Form Authentication tab

This tab holds the Successful Login regular expressions that you enter to describe the page that is sent in response to an accepted username-password. (Information entered here applies only when Form Authentication is tested.)

Option

Description

Successful Login Detection

Success Response

When selected, currently configured Success Responses are displayed in the pane below.

Error Response

When selected, currently configured Error Responses are displayed in the pane below.

Add/Remove

See Describe the application's login responses for instructions on adding responses to the lists; or About metacharacters to learn more about writing regular expressions.

Default Counterfeit Credentials

Username/Password

These fields show the strings that you will be asked to enter when creating the login request to configure Form Authentication (see Form authentication). They do not need to be valid credentials as they are not used to actually log in to the site. They are simply used to identify to Authentication Tester the location of the credentials in the login request (for use in Brute Forcing the site).

The default values are BruteUsername and BrutePassword. If client-side logic will not allow these values to be used in a login request to the site (for example, if the application requires an email as the username, and client-side logic enforces this rule when creating the login request), change these values to a valid format.

When changing the default counterfeit credentials, make sure that neither value is a sub-string of the other. For example, if you enter user@email.com as the username, you may not use user as the password.