Stress Testing with NTLM Authentication

Looking for an open source web testing tool that can do Windows Authentication.

I've used openSTA and Pylot in very small amounts but found neither to do windows. openSTA says you can do NT开发者_高级运维LM here: http://www.opensta.org/docs/sclref/build-auth-blob.htm

I could not get it working - probably due to some config on the network or maybe my own mistake.

It would be a shame to limit your testing tool due to a matter of authentication. It is more practical to turn off NTLM / Windows Auth during stress testing. We have done this by adding a configuration parameter that allows the user name to be passed via URL only when configured in a stress / load testing environment. This causes a behavior change in exactly one place where we load and cache the current user. And it works with virtually any testing tool.

If you are testing an ASP.NET app, it is a matter of creating your own user principal and assigning it to the HttpContext.Current.User. A good place to do this is in the AuthenticateRequest event of an HttpModule or Membership Provider that you configure in only in the stress testing environment.

There is not much downside to this technique. This operates under the assumption that Windows authentication is relatively cheap and relatively small compared to the performance of the overall application. We have enjoyed a high confidence in our stress test results without it. The one caveat here is that IE will do a challenge/response with NTLM, so while it is not a perfect test, it is a very good test. And the perfect is the enemy of the good.

Maybe I am missing something about Windows Authentication, but I think that Selenium should be able to do that. Have you tried?

You could try out the Grinder project: NTLM support is a bit tricky but there are some details here:

http://grinder.sourceforge.net/faq.html#spnego (embedd link now dead - see comment from CruiZen)

or

http://bb10.com/java-grinder-user/2007-08/