Service Checks: beyond basic authentication

Sometimes we run acrossed Service Check websites that use a new fancy way of logging in making passing basic Username and Password impossible like this example for Zerto.  The login screen is a embedded Java application making it impossible to send the credentials in html.  

Although it may not be possible to emulate logging in to these sites it is possible to add the authentication header information and verify the site is up and login is possible.  

Finding the authentication header information can be a bit tricky as their are an infinite number of ways a website can store this information, but its should be easy enough to spot them in the headers.  

To view the header information with Chrome Dev Tool login to your site.  Then right click and inspect the page.  

Lets take a look at Revzilla.com, a typical online store, as an example.  

First login and view the headers.  Note the "my-account" in the URL and the "my-account" in the headers.  That is the page headers we are looking for in this and most websites.  Copy the Cookie string in to your clipboard.  

I've also seen this under a specific "Login.jps" or in a Authorization header, but this example with the cookie header is the most common.  

From LogicMonitor, setup a Service Web Check normally adding the page /my-account in one of the steps.  In this example /my-account will be the only step.   

 

Then add in the cookie header and paste the string value.  

For normal use HTTP Version 1.1 and Method GET should be sufficient.  

These sites normally return a status 200 (OK) even for a failed login, you can ensure the login works by finding a string that appears after a successful login.  I'll use "Your Zilla Cash" for this example.  

 

You can now verify and test the step.  

You can test further, but changing the verify further by removing the cookie and ensuring the Service check will not login and fail.