Testing WCF Webservice using Soap UI when Authorization is NTLM but security mode is Transport

Question

&nbsp;We are using WCF Webservices and it is exposed for Webservice Testing. We are using SoapUI opensource to test this.I am capturing the soap request using Fiddler.&nbsp;POST https://lb-go01.xxxxxxx.com:4432/xxxx/xxxxxx/xxxxx.svc/soap HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://www.xxxx.com/xxxx/xxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxx"Accept-Encoding: gzip, deflateAuthorization: Negotiate TlRMTVNTUAADAAAAGAAYAKQAAAA+......Host: lb-go01.xxxxxxx.com:4432Content-Length: 824Expect: 100-continue&nbsp;By seeing Authorization, I understand that it is using NTLM Authorization since it starts with TlR (Referring How to find if NTLM or Kerberos is used from WWW-Authenticate: Negotiate header)&nbsp;&nbsp;I have Configured the username, password and Domain for NTLM Authorization in Soap UI.NTLM Authorization sends the credentials in the Soap Header as given below:&nbsp;&lt;soapenv:Header&gt;&lt;wsse:Security soapenv:mustUnderstand="1" xmlns:wsse ......&lt;/soapenv:Header&gt;The server config file is:&lt;security mode="Transport"&gt;&nbsp;&nbsp;&nbsp;&nbsp; &lt;transport clientCredentialType="Windows" /&gt;&lt;/security&gt;ONLY Basic Authorization in soap ui sends Authorization as a Request Header. But server expects NTLMV2 where as SoapUI sends Authorization as Soap Header if it is NTLM.How to over come this issue using SoapUI.

nastya_khovrina · Answer

Hi,
&nbsp;
See this article on how to setup your request to use NTLM v2: http://www.soapui.org/SOAP-and-WSDL/authenticating-soap-requests.html
If you are authenticating NTLM, make sure to note the following in your configurations:

File &gt; Preferences &gt; HTTP Settings tab &gt; uncheck Authenticate Preemptively preference
for NTLM v2 provide your username as "DOMAIN\USERNAME" or at least as "\USERNAME"

If you have a license for SoapUI, I recommend that you install the latest version of Ready! API which is 2.0.0 https://support.smartbear.com/downloads/readyapi/&nbsp;and try to test there.
If you still have issues, please open a new support case here: https://support.smartbear.com/message/?prod=ReadyAPI&nbsp;and provide Support team with the following info:
- full raw request and response;
- error, http&nbsp;logs;
- screenshots of your&nbsp;settings (or your project file).

nastya_khovrina · Answer

Hi,
&nbsp;
Thank you for your post. Info about NTLM authorization should be added on the Auth tab:&nbsp;https://support.smartbear.com/readyapi/docs/projects/requests/auth/types/ntlm.html
Also, check the "Authenticate preemptively" option under SoapUI (Ready! API) Preferences:&nbsp;https://www.screencast.com/t/cLBhn0aGHHt.
&nbsp;
&lt;soapenv:Header&gt;&lt;wsse:Security ...&nbsp;&lt;/soapenv:Header&gt; is&nbsp;related to WS-Security:&nbsp;https://support.smartbear.com/readyapi/docs/projects/requests/ws/wss/about.html
&nbsp;
If you face some issues, it would be great if you can provide us with screenshots of your settings.
&nbsp;
&nbsp;

changan · Answer

Hi,&nbsp;Thanks for the reply..I have already configured the username, password and Domain in the Auth Tab.I have checked&nbsp;"Authenticate preemptively" option under SoapUI (Ready! API) Preferences&nbsp;Unfortunately the authentication is going in the soap header but my application does not worry about soapheader instead it expects Authorization in the Request header as given in the original post.&nbsp;Can we add Negotiate token in the Request header for NTLM auth?&nbsp;Thanks,Chandra

Forum Discussion

Testing WCF Webservice using Soap UI when Authorization is NTLM but security mode is Transport

3 Replies

Related Content

Missing Transport Exception

Authorization

Rest API Authorization

Authorization Tag For Basic BASE64 Encoding

[Solved] SSL Handshake exception calling a secure webservice

Recent Discussions

Mismatch between response from a CURL request and ReadyAPI response

Reading dynamic parameter from resource path

Parameterising JDBC Connection Settings..Can you do it?

Test Runner - Report All in One File

GroovyScript Help - Repeating JSON Attributes Have Specific Value.....some of the time?