iiswindows-authenticationplaywrightasp.net-mvc-5.2azure-devops-server-2019

How to get Playwright .NET tests to run in Azure DevOps Server against IIS using Windows Authentication


I'm trying to get our Playwright tests to run in our CI/CD pipeline. I'm finding scant documentation on how to do so with regards to our specific situation. Here are the key components:

So, I can point the tests towards our development IIS server and run them locally from Visual Studio 2022 with no problems. However, when I run them in the pipeline, I get a "401 Unauthorized" error. It would seem this is obviously due to my local using my Windows Auth credentials, whereas the Build Server, quite obviously, does not have my credentials.

So my question is: What strategies are there for running Playwright tests in an Azure DevOps Server pipeline against an IIS website that uses Windows Authentication?"

For what it's worth, here are the references I found, but they either had no answers or were closed w/o a solution:

I just haven't seen much documentation or guides that deal with how to make these tests work. Finally, for security reasons, we need to keep Windows Auth enabled and as the only authentication mechanism for our site. It's not really an option to circumvent security. Maybe this isn't possible, but then I'd like it explicitly called out somewhere.

Thanks, Michael


Solution

  • Based on your description, the build server and web server are in two different machines.

    By default, the Browser will enable the Windows Integrated Authentication for authentication. It will automatically login to the website use the current user.

    In your case, it will directly use the user on Build Server to access the Web Server and cause 401 error.

    To solve this issue, you need to disable the Windows Integrated Authentication first.

    1. Navigate through Menu bar to Tools -> Internet Options -> Security

    2. Select Local Intranet and Click on "Custom Level" button

    3. Scroll to bottom of the window to User Authentication section, select "Prompt for user name and password"

    4. Click Ok, Apply and Ok to save changes.

    For example:

    enter image description here

    Refer to this doc: How to disable Integrated Windows Authentication (IWA) from browsers

    Then you can set the windows user Credentials of IIS web Server in the Playwright project. Refer to this doc: HTTP Authentication

    For example:

    using var context = await Browser.NewContextAsync(new()
    {
        HttpCredentials = new HttpCredentials
        {
            Username = "bill",
            Password = "pa55w0rd"
        },
    });
    var page = await context.NewPageAsync();
    await page.GotoAsync("https://example.com");
    

    Here is a ticket with the similar requirement: Prevent SSO with Playwright

    On the other hand, you can also consider setting the self-hosted agent on IIS web server.

    In this case, you don't need to do any changes on the code. It will use the user on IIS web server to access the website in Azure Pipeline.