I have Zabbix server 5.0 and I should check an availability of Outlook authorization.
I'm trying to make a Web scenario with 2 steps:
Checking of the authorization page.
I use https://<domain_name>/owa but it is redirected to https://<domain_name>/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2f<domain_name>%2fowa%2f. I tick "Follow redirects" and get status code 200.
https://i.stack.imgur.com/Pzmhp.jpg
Trying of authorization.
I use the same URL that I was redirected to in the first step, also I input this in Raw Post
destination=https%3A%2F%2F<domain_name>%2Fowa&flags=4&forcedownlevel=0&username=&password=&isUtf8=1 (I can use Form Data too). But if I input an invalid password and username, status code in response is 200 too (screens are below). I think it's because of redirections: authorization is not done and I was redirected at the same page.
https://i.stack.imgur.com/wVAwa.jpg
https://i.stack.imgur.com/9ddgp.jpg
After this step is finished I get status code 200 always.
How to do it correctly?
Add a string check to the scenario you already created. Look for a string that is present only after a successful login.
Required regular expression pattern.
Unless retrieved content (HTML) matches the required pattern the step will fail. If empty, no check on required string is performed.
https://www.zabbix.com/documentation/4.2/manual/web_monitoring
Related
I have this json feed.
I am unable to load this into Appgyver
I have set the following required settings:
- parameter app_name with the correct value
- added the reuired header X-DREAMFACTORY-APPLICATION-NAME
I always get the Oops, Unable to load resource's data model. error
Anyone who has a clue?
I am not very familiar with AppGyver, but I know it's been used with DreamFactory successfully by others. You have not provided enough information, but I will attempt to give you troubleshooting steps from the DreamFactory side.
First, are you definitely authenticating and passing a valid X-DreamFactory-Session-Token header? I can tell that you don't have guest access enabled (to make calls without authentication) because when I navigate to your link I receive a 401 with "There is no valid session for the current request."
Second, what is the call you're making from AppGyver? Is it a GET to simply list resources of a DB called vlaamse_vinyl, or what?
Finally, if you are passing X-DreamFactory-Application-Name in addition to the URI parameter ?app_name=vlaamse_vinyl this is redundant. Perhaps that is preventing your call from succeeding.
I am trying to create script in JMeter for Registration page which contains 5 steps process and accepts unique Email ID.
Steps 1:
Asks for unique Email ID
Steps 2:
Contains some fields and "Email" entered in Steps 1 remains auto-filled
Step 3:
Contain some fields and "Email" entered in Steps 1 remains auto-filled
Step 4 and Steps 5
Some fields and "Submit" button
I have recorded a script and want 3 more users to get registered through unique Emails provided via CSV, however, Registration fails.
Error Screenshot:
https://www.cubbyusercontent.com/pli/REGISTER.png/_dd684965d46d45c68bccb2b7008d63c3
Do you have proper correlation logic in place? ASP.NET web applications use at lease VIEWSTATE page level state management mechanism which holds current state of things on client side and needs to be updated each subsequent request. It is usually looks like __VIEWSTATE hidden input, you need to extract it from previous response and add as a parameter to next request elsewise you'll be sitting on the very first page or receive server errors.
Take a look at ASP.NET Login Testing with JMeter post for example simulation of ASP.NET authentication flow. If it doesn't help - get ready to share you request/response details, we are not telepathic enough to tell what's wrong basing on the fact of HTTP 500 error.
I'm creating a system with a JavaScript client that will communicate with the server over REST (HTTP)[JSON].
I am using role-based access control to manage the calls.
Example: [explicit URL will stay the same]
Anonymous -> request \
Server -> route to login form: \login\
User (now with cookie!) -> request \
if (user->role == "manager") return "\manager-homepage\";
else return "\homepage\";
Since REST is stateless how would I go about managing this use-case?
Do I send the cookie with each request, and the returned HTTP status codes will tell the JS where to route?
[Which would be rather inefficient + open to MITM attacks]
Can you not use a standard authentication scheme, such as http digest?
Example: [from Wikipedia page]
The client asks for a page that requires authentication but does not provide a username and password. Typically this is because the user simply entered the address or followed a link to the page.
The server responds with the 401 "client-error" response code, providing the authentication realm and a randomly-generated, single-use value called a nonce.
At this point, the browser will present the authentication realm (typically a description of the computer or system being accessed) to the user and prompt for a username and password. The user may decide to cancel at this point.
Once a username and password have been supplied, the client re-sends the same request but adds an authentication header that includes the response code.
In this example, the server accepts the authentication and the page is returned. If the username is invalid and/or the password is incorrect, the server might return the "401" response code and the client would prompt the user again.
Note: A client may already have the required username and password without needing to prompt the user, e.g. if they have previously been stored by a web browser.
See also this answer to a very similar question: REST and authentication variants
Depending on your desired security level, you could serve the whole thing over ssl. That will prevent mitm attacks.
I am designing a RESTful API and am using the usual HTTP status codes like 200, 404, 500, etc.
Given the situation where occasionally the API will require additional data. When this event arises it needs to respond with a relevant status code so that the client application can present the relevant user interface.
Example:
User fills in form and hits submit (using AJAX)
Server sends response with some status code to indicate that further information is required which is accompanied with additional user interface.
Additional user interface is displayed
User resubmits form
I have this working with a 200 status code, but I would prefer to use a different status code so that my AJAX handler can detect and handle this scenario automatically.
Are there any relevant status codes or would I need to use a sub status code which is returned as a part of my JSON response?
I would go with a 400 Bad Request, since there is more data needed.
Alternatively, a 100 Continue could also work.
Either of those codes indicates that more info is needed.
how about 202 Accepted
"The request has been accepted for processing, but the processing has not been completed"
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
I would suggest 412 Precondition Failed.
The answer to this little question will clear everything up for me.
If have a form tag that has a Get method and an action of some random script.
When I hit the submit button on the page, the Get Method is sent to HTTP and HTTP is what appends the query string to the url, the HTTP then returns a 20X status if the response is good and a 40X is a bad response? And our action goes to our webserver to run the script?
HTTP is transport and HTML is content. The Form submit calls a GET or POST request on the server depending on the action defined for the HTML form. The Form's arguments are appended by the Browser's form logic to the HTTP request, depending whehter GET or POST is used, they are attached to the request URL or put into the request body.
Then the request is handled on the server and the result is returned by the server logic (which can be a CGI, some perl script, a J2EE application etc.).
The server seponds with a HTTP status code (where everything below 300 is a success, and everything above 399 is an error - see here:HTTP staus codes ).
You are sending your form's data via HTTP using the "get" request. HTTP is a protocol and not a server. Your request is handled by a server who knows how to handle the HTTP protocol, eg. Apache.
The server processes the data and sends back a response. As you mention there are different kind of responses. 404 is best known (document not found).
The script is not run on the server, it is run on the client (the browser).
HTML is the markup code that describes the structure of the page. Browsers interpet the HTML code they receive and construct your page from it. Check here for more details: Wikipedia: HTML
The HTTP is the protocol used by the browser to talk to the server. Check this for more details: Wikipedia again: HTTP