Selenium: There is no way of Basic Authenticate in cases when username and password are not supported in urls
Meta -
OS: ALL
Selenium Version: 3.4 and above
Browser: ALL
When the webpage as target of a test case requires BasicAuth to be able to access the website, there is no way to pass this by simply handling the Alert window.
Currently passing the UserName and Password inside the url only works with Chrome, Firefox, IE11.
Safari 11 and Edge browsers are not supporting this way.
Expected Behavior -
Maybe the best would be if we would be able to communicate with the Alert popup directly through the Alert interface. Then it could be standardised across all the browsers.
Actual Behavior -
Currently we have the sendKeys method which is only sending string to the username field, and there is no way AFAIK to switch over to the password field.
Steps to reproduce -
- Open a site that requires BasicAuth using:
Safari
Edge
Chrome
Firefox
IE11 - Try to fill out the fields of the Alert popup through the Alert interface.
DavidGangel
All 2 comments
@DavidGangel In general, Basic Auth handling is considered "out of scope" for webdriver proper. That said, I've had to deal with cross-browser Basic Auth challenges for a very long time. I've used the URL approach, as well as 3rd party tools such as AutoIt. Over time these approaches have degraded.
I've researched using other approaches such as Java's Robot, Sikuli, AppleScript, browser specific plugins, etc. All have had there drawbacks/limitations.
Recently I incorporated BrowserMob-Proxy (man-in-the-middle approach), embedded in my Java code that starts my Selenium Grid nodes. I created a servlet, registered/configured as part of the node, and my client bindings (where the DesiredCapabilites/RemoteWebDriver get created) can call this servlet to start the BMP, passing it chained-proxy information, if needed. In my teardown (where webdriver.quit() is called), I again call the servlet to stop the BMP.
Not only does that allow me to handle proxy-server based Basic Auth challenges, it allows me to filter HTTP requests and set the Authorization header for application based Basic Auth challenges.
This completely removes the browser from the equation and so far has proven to work extremely well. I wish I had done this a few years ago. You should give it a look.
schmidtkp
on 14 Mar 2018
You can keep an eye on WebDriver spec bug in https://github.com/w3c/webdriver/issues/385.
p0deje
on 14 Mar 2018
Related issues
Toilal
路
4Comments
jasonfb
路
3Comments
elaich
路
4Comments
austinrr
路
4Comments
ghost
路
4Comments
Most helpful comment
@DavidGangel In general, Basic Auth handling is considered "out of scope" for webdriver proper. That said, I've had to deal with cross-browser Basic Auth challenges for a very long time. I've used the URL approach, as well as 3rd party tools such as AutoIt. Over time these approaches have degraded.
I've researched using other approaches such as Java's Robot, Sikuli, AppleScript, browser specific plugins, etc. All have had there drawbacks/limitations.
Recently I incorporated BrowserMob-Proxy (man-in-the-middle approach), embedded in my Java code that starts my Selenium Grid nodes. I created a servlet, registered/configured as part of the node, and my client bindings (where the DesiredCapabilites/RemoteWebDriver get created) can call this servlet to start the BMP, passing it chained-proxy information, if needed. In my teardown (where webdriver.quit() is called), I again call the servlet to stop the BMP.
Not only does that allow me to handle proxy-server based Basic Auth challenges, it allows me to filter HTTP requests and set the Authorization header for application based Basic Auth challenges.
This completely removes the browser from the equation and so far has proven to work extremely well. I wish I had done this a few years ago. You should give it a look.