How to handle Basic and Digest Auth using Selenium

Photo by Alex Knight on Unsplash

Have you ever imagined a situation where a tester has to sit and execute thousands of test cases manually? How long would that take? couple of weeks? Now imagine re-execution of the same scenarios over and over again. For a tester that can be exhaustive and time consuming.

With the advent of automation testing tools the burden on the tester as well as the industry was brought down drastically, and the new era of automation testing has began. When I started automating the web it felt like some magic is happening, until I realised how the tool was working. Now there are hundreds of open source tools available in the market, but Selenium still stays close to my heart.

In this article let us look into how to handle Basic auth and Digest auth using Selenium. We will start with understanding what each of them is before we jump into Selenium

What is Basic Auth and Digest Auth

Authentication is a process of verifying who the user is.

In case of Basic authentication, base64 encoding is used to generate cryptographic string, which contains the information of username and password. As this is not a secure implementation, and transmits the password as plain text, it should be used over encrypted transport layer i.e. HTTPS.

Digest authentication, on the other hand uses encryption. Server provides the client a nonce(Number which can be used once), by combining it with username, realm, password and URI request, client runs it through MD5 hashing method. Which then will be passed to server and gets validated.

Handling Authentication Using Selenium

Now let’s see how above mentioned auth types can be handled using Selenium

Method1:

One can directly pass the username and password in the URL. Well this method works fine, but this varies from browser to browser and version. Safari does not entertain such format and simply ignores the credentials passed.

Example:

The above method is definitely not a best practice to follow, as this is a quick way fo account compromise.

Method 2:

Second method is to use AutoIT or Sikuli tool. But that would work only on windows. Because of platform dependence AutoIT is not recommended.

Method 3:

Selenium 4 recently added support in their alpha version to handle basic and digest auth using register method. Sample code can be found below.

Note: this is a new feature of Selenium 4, to use Chrome Devtools Protocol(CDP) to automate certain functions that are not available using WebDriver protocol and is a bridge technology until the webdriver bidirectional protocol is developed by W3C and subsequently implemented by browser vendors.

In Summary

The article above focuses mostly on handling basic and Digest auth and its demonstration using Selenium can do. Stay tuned for some more advanced topics on Automation testing

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
G. Kunda

I write about spirituality, life and things i observe on day to day basis