Handle sites with authentication

Synthetic monitoring supports a variety of authentication mechanisms. Depending on the type of monitor you choose, this includes Basic, Digest, NTLM, and NTLMv2.

Supported authentication by monitor type

Support for various monitor types may depend on your site configuration.

Synthetic monitor type Basic Digest NTLM NTLMv2
Ping [check]
Simple browser [check] [check] [check] [check]
Scripted browser [check] [check] [check] [check]
API test [check]

For NTLM and NTLMv2, synthetic monitoring uses a Chrome browser in a Linux environment, so your configuration must be compatible with this client-side environment. It must also allow URI-encoded credentials.

Provide authentication credentials

Monitors provide authentication credentials by encoding them in the requested URL, such as http(s)://username:password@site.com. To do so, use the encodeURIComponent('string') JavaScript function in your script. For example:

var username = encodeURIComponent('username');
var password = encodeURIComponent('password');
var url = 'https://' + username + ':' + password + '@site.com';

For ping and simple browser monitors, you can use the following form to encode your values:

The full URL http(s)://username:password@site.com will be recorded as plain text in the corresponding synthetic's check data. The URL will be visible when viewing results for this monitor.

Code examples

Here are code examples for some monitor types:

Scripted browser

$browser.get('https://username:password@site.com').then(function(){
  $browser.takeScreenshot();
});
$browser.get('https://username@domain.com:password@site.com').then(function(){
  $browser.takeScreenshot();
});

API test

$http.get('https://username:password@site.com', function(err, resp, body){
  console.log(err, resp, body);
});

Troubleshoot NTLM authentication issues

You can check if New Relic will be able to properly authenticate against your NTLM endpoint using curl or with a scripted API monitor. You must use a host or location with access to your endpoint.

curl

To do this, run the following command, with the URL replaced by the endpoint you want to test:

$ curl -v --ntlm http://example.com

In the output from that command you should see the following response header telling you the server is offering NTLM over HTTP as a valid authentication mechanism:

WWW-Authenticate: NTLM 

Scripted API Monitor

Create a new API test monitor and assign it to a location with access to your endpoint. Replace the URL and validate the following script, which will print all response headers to the script log:

$http.get('https://www.newrelic.com',
{
  followRedirect: false
},
// Callback
function (err, response, body) {
  console.log(response.headers);
  }
);

Confirm that the WWW-Authenticate response header includes NTLM.

Redirects

NTLM authentication failures may be caused by $browser.get calls that result in a redirect. Check the response code for your request in the Timeline view in your monitor results. If the request is being redirected you may need to use the redirection location as the URL in the initial $browser.get call instead.

For more help

If you need more help, check out these support and learning resources: