SCOM Web Availability Monitoring with www/http basic authentication

SCOM offers multiple ways to monitor websites, I utilize the Web application availability monitoring template as much as possible apposed to the Web Application Transaction Monitoring, mainly because it is faster to configure and easier to see a break down of what is experiencing an issue.


However, one downside is the web application availability monitoring template does not have an inherent way to handle websites that require basic authentication logins. The way to overcome this issue is to utilize http headers and use an authorization header with a encoded username and password.


HTTP Headers - Basic Authentication
To access a site that is using basic authentication you will need to encode your username and password as a base64 username|password combination.
*It is suggested to use an account with the least available permissions needed to do the site test. Preferably an account that has limited read-only access. Since the base64 encoded account can be decoded fairly easy.


You can do this from a site such as https://www.base64encode.org/

1. Under the Encode section type in your username and password with the following format username:password
2. Click encode and viola!
3. Copy and save the results.

Now you need to add an HTTP header to your URL's test to enable SCOM to login to the site and give a 200 response instead of a 401.

1. Follow the normal steps to create a new web application availability monitor site test, and open the "Change Configuration" settings under the View and Validate Tests tab.
2. Scroll down until you see HTTP Headers.
3. Click on Add and a new window will open.
4. In the HTTP header name: box type in: Authorization
5. In the HTTP header value: box type in: basic "base64 encoded user/pass" without the quotes.
6. 
7. Click OK to close the header window, then click OK to save.
8. Click on Run Test to verify the site is passing and not giving a 401.

All Done.