Using fiddler with Windows Authentication

Question

I am testing some proxy settings for our application but I need to test a proxy that requires Windows Authentication (or network credentials).

For testing, I assigne

Answer 1

WebMarshal is a web proxy that runs on windows. It can be configured to use Basic Authentication and NTLM Authentication. You can download a free trial.

Answer 2

In Fiddler 4.6 I can turn on "Automatically Authenticate" under Composer -> Options. My WebAPI hosted in IIS using Windows Authentication is then successfully called. You can see three requests in the log for a single call.

1. HTTP/1.1 401 Unauthorized Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM

2. HTTP/1.1 401 Unauthorized Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: Negotiate oYIBDTCCAQ... Date: Mon, 18 Jan 2016 09:38:22 GMT Content-Length: 341

3. HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 Persistent-Auth: true WWW-Authenticate: Negotiate oRsw... Date: Mon, 18 Jan 2016 09:38:22 GMT Content-Length: 4

Answer 3

You cannot easily do this with Fiddler; you'd need to calculate the credential challenge yourself and add the challenge in a response header after returning a HTTP/407 response with a Proxy-Authenticate: Negotiate header.

In contrast, BASIC authentication is easily supported with a single response header, which is how Fiddler's "Require Proxy Authentication" feature works.