0

I'm trying to get our Playwright tests to run in our CI/CD pipeline. I'm finding scant documentation on how to do so with regards to our specific situation. Here are the key components:

  • Code is .NET Framework 4.7.2 MVC
  • Build Server Azure DevOps Server 2019
  • IIS 10 is our webserver
  • Windows Authentication is used for IIS
  • CI/CD pipeline is written in YAML
    • Deployment Pipeline is Classic because YAML is not supported in 2019

So, I can point the tests towards our development IIS server and run them locally from Visual Studio 2022 with no problems. However, when I run them in the pipeline, I get a "401 Unauthorized" error. It would seem this is obviously due to my local using my Windows Auth credentials, whereas the Build Server, quite obviously, does not have my credentials.

So my question is: What strategies are there for running Playwright tests in an Azure DevOps Server pipeline against an IIS website that uses Windows Authentication?"

For what it's worth, here are the references I found, but they either had no answers or were closed w/o a solution:

I just haven't seen much documentation or guides that deal with how to make these tests work. Finally, for security reasons, we need to keep Windows Auth enabled and as the only authentication mechanism for our site. It's not really an option to circumvent security. Maybe this isn't possible, but then I'd like it explicitly called out somewhere.

Thanks, Michael

Improve this question
1
  • Update: I ultimately solved this by getting the SysAdmins at my organization to create a new user for me. I then put the user and password in our App.config (not super ideal, I know), and then created an HttpCredentials object in the Playwright test file. I then used a BrowserTypeLaunchPersistentContextOptions object on which I set the credentials. Hope this helps someone. Commented Mar 27 at 14:20

1 Answer 1

Reset to default
1

Based on your description, the build server and web server are in two different machines.

By default, the Browser will enable the Windows Integrated Authentication for authentication. It will automatically login to the website use the current user.

In your case, it will directly use the user on Build Server to access the Web Server and cause 401 error.

To solve this issue, you need to disable the Windows Integrated Authentication first.

  1. Navigate through Menu bar to Tools -> Internet Options -> Security

  2. Select Local Intranet and Click on "Custom Level" button

  3. Scroll to bottom of the window to User Authentication section, select "Prompt for user name and password"

  4. Click Ok, Apply and Ok to save changes.

For example:

enter image description here

Refer to this doc: How to disable Integrated Windows Authentication (IWA) from browsers

Then you can set the windows user Credentials of IIS web Server in the Playwright project. Refer to this doc: HTTP Authentication

For example:

using var context = await Browser.NewContextAsync(new()
{
    HttpCredentials = new HttpCredentials
    {
        Username = "bill",
        Password = "pa55w0rd"
    },
});
var page = await context.NewPageAsync();
await page.GotoAsync("https://example.com");

Here is a ticket with the similar requirement: Prevent SSO with Playwright

On the other hand, you can also consider setting the self-hosted agent on IIS web server.

In this case, you don't need to do any changes on the code. It will use the user on IIS web server to access the website in Azure Pipeline.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yes, the build server and IIS server are separate machines. Unfortunately, changing security settings (your first screenshot) is not an option. In fact, I don't even have access to do so and seriously doubt I could get the sysadmins to do it for me. I'll check out those other links (prevent sso and self-hosted agent) and post back here with an update.
@MichaelKolakowski you can check the link and it has the code method to change the settings.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.