Providing Authentication Information for Multi-Protocol Scripts

When recording a Web session that uses NTLM authentication, your server may require you to enter details such as a user name and password.

How Internet Explorer authenticates users

Initially, IE (Internet Explorer) tries to use the NT authentication information of the current user:

  • If IE succeeds in logging in using this information and you record a script—then, at the end of the recording VuGen prompts you to enter a password. VuGen retrieves the user name and domain information automatically. If necessary, you can also edit the user name in the Web Recorder NTLM authentication dialog box.

  • If IE is unable to log in with the current user's information, it prompts you to enter a user name and password using the standard browser authentication dialog box.

Back to top

Generating a web_set_user function

When performing NTLM authentication, VuGen adds a web_set_user function to the script.

  • If authentication succeeds, VuGen generates a web_set_user function with your user name, encrypted password, and host.

    web_set_user("domain1\\dashwood", 
              lr_decrypt("4042e3e7c8bbbcfde0f737f91f"),
             "sussex:8080");
  • If you cancel the Web Recorder NTLM Authentication dialog box without entering information, VuGen generates a web_set_user function for you to edit manually.

    web_set_user("domain1\\dashwood, 
            "Enter NTLM Password Here", 
            "sussex:8080");
    

    If you enter a password manually, it will appear in the script as-is, presenting a security issue.

    To encrypt a password:

    Right-click the password and select Encrypt string. VuGen encrypts the string and generates an lr_decrypt function, used to decode the password during replay. For more information about encrypting strings, see Encrypting Text.

Back to top