JMETER + POST + anti-forgery token
JMETER + POST + anti-forgery token
Looking into XSRF/CSRF Prevention in ASP.NET MVC and Web Pages it appears that you're either sending an incorrect __RequestVerificationToken
parameter value or completely miss the step.
If the current HTTP request already contains an anti-XSRF session token (the anti-XSRF cookie __RequestVerificationToken), the security token is extracted from it. If the HTTP request does not contain an anti-XSRF session token or if extraction of the security token fails, a new random anti-XSRF token will be generated.
So your test should look like:
Open Login Page (HTTP Get Request)
Extract
__RequestVerificationToken
dynamic parameter value using suitable JMeter PostProcessor, I would recommend going for CSS Selector Extractor, the configuration would be something like:
Once done you can refer the extracted value as
${token}
in the next request
Check out ASP.NET Login Testing with JMeter article for more detailed information and step-by-step instructions if needed
最新文章
- CSS Table Gallery
- 【SAP Business Objects】Universe中的@prompt语法
- Django模块学习- django-pagination
- 布置theano(Ubuntu14.04 LTS)
- iot表和heap表排序规则不同
- uva 657
- 【源代码】StringBuilder和StringBuffer震源深度分析
- 新笔记tst
- Redux入门示例-TodoList
- day0203 XML 学习笔记
- Kafka学习笔记1:概念
- mac终端命令及pycharm常用快捷键记录
- Linux跑脚本用sh和./有什么区别?(转)
- 用js实现贪吃蛇
- 【Teradata】配置PE和AMP(congfig和reconfig工具、vprocmanager)
- 如何调用layer.open打开的的iframe窗口中的JS
- npm 发布包和删除包(2019最新攻略)
- C# 调用Tesseract实现OCR
- MySQL高可用方案-PXC环境部署记录
- [LeetCode&;Python] Problem 108. Convert Sorted Array to Binary Search Tree