Providing Authentication Information for Multi-Protocol Scripts

When recording a Web session that uses NTLM authentication, your server may require you to enter details such as a user name and password.

How Internet Explorer authenticates users

Initially, IE (Internet Explorer) tries to use the NT authentication information of the current user:

  • If IE succeeds in logging in using this information and you record a script—then, at the end of the recording VuGen prompts you to enter a password. VuGen retrieves the user name and domain information automatically. If necessary, you can also edit the user name in the Web Recorder NTLM authentication dialog box.

  • If IE is unable to log in with the current user's information, it prompts you to enter a user name and password using the standard browser authentication dialog box.

Back to top

Generating a web_set_user function

When performing NTLM authentication, VuGen adds a web_set_user function to the script.

  • If authentication succeeds, VuGen generates a web_set_user function with your user name, masked password, and host.

    web_set_user("domain1\\dashwood", 
              lr_unmask("4042e3e7c8bbbcfde0f737f91f"),
             "sussex:8080");
  • If you cancel the Web Recorder NTLM Authentication dialog box without entering information, VuGen generates a web_set_user function for you to edit manually.

    web_set_user("domain1\\dashwood, 
            "Enter NTLM Password Here", 
            "sussex:8080");
    

    If you enter a password manually, it will appear in the script as-is, presenting a security issue.

    To mask a password:

    Right-click the password and select Mask String. VuGen masks the string and generates an lr_unmask function, used to decode the password during replay. For more information about masking strings, see Encoding Passwords and Text.

Back to top