UFT – API TEST RETURNS HTTP 401 ERROR

PerfectoTopAd

Server returned HTTP status code 401:

Since publishing my UFT book The UFT API Testing Manifesto – A step-by-step, hands-on testing guide for the masses, I've received a few emails from folks who are receiving this error message: Server returned HTTP status code 401: Unauthorized while attempting to run their API tests.

More about the 401 Unauthorized error

According to Wikipedia, the 401 Unauthorized message is “401 Unauthorized is similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.[2] The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication.”

Why this 401 error occurs in UFT API

Sometimes the server you're testing against expects to receive authentication information before transport. For this reason, you must add some additional information to your API request's HTTP header. This can be done using custom code in BeforeApplyProtocolSettings event handler.

How to add a username and password to your HTTP Request Header

  • In your test, click on the web service activity on your main canvas area.
  • Under its Properties section, click on the Events icon.


  • Select the Create a default handler…option from the BeforeApplyProtocolSettings event.


  • In the TestUserCode.cs file, under the StServiceCallActivity5_OnBeforeApplyProtocolSettings method, add the following (note your StServiceCallActivity number might be different)
  • Create a string variable that contains the user name and password your server needs for authentication:

string myAuth = “Basic” + Convert.FromBase64String(System.Text.Encoding.ASCII.GetBytes(“YourUserName:YourPassword));

  • Next, add your authentication variable value as a parameter to the HttpRequestHeaders Add method:

this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,myAuth);


  • Run your test. You should no longer receive a 401 error message.

   
More UFT API Automation Awesomeness


For more UFT API Automation Awesomeness, tips, tricks and how-tos, check out my new book The UFT API Testing Manifesto – A step-by-step, hands-on testing guide for the masses –now available on Amazon.com!

Don't own a Kindle? No Problem — you can still read my book!

I'm aware that some of you have had trouble accessing my books in the past. The truth is that you don't need a Kindle! There are a variety of free ways you can read a Kindle eBook:

In short, it's really simple to read Amazon Kindle books, no matter what type of device you use to access the Internet.

11 comments
Rick Tester - December 24, 2013

Is that double quote missing in GetBytes argument?

string myAuth = “Basic” + Convert.FromBase64String(System.Text.Encoding.ASCII.GetBytes(“YourUserName:YourPassword));

When I used this code, UFT says the it cannot convert byte[] to string and the compile fails.

Thanks

Reply
    Joe Colantonio - December 24, 2013

    Yes – Sorry Rick! I will update the screenshot after the Holidays. The line should be:
    string upAuth = “Basic ” + Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(“USERNAME:PASSWORD”));

    Reply
      jyothi - January 21, 2014

      Even after updating the above line of code i am facing the issue in compiling.It says it cannot convert byte[] to string

      Reply
        Joe Colantonio - January 24, 2014

        Sorry not sure why its not working for you. Any chance you could contact HP support and find out why? If i could report I would contact myself.

        Reply
          Jyothi - January 24, 2014

          Hi Joe,

          I tried encoding the username and passwork thorough some base64 encoder and tried passing it .I was getting compiled but returning 401 error again
          public void StServiceCallActivity5_OnOnSendRequest(object sender, HP.ST.Ext.WebServicesActivities.ActivityProcessRawMessageEventArgs args)
          {
          //TODO: Add your code here…
          this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,”Basic cWNtc2VydmljZTAiMTiUMHM4aDJGeXFXMiA=”);
          }
          tried without concatinating Basic also as below:

          public void StServiceCallActivity5_OnOnSendRequest(object sender, HP.ST.Ext.WebServicesActivities.ActivityProcessRawMessageEventArgs args)
          {
          //TODO: Add your code here…
          this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,”cWNtc2VydmljZTAwMTpUMHM4aDJGeXFXMiA=”);
          }

          Reply
          Jyothi - January 24, 2014

          Sorry Joe.I am passing it in Before apply protocol settings method as below

          public void StServiceCallActivity5_OnBeforeApplyProtocolSettings(object sender, HP.ST.Ext.WebServicesActivities.Models.StChannelsBindingStack args)
          {
          //TODO: Add your code here…
          this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,”cWNtc2VydmljZTAwMTpUMHM4aDJGeXFXMiA=”);

          }

          Tried passing by appending “Basic” as well as without “Basic”.But no luck.It is returning 401 error

          Reply
Cornelius Smith - January 27, 2014

Joe,

I would like to capture the HttpStatusCode that is returned if the call fails. I see it in the run result but I can’t figure out how to capture it in code. Any ideas on how to get this value?

Reply
Rick - May 12, 2014

Hi Joe,
Why can’t we use the Header section in the Input tab of Properties for providing the authentication details?

~ Rick

Reply
Nick - September 2, 2014

Hi Joe,

Cool, have you ever run across a HTTP request behind a log-in page? I have some of these and always get a 302 redirect, obviously because it has to go to the log-in page first. What’s the best way to handle this in Service Test or UFT API?

Thanks, Nick

Reply
    Nick - September 24, 2014

    I’ve found that sending a Base64 Authorization POST with a redirect option works in most cases with the HTTP requests. However I am running into a “409 Conflict” error on some pages that require a login. I have your book but didn’t see anything about this situation, I was think about your solution above but it’s not really a REST Service or anything so I don’t have a OnBeforeApplyProtocolSettings Activity. Any ideas?

    Thanks

    Reply
Krishna Neupane - November 3, 2014

Nick or Joe-

were you able to use this authorization for REST services. I even do not see Onbeforeapplyprotocolsettins events? Any idea why I do not see?

Krishna

Reply
Click here to add a comment

Leave a comment: