Highlighted
Absent Member.
Absent Member.
146 views

Issue with multiple user login either by Parametrization,CSV file due to login Encryption(SHA256)

Hello Everyone

Need urgent help for the below issue...

Issue : Unable to pass different user names and password by parametrization due to encryption. Below is the complete details.

We have an application where the login page is having encryption. Below is the flow of how encryption will process.

1. navigating to URL : https://QAinstance******/default.aspx : Login page
2. Login Page : Entering user name and Password and click on Submit button
3. OnClick submit - The username and Password will trigger to Sha256.js file where username and password will get encrypted.
4. Both the encrypted values will be stored in New Variables called hiddenusername and hiddenpassword.
5. After storing it clears the textusername and textpassword which is entered in Step:2
6. From the New variables it is going to validate in DB for Authentication then it will load to Home page or Dashboard Page.

I recorded the script in HTML Script mode and No where the text username or Password is getting up.
Below is the block of script which we got once we click on submit button. If you see below the txtHiddenPassword and txtHiddenUserName is encrypted


web_set_user("username","Password","host:123"); //To pass through Authentication (401)

web_custom_request("default.aspx_2",
"URL=https://QAinstance*******/default.aspx?Key=NonSSOEntry",
"Method=POST",
"Resource=0",
"RecContentType=text/plain",
"Referer=https://QAinstance*******/default.aspx?Key=NonSSOEntry",
"Snapshot=t51.inf",
"Mode=HTML",
"EncType=application/x-www-form-urlencoded; charset=utf-8",
"Body=ctl00%24ScriptManager1=ctl00%24Content1%24UpdatePanelUserGroup%7Cctl00%24Content1%24btnLogin&__LASTFOCUS=&ctl00_ScriptManager1_HiddenField=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE={CorrelationParameter_URL2}&__VIEWSTATEGENERATOR={__VIEWSTATEGENERATOR}&__VIEWSTATEENCRYPTED=&ctl00%24Content1%24txtUserName=&ctl00%24Content1%24txtPassword="
"&ctl00%24Content1%24txtHiddenPassword=%E1%8B%AB%E1%8B%AB%E1%8B%A3%E1%8A%B8%E1%8B%AC%E1%8B%AB%E1%8B%A8%E1%8B%A2%E1%8B%A9%E1%8A%BE%E1%8B%A8%E1%8A%BA%E1%8A%B9%E1%8A%BD%E1%8A%B9%E1%8A%BF%E1%8B%AB%E1%8A%BD%E1%8A%BA%E1%8B%AF%E1%8B%AC%E1%8A%B9%E1%8A%B9%E1%8A%B8%E1%8B%A9%E1%8A%BE%E1%8A%BF%E1%8B%A2%E1%8B%AD%E1%8A%BA%E1%8A%BA%E1%8B%A2%E1%8B%A2%E1%8A%B9%E1%8A%BF%E1%8B%AF%E1%8B%A2%E1%8A%BE%E1%8B%AA%E1%8B%AE%E1%8B%A2%E1%8B%AC%E1%8B%A9%E1%8B%AC%E1%8A%BD%E1%8A%B8%E1%8A%B9%E1%8A%BA%E1%8B%AB%E1%8A%BD%E1%8B%A9%E1%8A%BE%E1%8B%AD%E1%8A%BA%E1%8A%B9%E1%8A%BE%E1%8A%B9%E1%8B%A8%E1%8A%BA%E1%8B%A2%E1%8A%BF%E1%8B%AD%E1%8B%AB%E1%8B%AA"
"&ctl00%24Content1%24txtHiddenUserName=%E1%8A%8F%E1%8A%9A%E1%8A%9C%E1%8A%9A%E1%8A%BF%E1%8A%B6%E1%8A%B2%E1%8A%B5"
"&__ASYNCPOST=true&ctl00%24Content1%24btnLogin=Sign%20In",
LAST);

I tried replacing Web_custom_request to Web_Submit_data also but its not working

web_submit_data("default.aspx_2",
"Action=https://QAinstance*******/default.aspx?Key=NonSSOEntry",
"Method=POST",
"EncType=application/x-www-form-urlencoded; charset=utf-8",
"TargetFrame=_PARENT",
"Referer=https://QAinstance*******/default.aspx?Key=NonSSOEntry",
"Mode=HTML",
ITEMDATA,
"Name=username", "Value={username}", ENDITEM,
"Name=Password", "Value={Password}, ENDITEM,
EXTRARES,
"URL=https://QAinstance*******/default.aspx?Key=NonSSOEntry",
ENDITEM,
LAST);

Thanks & Regards,

Rajiv Joshi

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.