Getting 401.1 web response while testing Silverlight Application with fiddler

I need to stress-test a silverlight application which uses Windows a开发者_StackOverflow中文版uthentication mode. To achieve this task I am using the StressStimulus Fiddler addin.

What I am doing is to log in and doing some stuff like search etc. I captured the HTTP messages transferred in Fiddler and replayed them using the above mentioned tool.

However, when I replay the packages I always get a 401.1 Server responses.

I tried to use different Authorization approaches (NTLM and Negotiate) but I always get the same response message.

Fiddler seems to be properly configured. In the Fiddler options menun "Reuse client connection" is checked as well as "Reuse connection to server". I even raised the KeepAliveTimeout in the registry without any success.

Does anybody have an idea whats going wrong?

You can't replay authentications such as NTLM and Negotiate. One the most important features of any challange/response authentication is that it must not be replayable. Without this feature an attacker can monitor a successful authentication and then replay the same sequence to gain access to things they aren't entitled.