New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


How can I check if the login authentication for a webpage works?

Votes:

1

Your Vote:

Up

Down

I would like to monitor the authentication for logging in to a web page. If the login fails because the username and/or the password are wrong with which a sensor tries to authenticate on the web page, the sensor should show an error in PRTG.

How can I test with PRTG if login credentials for a web page are correct? Is it possible to check if a username/password combination results in an unsuccessful login attempt?

authentication credentials http http-advanced login postdata prtg website-authentication

Created on May 8, 2015 2:58:00 PM by  Gerald Schoch [Paessler Support]

Last change on May 12, 2015 2:31:21 PM by  Martina Wittmann [Paessler Support]



3 Replies

Accepted Answer

Votes:

2

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 15 or later

Checking Login Credentials for a Web Page Using POST Requests

To monitor if login attempts to a web page are successful with a certain username and password combination, you can use the HTTP Advanced sensor. If the website of which you want to check login credentials uses POST data to log in to the internal area, you have to find out the needed POST data for the login and provide it with the correct syntax in the settings of the sensor. Furthermore, you have to find the response of the login form for unsuccessful login attempts.

The HTTP Advanced sensor can check this answer for defined keywords and show a warning or down status if keywords are found that indicate a failed login.

Find out POST Data for HTTP Request

If your web page requires login credentials as POST data, find out the content the sensor has to send with the HTTP request and which syntax the target page uses for the POST data. We recommend that you use a tool like Firebug, for example, to inspect the elements of the web page and see the required data.

Provide Correct Data in the Sensor Settings

To check login credentials for a web page, add an HTTP Advanced sensor to PRTG. In step 2 of the add sensor dialog, define the settings as described below.

Note: You can leave settings unchanged if they are not mentioned below.

Step by Step: Monitoring Login Authentication

We describe the necessary steps to monitor login authentication with the login page of the PRTG web interface as example. Basically, this approach also works on other login forms.

  • Open the web page with the login form you want to check for authentication.
  • Provoke an unsuccessful login by using wrong credentials. For example, use the credentials you want to check for failing authentication.
  • Check how the web page notifies you about the failed login. For example, PRTG shows the red error message Your login has failed. Please try again!
  • Open Firebug to inspect the web page.
  • Open the Net panel, show All requests, and look at the Post data.
  • Enter the complete URL of the POST request into the URL field of the HTTP Advanced sensor settings. Note: It might differ from the URL of the login page.
  • Select POST as Request Method in the sensor settings.
  • Copy the raw data in the Source section of the Post tab in Firebug and paste it into the Postdata field of the sensor settings. Adjust the parameters for username and password according to your needs. These are the credentials that you want to check for logging in to the web page.

PRTG Login with Wrong Credentials
Click here to enlarge.

HTTP Specific Postdata
Click here to enlarge.

  • Check the response of the web page to the failed login.
    • In Firebug, open the HTML panel.
    • Use the Inspector and hover the error message to highlight it in the HTML code.
    • Copy the error message.

PRTG Login HTML Response
Click here to enlarge.

  • Paste the error message into the Response Must Not Include field in the sensor settings.

HTTP Advanced Settings
Click here to enlarge.

  • Save the settings.

Your HTTP Advanced sensor now checks if the provided credentials result in a successful login attempt on the requested web page. Depending on the option you choose for Exclude Keyword, the sensor shows an error or warning status if the keyword is found and so the username/password combination is not valid for the login.

HTTP Advanced Error
Click here to enlarge.

Created on May 8, 2015 3:50:28 PM by  Gerald Schoch [Paessler Support]

Last change on May 12, 2015 2:31:49 PM by  Martina Wittmann [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I was able to get this working on a simple website, but I'm trying to do the same thing on a URL that ends in .ASPX. When I login and check Firebug, the HTML tab says "Reload the page to get source for: https://mywebsite" and the source data looks very different, it begins with "__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=" vs "Username=xxxxx&Password=xxxxx&" like the source for my working sensor.

Created on Dec 10, 2015 7:52:51 PM by  Eric Walker (0) 1



Votes:

0

Your Vote:

Up

Down

Hello,

Unfortunately the HTTP (Advanced) Sensors are not able to handle different tokens at the moment. However, you might have a look into the EXE/Script Sensor or EXE/Script Advanced Sensor. Using them you could write a script which then is executed by PRTG.

Created on Dec 11, 2015 2:11:57 PM by  Jochen Greger [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.