Login/Register
Selenium - Basic Authentication via url
Asked Answered
Solved javagoogle-chromeselenium-webdriverbasic-authentication
S

6

12

In my selenium test (with chromedriver-2.24) I'm trying to access my webpage via basic authentication with the following statement:

WebDriver driver  = ...;
driver.get("http://admin:admin@localhost:8080/project/");

But Google Chrome gives me the following warning in the console:

[Deprecation] Subresource requests whose URLs contain embedded credentials (e.g. https://user:pass@host/) are blocked. See https://www.chromestatus.com/feature/5669008342777856 for more details.

In the tagged link it is mentioned that the support was dropped:

Drop support for embedded credentials in subresource requests. (removed)

My question now is, is there an other way to basic authenticate with selenium?

NOTE: that this other question has not helped me: How to Handle HTTP Basic Auth headers in Selenium Webdriver using Java ?

Schell answered 27/7, 2017 at 8:54 Comment(3)
Try solution from: https://mcmap.net/q/455847/-chrome-59-and-basic-authentication-with-selenium-fluentleniumSartorial
@Sartorial the solution suggested from the link doesn't work for me, the credentials are not cached after the first call...Schell
Then probably only solution for You is to setup proxy server to which You will connect with WebDriver, and proxy server will add basic auth headerSartorial
A
7

There were some updates in this link as :

Chromium Issue 435547 Drop support for embedded credentials in subresource requests. (removed)

We should block requests for subresources that contain embedded credentials (e.g. "http://ima_user:[email protected]/yay.tiff"). Such resources would be handled as network errors.

However, Basic Authentication functionality still works with Selenium 3.4.0, geckodriver v0.18.0, chromedriver v2.31.488763, Google Chrome 60.x and Mozilla Firefox 53.0 through Selenium-Java bindings.

Here is the example code which tries to open the URL http://the-internet.herokuapp.com/basic_auth with a valid set of credentials and it works.

Firefox:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;

public class BasicAuthentication_FF 
{
    public static void main(String[] args) 
    {
        System.setProperty("webdriver.gecko.driver", "C:\\Utility\\BrowserDrivers\\geckodriver.exe");
        WebDriver driver =  new FirefoxDriver();
        driver.navigate().to("http://admin:[email protected]/basic_auth");
    }
}

Chrome:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;
import org.openqa.selenium.chrome.ChromeOptions;

public class BasicAuthentication_Chrome 
{
    public static void main(String[] args) 
    {
        System.setProperty("webdriver.chrome.driver", "C:\\Utility\\BrowserDrivers\\chromedriver.exe");
        ChromeOptions options = new ChromeOptions();
        options.addArguments("start-maximized");
        options.addArguments("disable-infobars");
        options.addArguments("--disable-extensions");
        WebDriver driver =  new ChromeDriver(options);
        driver.navigate().to("http://admin:[email protected]/basic_auth");
    }
}
Aleedis answered 27/7, 2017 at 13:45 Comment(0)
P
11

The basic authentication via url is blocked only for sub resources. So you could still use it on the domain:

driver.get("http://admin:admin@localhost:8080");
driver.get("http://localhost:8080/project");

You could also create a small extension to automatically set the credentials when they are requested:

options = webdriver.ChromeOptions()
options.add_extension(r'C:\dev\credentials.zip')

https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46

Potluck answered 27/7, 2017 at 12:34 Comment(5)
Your first suggestion doesn't work for me :/ I still get the login prompt in chrome when running the selenium test. The other I haven't looked atSchell
@florent-b, I've been looking everywhere for something like this! Option #2 solves the problem of AJAX requests, CGI form submissions, redirects, etc.Perisarc
The extension works great, but not for Chrome in headless mode on CI :-(Othaothe
Can anyone help and expand on this answer for JAVA? - The two option lines above alone do not workKeynes
Works flawless! Thank youBrookebrooker
A
7

There were some updates in this link as :

Chromium Issue 435547 Drop support for embedded credentials in subresource requests. (removed)

We should block requests for subresources that contain embedded credentials (e.g. "http://ima_user:[email protected]/yay.tiff"). Such resources would be handled as network errors.

However, Basic Authentication functionality still works with Selenium 3.4.0, geckodriver v0.18.0, chromedriver v2.31.488763, Google Chrome 60.x and Mozilla Firefox 53.0 through Selenium-Java bindings.

Here is the example code which tries to open the URL http://the-internet.herokuapp.com/basic_auth with a valid set of credentials and it works.

Firefox:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;

public class BasicAuthentication_FF 
{
    public static void main(String[] args) 
    {
        System.setProperty("webdriver.gecko.driver", "C:\\Utility\\BrowserDrivers\\geckodriver.exe");
        WebDriver driver =  new FirefoxDriver();
        driver.navigate().to("http://admin:[email protected]/basic_auth");
    }
}

Chrome:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;
import org.openqa.selenium.chrome.ChromeOptions;

public class BasicAuthentication_Chrome 
{
    public static void main(String[] args) 
    {
        System.setProperty("webdriver.chrome.driver", "C:\\Utility\\BrowserDrivers\\chromedriver.exe");
        ChromeOptions options = new ChromeOptions();
        options.addArguments("start-maximized");
        options.addArguments("disable-infobars");
        options.addArguments("--disable-extensions");
        WebDriver driver =  new ChromeDriver(options);
        driver.navigate().to("http://admin:[email protected]/basic_auth");
    }
}
Aleedis answered 27/7, 2017 at 13:45 Comment(0)
J
2

Florent B.'s approach of calling .get on the URL twice worked for me with a slight modification. In JS:

driver
        .get('http://admin:admin@localhost:8080')
        .then( () => driver.get('http://localhost:8080') )

working on google chrome 62.0.3202.94 with ChromeDriver 2.33.506092 and the approach seems compatible with firefox 56.0.2 with geckodriver 0.19.1, and phantomjs 2.1.1 all under Debian linux 9.

What I believe is happening is the first call sets up the Authorization header sent by the browser. The second call removes the credentials from the URL and the credentials no longer are applied to subresources. The then synchronizes the two requests ensuring order.

Jurat answered 18/11, 2017 at 2:5 Comment(0)
A
2

New features for chrome and basic authentication via remote-debug: just for linking it here, so people who are stuck can find a solution for chrome and more: Chrome remote debugging in a seleniumgrid

Acidfast answered 8/2, 2018 at 20:44 Comment(0)
L
2

Selenium 4 supports basic authentication

WebDriver driver = new ChromeDriver();
HasAuthentication authentication = (HasAuthentication) driver;
authentication.register(() -> new UsernameAndPassword("username", "pwd"));
driver.get("your-site.com");

https://www.selenium.dev/blog/2021/a-tour-of-4-authentication/

Laundrywoman answered 10/2, 2022 at 11:13 Comment(0)
L
-1

Such Basic authentication will not be supported directly using the selenium driver.get(URL) method to load a URL prompting for authentication within a JavaScript Popup, I was also stuck here for a long time. It's because of Chrome driver will not allow such authentication techniques after the update 59 (probably). There are still backdoors via Selenium using the JavaScript engine in the browser to load such URLs.

driver.get("https://www.google.com");
JavascriptExecutor jse = (JavascriptExecutor) driver;
URL = "https://username:[email protected]";
jse.executeScript("window.open('"+URL+"')");
Leg answered 11/6, 2020 at 15:35 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.