Secure Webservice (NTLM) - Jmeter

问题

I am trying to test a web service with Jmeter. The web service is protected with NTLM authentication(windows).I can able to load WSDL using WebService(SOAP) Request sampler. Currently it works only when I use proxy server with BurpSuit mentioned in this SO answer(Instead of SOUP UI, I'm using Jmeter with BurpSuite).

But Instead of using a proxy server,I would like to use a web service directly in Jmeter with NTLM authentication.I've already tried HTTP Authentication Manager with ntlm authentication. But still it gives 401 Authorization Required in a response

Thanks for the help.

Sampler result.

Thread Name: WebSVC 1-1
Sample Start: 2010-06-28 13:54:08 IST
Load time: 752
Latency: 0
Size in bytes: 401
Sample Count: 1
Error Count: 0
Response code: 200
Response message: OK

Response headers:
Date=Mon, 28 Jun 2010 08:24:08 GMT
Server=Apache/2.2.9 (Unix) DAV/2 mod_jk/1.2.26
Connection=close
WWW-Authenticate=NTLM


SampleResult fields:
ContentType: text/html; charset=iso-8859-1
DataEncoding: iso-8859-1

and Response

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

回答1:

I managed to get it worked using SOAP/XML-RPC Request Sampler with Use keepAlive option enabled( Ofcourse with the help of HTTP Authentication Manager.

回答2:

You can add your security parameters to the header.

 <soapenv:Header>  <wsse:Security soapenv:mustUnderstand="1" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
         <wsse:UsernameToken> 
            <wsse:Username>USERNAME_PARAM</wsse:Username> 
            <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD_PARAM</wsse:Password> 
         </wsse:UsernameToken> 
      </wsse:Security> 

回答3:

In the HTTP Authorization manager, are you supplying a value for the "Base URL" field?
If so, is it in the form: https://${soap_domain} (note the secure http).

I had the authorization fail issue plague me for a while, but found a quick work-around was to leave the base url field empty and supply only the username and password.

来源：https://stackoverflow.com/questions/3130415/secure-webservice-ntlm-jmeter