Category Archives: Fiddler

Don’t forget to Automatically Authenticate calls when using Fiddler

I tend to forget some simple things I just don’t use that often.

One of these is when working with some ASP.NET apps which are using Windows Authentication with 401 HTTP Challenge (Kerberos) set like this in IIS manager :

asp dot net iis windows auth sample

For bigger HTTP debugging “jobs” I am using Fiddler, as most of us do. So, if you want to forge a new HTTP request in Composer and see something like this (401 in the lines 14-21) :

calls without automatically authenticate

You clearly need to check Automatically Authenticate in Composer Options tab.

So what do we see here. This is a random session on my dev box. My browser undergo 401 challenge in the step 1 and 2. From there, everything had 200 because we are authenticated. This is done by the browser, “automagically”. I drag and dropped POST request on position 12 to Composer and not checked Automatically Authenticate (I forgot to) and I got all those nice 401s from 14 to 21.

Please note, that even if you drag and drop some request from browser that got 200 from IIS,  the Fiddler will not get 200 also. Fiddler is for IIS just another client, just replaying the very same request will not make it authenticated. This is by design, not a bug.

If you allow automatically authenticate, you will see that you will get 401 at first, but Fiddler will do it’s job and issue another request, which will get 200 this time. Something like this :

calls with automatically authenticate

All requests from that point will get 200.

Hope this helps guys.

How to drop VS2013 Browser Link requests from you Fiddler debugging session – filter for specified host name and port

The short story:

Filter out only hosts and ports you need. Apply the filter, enjoy.

Complete story with more help:

Visual Studio 2013 gave us awesome thing, Browser Link – , but essentially, what is happening is, it’s using SignalR to inject some JS to let VS 2013 communicate with browsers. So it can happen, that you are debugging something on the localhost and suddenly you see something like this :

browser link

How to filter this noise away? First thing I was using process filter :

fiddler process filter

but this will only filter out process, so you will see only IE (in this case, or anything you choose), but how about filtering only domain? It’s in another place, but it’s there, just hidden a bit :

fiddler filters

Here you can filter more, than you need to click on the Actions button and Run Filterset now, this will apply filters to what you already have + all future events.

And the last part of puzzle is, you need to filter for (this applies only for me in this particular case), localhost:80 , because to filter only for localhost would yield also all requests to all localhost ports, what we dont need.

Another option could also be to : ban particular host:port , depends on your needs :)

Hope this helps,