Revieved 401 with unsupported protocol in www-authenticate header.

[semics-tech]

Hi,

First of all, great plug in! It's worked really well up until now but I'm unable to connect to my website that has Windows Authentication.

The server had to be rebuilt and it was working before this. It also used to use https but now only http, I assume this shouldn't be an issue though?

Below are my logs. I've tried to access the site using cy.visist(URL, {auth: {}}) method which works, so I know the credentials are correct. The issue is, I have an api that requests authentication and this is failing with the standard cypress auth method.

Dashboard Smoke Tests cypress:plugin:ntlm-auth Created agent for client 127.0.0.1:56571 to target http://127.0.0.1:56549/ +5s cypress:plugin:ntlm-auth Request to config API +0ms cypress:plugin:ntlm-auth Created untracked agent for target http://127.0.0.1:56549/ +2ms cypress:plugin:ntlm-auth Received reset +19ms cypress:plugin:ntlm-auth Removed all agents due to reset +1ms cypress:plugin:ntlm-auth Removed and closed all tunnels due to reset +2ms cypress:plugin:ntlm-auth Request to config API +22ms cypress:plugin:ntlm-auth Created untracked agent for target http://127.0.0.1:56549/ +1ms cypress:plugin:ntlm-auth Received valid NTLM config update +3ms cypress:plugin:ntlm-auth Added new hosts [ '*.[DOMAIN].co.uk' ] +0ms cypress:plugin:ntlm-auth Created agent for client 127.0.0.1:56574 to target http://demo.[DOMAIN].co.uk:80/ +17ms cypress:plugin:ntlm-auth Request to http://demo.[DOMAIN].co.uk:80/ in registered NTLM Hosts +0ms cypress:plugin:ntlm-auth Received 401 with unsupported protocol in www-authenticate header. Basic realm="demo.[DOMAIN].co.uk" Ignoring. +137ms 1) Visit the web page ntlmReset {} ntlm {ntlmhosts: [*.[DOMAIN].co.uk], username: [USERNAME]} request cypress:plugin:ntlm-auth Removed agent for 127.0.0.1:56571 due to socket.close +5s

When I request the page, I get this response:

`cy.request() failed on:

http://demo.[DOMAIN].co.uk/app/

The response we received from your web server was:

401: Unauthorized

This was considered a failure because the status code was not 2xx or 3xx.

If you do not want status codes to cause failures pass the option: failOnStatusCode: false

---

The request we sent was:

Method: GET URL: http://demo.[DOMAIN].co.uk/app/ Headers: { "Connection": "keep-alive", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36", "accept": "/", "accept-encoding": "gzip, deflate" }

---

The response we got was:

Status: 401 - Unauthorized Headers: { "content-type": "text/html", "server": "Microsoft-IIS/10.0", "x-powered-by": "ASP.NET", "x-ua-compatible": "IE=Edge", "access-control-allow-origin": "*", "www-authenticate": "Basic realm="demo.[DOMAIN].co.uk"", "date": "Mon, 21 Dec 2020 12:38:52 GMT", "content-length": "1293", "connection": "keep-alive", "keep-alive": "timeout=5" } Body: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

Server Error

401 - Unauthorized: Access is denied due to invalid credentials.

You do not have permission to view this directory or page using the credentials that you supplied.

` Maybe there's something I'm missing on the new server but I've been told it's the same setup as before. Any help on this would be greatly appreciated! Thanks, Ollie

[bjowes]

Hi @olliebreeden - the answer lies in the response. Look at the header www-authenticate, it should indicate all supported protocols. Apparently only basic authentication is enabled. Go to IIS manager, authentication and enable Windows Integrated Authentication.

[semics-tech]

Hi @bjowes, thanks for the quick reply, that solved the issue. Thankyou!