JMeter Basic Authentication

I am trying to imply the basic authentication process for a web service using JMeter. But everytime it throws out an error 401:Unauthorized. I tried using the HTTP Header manager to add a header Authorization and value to it. Still it does not work. I have also tried using the HTTP Authorization manager. Still no luck. Can someone help.

I've found through debugging requests coming in from JMeter that the HTTP Authorization Manager module doesn't encode the username and password correctly. It puts a newline character after the username.

To run a JMeter test against a Basic Auth protected endpoint, include the HTTP Header Manager and add the Basic Auth header yourself:

Manually Encoding Credentials

• From MacOS or Linux:

  echo -n "username:password" | base64

• From Windows:

  Go here and encode your "username:password" string

Adding the Authorization Header

In the HTTP Header Manager, add an entry with the name "Authorization" and the value "Basic [encoded credentials from above]"

Edit 19 august 2017 for JMeter 3.2:

• Use answer https://stackoverflow.com/a/12563623/460802

Basically to bypass a Basic Authorization you need to add the Authorization header with the value Basic base64(username:password). The problem is that JMeter has no base64 function embedded.

The solution is :

Step1 Add BeanShell PreProcessor (PreProcessor --> BeanShell Preprocessor)

Step2 Add the following script to the PreProcessor

import org.apache.commons.codec.binary.Base64;
byte[] encodedUsernamePassword = Base64.encodeBase64("neo4j:1234".getBytes());
vars.put("base64HeaderValue",new String(encodedUsernamePassword));

Step3 Add HTTP Header Manager

Step4 Add Authorization header with correct value

header name Authorization
header value Basic ${base64HeaderValue} (base64HeaderValue variable is initialized by the BeanShell Preprocessor)

So in the end when you create a http request Authorization header will be passed to the server with base64 encoded string

Do the following:

• 1/ Configure HTTP Authorization Manager correctly with all required fields

• 2/ Option 1 : Using HTTP 4 : (default)

• it is possible since JMeter 3.2 without any further configuration using Authorization Manager

Option 2 : Using HTTP 3.1 : (deprecated)

• in jmeter.properties , uncomment:

    httpclient.parameters.file=httpclient.parameters
  

• in httpclient.parameters, uncomment:

    http.authentication.preemptive$Boolean=true
  

If you're looking to learn JMeter, this book by 3 developers of the project will help you

Make sure to provide a protocol for the base URL, i.e.: "http://localhost" instead of "localhost"

Like Ryan T said, in the HTTP Header Manager, add an entry with the name "Authorization" and the value "Basic [encoded credentials from above]" but without [].

If you get Response code as 401, then add "HTTP Authorization manager" Config Element

I am using Jmeter 3.3

GO to Jmeter on User choose add then HTTP Authorization Manager

Then add ur url , userid,password

If response type is json then add HTTP Header manager

Adding a slight variation of @yurko which uses the username & password from User defined variables. (for Jmeter prior to 3.2)

import org.apache.commons.codec.binary.Base64;
String username = vars.get("USERNAME");
String password = vars.get("PASSWORD");
String combineduserpass = username + ":" + password;
byte[] encodedUsernamePassword = Base64.encodeBase64(combineduserpass.getBytes());
vars.put("base64HeaderValue",new String(encodedUsernamePassword));

In reference to the first answer above, the incorrect encoding problem you mention must be now fixed, as Apache 3.1 does appear to encode the username:password correctly in HTTP Auth Manager

You can easily use JSON Extractor for authentication inside the auth request to store the token in a variable, then you will just need to use it whenever the token is needed, in order to use that you will need an HTTP header manager using that variable you can follow the screenshots for clear instructions.

JSON Extractor configuration: HTTP header manager configuration:

Updating good findings from your 2013 answers:

The HTTP4 option also works under current Jmeter version 2.13 after adding HTTP Header Manager row containing:

name="Authorization", value="Basic [base64-encoded user/password string]"

Verified on current host amazon linux having reverse proxy from apache 2.4 to tomcat8; tomcat8 recognized the user credentials instead of throwing 401 status.