How to Use HTTP Basic Authentication in JMeter
April 14, 2021

How to Use HTTP Basic Authentication in JMeter

Open Source Automation
Occasionally, you’ll need to test URLs that can sometimes be restricted from anonymous visits. The types and resources can vary from corporate libraries and knowledge bases to targeted forums or others. All tend to have limited or restricted access.
For instance, if you download something from an FTP server, you would encounter the "gatekeeper" screen shown below. This pop-up window is generated by a browser when the server requires a username/password. The frame will vary from browser to browser (e.g. Mozilla Firefox, Apple Safari, or Microsoft Internet Explorer), but regardless, a username/password is required to access what are often some basic resources.
This type of instance is when HTTP basic authentication will come into play. This blog will share insights into how to use HTTP basic authentication when running tests in JMeter. 
Back to top

What is HTTP Basic Authentication?

HTTP Basic Authentication (BA) is the simplest technique for enforcing access controls to web resources because it doesn't require cookies, a session identifier, or login pages.

However, you need a strategy for such situations while executing performance tests. Let's see how to do this using a local installation of phpmyadmin. (This web application helps manage MySQL databases without writing SQL queries.)

🚀Try BlazeMeter today for JMeter testing at scale >>

*NOTE: by default, phpmyadmin uses the login screen.
phpmyadmin installation
To change this behavior and use basic authentication, change (for Linux, it is placed in /etc/phpmyadmin). Find the following string in it:
$cfg['Servers'][$i]['auth_type'] = 'cookie'; 


and edit it to the following:
$cfg['Servers'][$i]['auth_type'] = 'http';


Back to top

HTTP Basic Authentication in JMeter

Ok. Now look at JMeter.  Among other elements, you have the HTTP Authorization Manager. The Authorization Manager lets you specify one or more user logins to Web pages that are restricted using server authentication. You see this style of authentication when you attempt to access a restricted page, and your browser displays a login dialog box. JMeter transmits the login information when it encounters this type of page.

NOTE: Authorization headers are not shown in the View Results Tree Listener, so you won't be able to check their values from the test script.

Before diving into the details, here’s a quick overview of the test script:
view results tree
Now, let's check out the HTTP Authorization Manager. Which fields does it have?
JMeter HTTP Authorization Manager
Three fields should be taken care of in this example:
  • The Base URL – the link to the resource we want to access.
  • Username and password – they should be defined.
  • The HTTP Authorization Manager is disabled during the first run.
JMeter HTTP Authorization Manager: Fields
Since we’ve configured it properly, the system does not provide access to the resources.
Now, let's see how it works when the HTTP Authorization Manager is enabled.
HTTP Authorization Manager enabled on JMeter

In this scenario, the server has given us authorization and JMeter has received the HTML as a response.

Back to top

How the BlazeMeter Load Testing Cloud Complements and Strengthens JMeter

While JMeter represents a strong and compelling way to perform load testing, of course, it's recommended to supplement that tool with BlazeMeter, which lets you simulate up to millions of users in a single developer-friendly, self-service platform.  With BlazeMeter, you can test the performance of any mobile app, website, or API in under 10 minutes.  Here’s why we think the BlazeMeter/JMeter combination is attractive to developers:

  • Simple Scalability – It’s easy to create large-scale JMeter tests. You can run far larger loads far more easily with BlazeMeter than you could with an in-house lab.
  • Rapid-Start Deployment – BlazeMeter’s recorder helps you get started with JMeter right away, and BlazeMeter also provides complete tutorials and tips.
  • Web-Based Interactive Reports – You can easily share results across distributed teams and overcome the limitations of JMeter’s standalone UI.
  • Built-In Intelligence – BlazeMeter provides on-demand geographic distribution of load generation, including built-in CDN-aware testing.

BlazeMeter results

Start Testing Now


Related Resources: 

Back to top