Best Practice: Handling Authentication

  • 18 May 2021
  • 0 replies
  • 679 views

Userlevel 1
Badge +1

 

There are several ways to handle authentication and security dialogs during testing. You might, for example, need to log a user in, or bypass a browser warning. The topics in this section cover cookie injection with Selenium, basic HTTP authentication, and other options.

Basic HTTP Authentication

asic HTTP authentication supplies a username and password via URL, such as https://admin:admin@the-internet.herokuapp.com/basic_auth. This request sends the credentials in the standard HTTP "Authorization" header.

Because browser support for basic HTTP authentication is limited, we recommend Injecting Cookies to Bypass Authentication Dialogs and Running an AutoIt Script as a Pre-run Executable to Handle Windows Security Authentication Dialogs as solutions for authentication while testing.

Browser

HTTP Authentication Support

Chrome Supported
Firefox Supported, but Firefox will display a prompt asking you to confirm.
Safari Unsupported. See the Support KB article Setting Basic Authentication in Safari with a Pre-Run Executable for an example of how you can handle this situation.
Internet Explorer Unsupported

 

Injecting Cookies to Bypass Authentication Dialogs

Authentication dialogs present a challenge for automated testing, because Selenium has no way to interact with them. One solution is to bypass authentication by injecting cookies, setting an authenticated state for the application or site you're testing.

You may need to make a change in the source code of the web app itself so that the cookie is acknowledged, but your tests will run without the need for user credentials.

The basic process to test with cookies is:

  1. Launch the browser on your Sauce Labs VM.

  2. Inject cookies using Selenium.

  3. Open the site / web app you want to test.

  4. Run your tests.

You must be on the same domain that the cookie is valid for in order for this to work.

If the homepage of the site you want to test takes a long time to load, you can try accessing a smaller page (like the 404 page) where you can inject the cookie before accessing the homepage.

  • You must be on the same domain that the cookie is valid for in order for this to work.
  • If the homepage of the site you want to test takes a long time to load, you can try accessing a smaller page (like the 404 page) where you can inject the cookie before accessing the homepage.

Code Sample

You can find additional examples for Java, Python, Ruby, and Perl on the official Selenium Commands and Operations page.

# prereq: Sauce username and accesskey set as environment variables
# i.e. export SAUCE_USERNAME=YOUR_USERNAME
# export SAUCE_ACCESS_KEY=YOUR_ACCESS_KEY

require 'selenium-webdriver'

url = "http://#{ENV['SAUCE_USERNAME']}:#{ENV['SAUCE_ACCESS_KEY']}@ondemand.saucelabs.com:80/wd/hub".strip

browser = Selenium::WebDriver.for(:remote, :url => url,
:desired_capabilities => {
:browserName => 'firefox',
:version => '40',
:platform => 'Windows 7'
})

browser.manage.add_cookie({
:name => 'CookieName',
:value => 'CookieValue',
:path => '/',
:secure => false

})

puts "Printing out cookies : #{browser.manage.all_cookies}"

# go to URL / app where authentication was needed / prompted.
# i.e.
# browser.get 'http://yourwebsite.com'
# ...
browser.quit

 


0 replies

Be the first to reply!

Reply