How to open a Chrome Browser on a Remote Computer

[tomdar...@gmail.com]

I have written several Selenium C# tests using AutoIT to login in to Chrome Windows Authentication in HeadMode.

But when I deploy to Azure, and configure the task "Run PowerShell on Target Machines", it does not open Chrome and all of my tests fail.

Does anyone know how to Open Chrome on a remote computer in Azure?

note:  If I use headless mode it works, but in headless mode I have to expose the password which is a security breach.
i.e. driver.Navigate().GoToUrl("http://MySeleniumReadOnlyUser:Pass...@mySite.com/");

Thanks

[David]

Do you know what happens with the "Run PowerShell on Target Machines" task? Maybe that task isn't running properly against the remote desktop in Azure.

Can you elaborate on your deployment steps for how you run the automation? Maybe you can try invoking the AutoIt code with PSExec.exe instead of using Azure task, and run the PSExec shell call in your automation code's language. You may need to open some firewall setting (or not) for the PSExec to operate against the Azure VM.

Also, for headless mode, it may be less a security risk if the login URL was HTTPS since the transmission I believe should be encrypted (over the network), so you'd only see it in code. You could verify with Wireshark, your browser developer tools to see the data is misleading since it has the local view of things, it can view the data before it's encrypted. And unless you compiled the AutoIt code, or encrypted the password there, the password is still plaintext in the code in terms of security risk in that area. Does the target site support HTTPS?

[tomdar...@gmail.com]

David:

Thanks for replying.

When I run the PowerShell on Target Machine", it does not open Chrome to run the tests in Head Mode.  I see Chrome processes spin up on the target machine in Task Manager, but Chrome never "opens" so AutoIT fails.
See Attached file for how I have this set up in Azure DevOps.

I am invoking AutoIT.exe within my C# test  (see attached) code.  Invoking AutoIT with PSExec won't do me any good if I can't open a Chrome browser on the reomote machine.

I wish the apps were https but they are all internal Web Applications using Windows Authentication in IIS.

Tom

[tomdar...@gmail.com]

Let’s look at my issue a different way.

Here is my requirement.

We wish to automate running selenium tests in Azure DevOps where we secure the credentials in headless mode.

Can you help us with this?

 

Tom

[David]

Securing credentials is one thing, but when it's Windows or HTTP authentication, that's a related but different thing. I don't know if you can secure the latter headless-ly. You'd have to research your options for how else can you authentication for Windows/HTTP without UI popup and plaintext transmission of login over the URL.

As for your current implementation issue, I would look into how you can debug that deploy pipeline. You need to know why Chrome never appears. Either something errors out, or it's running under the wrong process / service account. You may need to run the deployed task under a user account that has GUI access for Chrome to appear, because you're not running a background system service that doesn't need UI. That's one tricky caveat in Windows to account for. I saw the deploy pipeline has options for error handling - try the other options to help you debug.

Also regarding PSExec, you could choose to run PSExec against the VM instance to launch the same executable that your Azure task does instead of running the Azure task to see if that makes a difference. So use PSExec instead to launch your task, not PSExec to launch AutoIt. If the PSExec route works, then there is some failure with the Azure task approach that you need to debug. If PSExec route also fails, then we have more debugging to do.

[tomdar...@gmail.com]

David:

Thanks again for your reply.

I will try using PSExec today to launch the Azure task and let you know how it goes.

Question:  Do you know if there is a way to tokenize the credentials?

Tom

[tomdar...@gmail.com]

David:

I don't see a PSEXEC Task in Azure.  What am I missing here?

[tomdar...@gmail.com]

David:

My company does not want me to go down the AutoIT.exe path anymore.  As whith AutoIT, a browser would open and run the Selenium tests.  We have 25 Selenium apps to run.  We would have to stagger each app throughout the day or on a weekend which may introduce other problems,

So back to my question.    Assume my password is in KeyVault.. Do you know to retrieve the password via some officially supported libraries or how to tokenize the password?

Tom

[David]

There is no PSExec task. What I was referring to was running PSExec.exe on some local machine on the network, and pass it the FQDN/IP of the Azure VM to connect to and execute the command against. Refer to https://docs.microsoft.com/en-us/sysinternals/downloads/psexec. It's an alternative to running commands on a computer/VM remotely.

I don't know of way to tokenize credentials.

If you can't use AutoIT and Selenium doesn't have native support to handle the Windows/HTTP authentication popup, then you will most likely have to resort to headless route, or passing the login in the URL.

If exposing login is a security, you should ensure the account used is very limited access for what it can do. In QA test automation, those accounts are very basic, so it shouldn't matter if as much if it was indeed hacked later on, and you can then just disable the account and make new one, or change the password, etc.

[tomdar...@gmail.com]

Thanks David for all your help.

Still searching for a way to secure the password