1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
<?xml version="1.0" encoding="US-ASCII"?>
<testcase>
<info>
<keywords>
HTTP
HTTP GET
HTTP Basic auth
</keywords>
</info>
# Server-side
<reply>
<!-- First request has Basic auth, wrong password -->
<data100 crlf="headers">
HTTP/1.1 401 Sorry wrong password
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
This is a bad password page!
</data100>
<!-- Second request has Basic auth, right password -->
<data200 crlf="headers">
HTTP/1.1 200 Things are fine in server land
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32
Finally, this is the real page!
</data200>
<!-- Third request has Basic auth, wrong password -->
<data300 crlf="headers">
HTTP/1.1 401 Sorry wrong password (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
This is a bad password page!
</data300>
<!-- Fourth request has Basic auth, wrong password -->
<data400 crlf="headers">
HTTP/1.1 401 Sorry wrong password (3)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
This is a bad password page!
</data400>
<!-- Fifth request has Basic auth, right password -->
<data500 crlf="headers">
HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32
Finally, this is the real page!
</data500>
<datacheck crlf="headers">
HTTP/1.1 401 Sorry wrong password
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
This is a bad password page!
HTTP/1.1 200 Things are fine in server land
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32
Finally, this is the real page!
HTTP/1.1 401 Sorry wrong password (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
This is a bad password page!
HTTP/1.1 401 Sorry wrong password (3)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Basic realm="testrealm"
This is a bad password page!
HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32
Finally, this is the real page!
</datacheck>
</reply>
# Client-side
<client>
<server>
http
</server>
<tool>
lib2023
</tool>
<name>
HTTP authorization retry (Basic)
</name>
<command>
http://%HOSTIP:%HTTPPORT/%TESTNUMBER basic basic
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<protocol crlf="headers">
GET /%TESTNUMBER0100 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Basic %b64[testuser:wrongpass]b64%
Accept: */*
GET /%TESTNUMBER0200 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Basic %b64[testuser:testpass]b64%
Accept: */*
GET /%TESTNUMBER0300 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Basic %b64[testuser:wrongpass]b64%
Accept: */*
GET /%TESTNUMBER0400 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Basic %b64[testuser:wrongpass]b64%
Accept: */*
GET /%TESTNUMBER0500 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Basic %b64[testuser:testpass]b64%
Accept: */*
</protocol>
</verify>
</testcase>
|
