When recording a web session that uses NTLM authentication, your server may require you to enter details such as a user name and password.
How Internet Explorer authenticates users
Initially, IE (Internet Explorer) tries to use the NT authentication information of the current user:
If IE succeeds in logging in using this information and you record a script—then, at the end of the recording VuGen prompts you to enter a password. VuGen retrieves the user name and domain information automatically. If necessary, you can also edit the user name in the Web Recorder NTLM authentication dialog box.
If IE is unable to log in with the current user's information, it prompts you to enter a user name and password using the standard browser authentication dialog box.
Generating a web_set_user function
When performing NTLM authentication, VuGen adds a web_set_user function to the script.
If authentication succeeds, VuGen generates a web_set_user function with your user name, masked password, and host.
If you cancel the Web Recorder NTLM Authentication dialog box without entering information, VuGen generates a web_set_user function for you to edit manually.
web_set_user("domain1\\dashwood, "Enter NTLM Password Here", "sussex:8080");
If you enter a password manually, it will appear in the script as-is, presenting a security issue.
To mask a password:
Right-click the password and select Mask String. VuGen masks the string and generates an lr_unmask function, used to decode the password during replay. For more information about masking strings, see Encoding Passwords and Text.