Blog
April 14, 2021
Occasionally, you’ll need to test URLs that can sometimes be restricted from anonymous visits. The types and resources can vary from corporate libraries and knowledge bases to targeted forums or others. All tend to have limited or restricted access.
For instance, if you download something from an FTP server, you would encounter the "gatekeeper" screen shown below. This pop-up window is generated by a browser when the server requires a username/password. The frame will vary from browser to browser (e.g. Mozilla Firefox, Apple Safari, or Microsoft Internet Explorer), but regardless, a username/password is required to access what are often some basic resources.
This type of instance is when HTTP basic authentication will come into play. This blog will share insights into how to use HTTP basic authentication when running tests in JMeter.
What is HTTP Basic Authentication?
HTTP Basic Authentication (BA) is the simplest technique for enforcing access controls to web resources because it doesn't require cookies, a session identifier, or login pages.
However, you need a strategy for such situations while executing performance tests. Let's see how to do this using a local installation of phpmyadmin. (This web application helps manage MySQL databases without writing SQL queries.)
🚀Try BlazeMeter today for JMeter testing at scale >>
*NOTE: by default, phpmyadmin uses the login screen.
The referenced media source is missing and needs to be re-embedded.
To change this behavior and use basic authentication, change config.inc.php (for Linux, it is placed in /etc/phpmyadmin). Find the following string in it:
$cfg['Servers'][$i]['auth_type'] = 'cookie';
and edit it to the following:
$cfg['Servers'][$i]['auth_type'] = 'http';
HTTP Basic Authentication in JMeter
Ok. Now look at JMeter. Among other elements, you have the HTTP Authorization Manager. The Authorization Manager lets you specify one or more user logins to Web pages that are restricted using server authentication. You see this style of authentication when you attempt to access a restricted page, and your browser displays a login dialog box. JMeter transmits the login information when it encounters this type of page.
NOTE: Authorization headers are not shown in the View Results Tree Listener, so you won't be able to check their values from the test script.
Before diving into the details, here’s a quick overview of the test script:
Now, let's check out the HTTP Authorization Manager. Which fields does it have?
Three fields should be taken care of in this example:
- The Base URL – the link to the resource we want to access.
- Username and password – they should be defined.
- The HTTP Authorization Manager is disabled during the first run.
Since we’ve configured it properly, the system does not provide access to the resources.
Now, let's see how it works when the HTTP Authorization Manager is enabled.
In this scenario, the server has given us authorization and JMeter has received the HTML as a response.
Back to topHow the BlazeMeter Load Testing Cloud Complements and Strengthens JMeter
While JMeter represents a strong and compelling way to perform load testing, of course, it's recommended to supplement that tool with BlazeMeter, which lets you simulate up to millions of users in a single developer-friendly, self-service platform. With BlazeMeter, you can test the performance of any mobile app, website, or API in under 10 minutes. Here’s why we think the BlazeMeter/JMeter combination is attractive to developers:
- Simple Scalability – It’s easy to create large-scale JMeter tests. You can run far larger loads far more easily with BlazeMeter than you could with an in-house lab.
- Rapid-Start Deployment – BlazeMeter’s recorder helps you get started with JMeter right away, and BlazeMeter also provides complete tutorials and tips.
- Web-Based Interactive Reports – You can easily share results across distributed teams and overcome the limitations of JMeter’s standalone UI.
- Built-In Intelligence – BlazeMeter provides on-demand geographic distribution of load generation, including built-in CDN-aware testing.
Related Resources: