The result of the check is a 404. This page has Windows Auth enabled. I'm specifying username/password in the config of the check. If auth wasn't working, I would have expected a 401/403. I tested with curl and Invoke-WebRequest and couldn't reproduce the behavior from Heartbeat.
I did a few more tests this morning. Here's what I found:
If I target an IIS web site directly:
If I run the check and only Windows auth is enabled, the check fails with a 401
If I run the check and Basic Auth is enabled, the check passes successfully
If I target an IIS web site while going through IIS Application Request Routing (http load balancer):
The site has Windows Auth enabled and ASP .NET Form Based Auth, the check fails with a 404. I can see the credentials getting passed properly and the URL in the GET looks OK as well. I'm suspecting the combination of the request made with the Go-http client and this particular load balancer does something funky. The reason while the root of the site is working is because anonymous access was allowed.
Interesting. Well, windows auth is... something "special" not support by golibs. I found this, at least supporting ntmlssp. This library translates basic auth to ntmlssp based authentication.
Have you tried making a request via basic auth using some tool like curl?
For testing purposes all you have todo is clone the lib into the vendor/github.com/Azure folder and updated line 134 in task.go to read (well, don't forget the import):
ntlmssp.Negotiator{&SimpleTransport{
...
}}
I don't run windows or IIS. But I still would be interested to hear if this works.
If you want to give it a shot, you can download go compiler here + install instructions:
Once you have go in place you can use go get github.com/Azure/go-ntlmssp to get the dependency. Use git to clone beats repo into D:/Go/src/github.com/elastic/ and test your build by going to beat/heartbeat subdirectory and enter go build. If build works you can adapt task.go and recompile.
Feel free to open an enhancement request. There are a few libs supporting ntml (some seem to support v1 and v2), but evaluating those libs, adding support based on one lib (some libs seem to require quite some 'footwork') and building a fake http server for testing (that is I've no guarantee it will work with IIS, as I have no IIS available) will take quite some time. If you can confirm the 'Azure' one working (which is quite easy to use), we can add at least add experimental support to configure the authentication-method for the time being.
btw. I have no idea how to uninstall go development environment. Maybe you want to try building heartbeat in a virtual machine to throw away afterwards.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.