter with BurpSuite). 目前它只适用于我在本SO答案中提到的BurpSuit使用代理服务器(而不是SOUP UI,我使用Jmeter和BurpSuite)。

But Instead of using a proxy server,I would like to use a web service directly in Jmeter with NTLM authentication.I've already tried HTTP Authentication Manager with ntlm authentication. 但是我不想使用代理服务器,而是想在Jmeter中使用NTLM身份验证直接使用Web服务。我已经尝试过使用ntlm身份验证的HTTP Authentication Manager But still it gives 401 Authorization Required in a response 但它仍然在响应中提供401 Authorization Required

Thanks for the help. 谢谢您的帮助。

Sampler result. 取样器结果。 

Thread Name: WebSVC 1-1
Sample Start: 2010-06-28 13:54:08 IST
Load time: 752
Latency: 0
Size in bytes: 401
Sample Count: 1
Error Count: 0
Response code: 200
Response message: OK

Response headers:
Date=Mon, 28 Jun 2010 08:24:08 GMT
Server=Apache/2.2.9 (Unix) DAV/2 mod_jk/1.2.26
Connection=close
WWW-Authenticate=NTLM


SampleResult fields:
ContentType: text/html; charset=iso-8859-1
DataEncoding: iso-8859-1

and Response 和回应 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

3 个解决方案

解决方案1
 3 已采纳  2010-07-09 06:58:54

我设法使用SOAP/XML-RPC Request Sampler并启用了Use keepAlive选项(Ofcourse借助HTTP Authentication Manager

解决方案2
 2  2012-07-26 12:24:34

You can add your security parameters to the header. 您可以将安全参数添加到标头中。 

 <soapenv:Header>  <wsse:Security soapenv:mustUnderstand="1" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
         <wsse:UsernameToken> 
            <wsse:Username>USERNAME_PARAM</wsse:Username> 
            <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD_PARAM</wsse:Password> 
         </wsse:UsernameToken> 
      </wsse:Security>

解决方案3
 0  2010-07-08 21:28:54

In the HTTP Authorization manager, are you supplying a value for the "Base URL" field? 在HTTP授权管理器中,您是否为“基本URL”字段提供值?
If so, is it in the form: https ://${soap_domain} (note the secure http). 如果是,请使用以下格式: https :// $ {soap_domain}(请注意安全的http)。

I had the authorization fail issue plague me for a while, but found a quick work-around was to leave the base url field empty and supply only the username and password. 我的授权失败问题困扰了我一段时间,但发现一个快速的解决方法是将基本URL字段留空并仅提供用户名和密码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过基于令牌的身份验证来保护Rest Web服务? - How to secure the Rest webservice by token based authentication? Windows Server 2008 R2 上的 Windows 身份验证 (NTLM) 对于 Sharepoint 2010 是否安全? - Is Windows Authentication (NTLM) on Windows Server 2008 R2 secure for Sharepoint 2010? 安全的Web服务(WCF),无需在使用者应用程序上存储凭据 - Secure Webservice (WCF) without storing credentials on consumer application 我能够将用户名和密码传递给Web服务,但这不是我需要防止未经授权的用户访问的方式 - I was able to pass username and password to webservice, but its not the way i need to secure from unauthorized user NTLM身份验证Java - NTLM authentication java NTLM身份验证Xcode - NTLM Authentication Xcode Android应用中的NTLM身份验证 - NTLM authentication in Android app WCF / basicHttp和NTLM身份验证 - WCF/basicHttp and NTLM authentication 在Firefox上启用NTLM无效 - Enabling NTLM on firefox not working Swift 3 NTLM身份验证 - Swift 3 NTLM authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM