JMETER + POST + anti-forgery token

JMETER + POST + anti-forgery token

Looking into XSRF/CSRF Prevention in ASP.NET MVC and Web Pages it appears that you're either sending an incorrect __RequestVerificationToken parameter value or completely miss the step.html

If the current HTTP request already contains an anti-XSRF session token (the anti-XSRF cookie __RequestVerificationToken), the security token is extracted from it. If the HTTP request does not contain an anti-XSRF session token or if extraction of the security token fails, a new random anti-XSRF token will be generated.web

So your test should look like:apache

  • Open Login Page (HTTP Get Request)cookie

  • Once done you can refer the extracted value as ${token} in the next requestmvc

     

     

Check out ASP.NET Login Testing with JMeter article for more detailed information and step-by-step instructions if neededapp

相關文章
相關標籤/搜索