Testing web service with SoapUI and Windows authentication
Solution 1
SoapUI doesn't seem to work directly with NTLM authentication, but you can use a proxy such as Burp Suite to do the auth for you.
- Download Burp Suite from http://portswigger.net/burp/ and crank it up.
- On Burp's "Proxy : Intercept" tab, click the button to turn intercept off.
- On Burp's "Proxy : Options" tab, make sure it's set to an unused port, the default is 8081
- On Burp's "Options" tab, tick "do www authentication" and add a setting for the server you wish to hit. Also tick "prompt for credentials on authentication failure"
- Switch to Burp's "Proxy : History" tab so you can see requests going through.
- In SoapUI, choose File > Preferences, then select "Proxy Settings". Enter Host "localhost" and port "8081".
- Use SoapUI as normal. It will send requests through Burp Proxy, which will do the NTLM authentication for you.
Solution 2
soapUI 4.5 just added support for NTLMv2 which negates the need for Burp Suite.
Solution 3
The accepted solution will work in most scenarios. If, however, the service uses delegation to access resources on other servers, you will run into a double-hop issue with the NTLM authentication the Burp proxy uses. The proxy will successfully authenticate to the service, but subsequent calls made by the service to other resources using delegation will fail.
The issue is described well in this article:
The easiest workaround I found for this was to use Fiddler as a proxy. On Fiddler's Rules menu, select 'Automatically Authenticate.' Then update your SoapUI preferences to use fiddler as a proxy (the default location is localhost:8888). Now your calls will be wrapped in a credential that can be delegated.
If you use LoadUI to execute your SoapUI test cases, the SoapUI test runner will use your SoapUI proxy settings, and your calls will continue to work.
Solution 4
Current release SoapUI 4.5.1 doesn't work with windows authentication, but nightly build version runs again well.
Download nightly build version
Solution 5
I think SoapUI might only support NT authentication for the WSDL.
you can see some detail of how it is implemented here:
Related videos on Youtube
09 : 13
05 : 11
08 : 40
01 : 02 : 28
08 : 37
05 : 55
06 : 42
05 : 59
26 : 05
17 : 36
31 : 06
Comments
-
Henrik P. Hessel about 4 years
Is it possible to include the Windows domain credentials to test my web service with SOAP UI?
I found a properties page but the IIS just responses with "wrong credentials".
-
olensmar about 14 yearssoapUI does natively supports NTLMv1, but since many newer NTLM-based installation require NTLMv2 this is a great workaround, thanks for posting! /Ole eviware.com
-
Admin almost 14 yearsBurpSuite ProVersion has the 'do www authentication' area, not the freebie version. :(
-
-
Sarah Vessels over 14 yearsThanks for the response. This worked for me to query a Sharepoint list via soapUI. -
Pedro Rolo about 14 yearsThere is no "Comms" tab burp's current version.
-
Dennis G over 13 yearsThe "Comms" tab is "Options" in the current version. Wish I could edit others' posts already ;-)
-
ANISH S NAIR about 13 yearsI had a slightly different scenario in that my proxy server requires NTLM v2 authentication (HTTP Response code 407) instead of the web server. Using Burp with the "upstream proxy server" settings instead of the "do www authentication" in step 4 worked for me. -
John Berberich about 13 yearsAwesome, Mike, thank you! Charles proxy software will also do this as long as you're using HTTP 1.1. Just configure the SoapUI proxy settings to point to Charles and give it (SoapUI) your NTLM credentials. -
Leon over 11 yearseven with the latest version of SoapUI/LoadUI 4.5.1, this still doesn't work - got it to work with BurpSuite...
-
Fanda about 11 yearsDownload nightly build, see my reply.
-
Patrick Szalapski over 9 yearsWhere is "Automatically authenticate"? I don't see it in my rules menu. I am using Fiddler 4.4.7.1.
-
Patrick Szalapski over 9 yearsI can't even get it to work with SoapUI 5.0.0. SoapUI sends the NTLM header, but it seems to be wrong as I get all 401s.
-
kiprainey over 9 yearsI'm on 4.4.9.2, and it's the third item from the bottom on my 'rules' menu. I'm not sure where it is in earlier versions. -
Sergey Enns over 7 yearsNTLM worked for me in SoapUI 5.3.0. It's necessary enable the option "Adds authentication information to outgoing request" in "HTTP Settings" tab of SoapUI Preferences. It's disabled by default. Then you must specify Username/Password in your request.
-
Abraham Roy about 7 yearsIn the new Burp v1.7.21, you have to tick "Override user options" under 'Project Options' tab and give the server settings there and rest of the steps are as given in the solution. This worked great. Thanks.
-
mcanti almost 7 yearsCouldn't make SoapUI 5.3.0 to correctly handle NTLM. With BurpSuite it worked!
-
Atul Sureka over 6 yearsI do not want to explicitly set the credentials because soap UI saves these credentials in clear text in the xml. This is not acceptable. - Atul
-
Atul Sureka over 6 yearsI tried it but it did not work for me. I can see Fiddler capture the traffic & send couple of requests as it gets 401. But final response is still now 200.
-
Gajotres over 5 yearsI can confirm this solution is working, I have done it before I read this article. Now I'm looking for more direct solution. -
Gajotres over 5 years@SergeyEnns answer is also working. No need for Fiddler2 or Burp
-
Shiv over 4 years@SergeyEnns still not working for me. Returns 401 unauthorized still. WcfStorm auth is working.
-
Shiv over 2 years2 years on, new machine, same issue. SoapUI 401 unauthorized. As per before WcfStorm working. Should selecting NTLM add anything to the header for auth? Because I see an auth header element with Basic but not NTLM or Kerberos.
-
Shiv over 2 yearsI'm running SoapUI 5.7.0 and it doesn't work for me.
