Virtualization w/ Basic Authentication

Document ID : KB000095066
Last Modified Date : 21/05/2018
Show Technical Document Details
Introduction:
When recording REST service w/ Basic Authentication, DevTest captures two transactions.The first transaction returns "401 Unauthorized" and subsequent request returns "200 OK". It looks as though the first outgoing request doesn't contain the "Authorization" header while the second does. But the question is, why does it send out two request? Why does the first one not contain the Basic Authentication details? 
Environment:
All supported DevTest Environments
Instructions:
The HTTP Basic authentication framework work like this: A client sends a request, The server responds to a client with a 401 (Unauthorized) response status and provides information on how to authorize. Client that wants to authenticate itself with a server then sends an Authorization request header field with the credentials. The first outgoing request doesn't contain the "Authorization" header while the second does.



The Virtual service recorder captures both the transactions; the first returns "401 Unauthorized" and subsequent request returns "200 OK". 
During recording you can do either one of the following: 
1. Client application sends authentication pre-emptively to the recorder.
OR 
2. Enable " Allow Duplicate transaction " check box in the Recorder. It will capture both the 401 Unauthorized" and subsequent request with Basic Authentication which will return "200 OK". After recording , you can then edit the VSI and remove the 401 unauthorized transaction.
Additional Information:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication