Authenticating To A .NET Web Application

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Authenticating To A .NET Web Application

Eric Rubin
I want to stress test some areas of an application that sit behind a log in page. Is there a way to do this using JMeter?

When a user enters their credentials and submits the form to authenticate, the data is sent to the server using a strongly typed object. In an attempt to replicate, I recorded the login process using the BlazeMeter extension for Chrome. After recording it, I converted the .har file to a .jmx, imported it into JMeter, and then ran my test. Unfortunately, authentication is still not taking place.

Is there another approach? Any suggestions would be greatly appreciated.
Kind Regards
Eric Rubin
Senior Developer
[http://logo.pandora.net/HQ_logo_email_signature.jpg]
Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201
T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | [hidden email]<mailto:[hidden email]>
Make Your Own Wish List on
PANDORA.net<http://www.pandora.net/us/>
[http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-online_2017.jpg]<https://www.facebook.com/pandorajewelry>[http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bird-blue-on-white_2017.jpg]<https://twitter.com/pandora_NA>[http://pandorajewelrymarketing.blob.core.windows.net/logos/google_youtube_2017.jpg]<https://www.youtube.com/user/TheOfficialPandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2017.jpg]<http://instagram.com/theofficialpandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_badge_red_2017.jpg]<https://www.pinterest.com/officialpandora/> [http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png] <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
whitespace
Reply | Threaded
Open this post in threaded view
|

RE: Authenticating To A .NET Web Application

Herbener, Martin - Division of School Technology Planning and Project
 Management
Hi,

This is absolutely possible.

I would start with https://cwiki.apache.org/confluence/display/JMETER/DifferentBehaviour and https://cwiki.apache.org/confluence/display/JMETER/JMeterFAQ#JMeterFAQ-HowdoIparameterizemyJMetertestcases, and see if you can get to a more specific problem/question.

Good luck!

Martin

-----Original Message-----
From: Eric Rubin [mailto:[hidden email]]
Sent: Monday, December 9, 2019 10:52 AM
To: [hidden email]
Subject: Authenticating To A .NET Web Application

I want to stress test some areas of an application that sit behind a log in page. Is there a way to do this using JMeter?

When a user enters their credentials and submits the form to authenticate, the data is sent to the server using a strongly typed object. In an attempt to replicate, I recorded the login process using the BlazeMeter extension for Chrome. After recording it, I converted the .har file to a .jmx, imported it into JMeter, and then ran my test. Unfortunately, authentication is still not taking place.

Is there another approach? Any suggestions would be greatly appreciated.
Kind Regards
Eric Rubin
Senior Developer
[http://logo.pandora.net/HQ_logo_email_signature.jpg]
Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201 T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | [hidden email]<mailto:[hidden email]>
Make Your Own Wish List on
PANDORA.net<http://www.pandora.net/us/>
[http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-online_2017.jpg]<https://www.facebook.com/pandorajewelry>[http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bird-blue-on-white_2017.jpg]<https://twitter.com/pandora_NA>[http://pandorajewelrymarketing.blob.core.windows.net/logos/google_youtube_2017.jpg]<https://www.youtube.com/user/TheOfficialPandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2017.jpg]<http://instagram.com/theofficialpandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_badge_red_2017.jpg]<https://www.pinterest.com/officialpandora/> [http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png] <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
whitespace

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Authenticating To A .NET Web Application

Eric Rubin
Hi Martin,

Thanks for reaching out.

As it relates to the documentation provided in the links you sent, I used JMeter as a proxy to record the test plan process. Unfortunately, the test sill doesn't appear to authenticate the user during playback. I don't believe the form was even submitted, as we log both failed and successful login attempts in our database. Further, I added an HTTP request to a page behind the login, but the response message is unauthorized.

I also compared the traffic generated by the recording and compared it to the network output from Chrome's dev tools. There are numerous requests, so it's a bit difficult to isolate the differences. One thing that's obvious is that my recording contains a cookie manager but is not supplying any name value pairs. The network traffic reported by Chrome shows several, so I will add that into the recording to see if that changes the result.

Any other thoughts you may have to overcome this would be greatly appreciated!

Kind Regards
Eric Rubin
Senior Developer
PANDORA Jewelry LLC

T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | mailto:[hidden email]

Make Your Own Wish List
on PANDORA.net
-----Original Message-----
From: Herbener, Martin - Division of School Technology Planning and Project Management <[hidden email]>
Sent: Monday, December 9, 2019 1:04 PM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

Hi,

This is absolutely possible.

I would start with https://cwiki.apache.org/confluence/display/JMETER/DifferentBehaviour and https://cwiki.apache.org/confluence/display/JMETER/JMeterFAQ#JMeterFAQ-HowdoIparameterizemyJMetertestcases, and see if you can get to a more specific problem/question.

Good luck!

Martin

-----Original Message-----
From: Eric Rubin [mailto:[hidden email]]
Sent: Monday, December 9, 2019 10:52 AM
To: [hidden email]
Subject: Authenticating To A .NET Web Application

I want to stress test some areas of an application that sit behind a log in page. Is there a way to do this using JMeter?

When a user enters their credentials and submits the form to authenticate, the data is sent to the server using a strongly typed object. In an attempt to replicate, I recorded the login process using the BlazeMeter extension for Chrome. After recording it, I converted the .har file to a .jmx, imported it into JMeter, and then ran my test. Unfortunately, authentication is still not taking place.

Is there another approach? Any suggestions would be greatly appreciated.
Kind Regards
Eric Rubin
Senior Developer
[http://logo.pandora.net/HQ_logo_email_signature.jpg]
Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201 T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | [hidden email]<mailto:[hidden email]>
Make Your Own Wish List on
PANDORA.net<http://www.pandora.net/us/>
[http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-online_2017.jpg]<https://www.facebook.com/pandorajewelry>[http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bird-blue-on-white_2017.jpg]<https://twitter.com/pandora_NA>[http://pandorajewelrymarketing.blob.core.windows.net/logos/google_youtube_2017.jpg]<https://www.youtube.com/user/TheOfficialPandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2017.jpg]<http://instagram.com/theofficialpandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_badge_red_2017.jpg]<https://www.pinterest.com/officialpandora/> [http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png] <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
whitespace

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Authenticating To A .NET Web Application

Herbener, Martin - Division of School Technology Planning and Project
 Management
Eric,

If you add a "View Results Tree" listener (https://jmeter.apache.org/usermanual/component_reference.html#View_Results_Tree) you should be able to get more insight into what is being sent by jMeter and what is being received.

Thanks

Martin

-----Original Message-----
From: Eric Rubin [mailto:[hidden email]]
Sent: Tuesday, December 10, 2019 11:26 AM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

Hi Martin,

Thanks for reaching out.

As it relates to the documentation provided in the links you sent, I used JMeter as a proxy to record the test plan process. Unfortunately, the test sill doesn't appear to authenticate the user during playback. I don't believe the form was even submitted, as we log both failed and successful login attempts in our database. Further, I added an HTTP request to a page behind the login, but the response message is unauthorized.

I also compared the traffic generated by the recording and compared it to the network output from Chrome's dev tools. There are numerous requests, so it's a bit difficult to isolate the differences. One thing that's obvious is that my recording contains a cookie manager but is not supplying any name value pairs. The network traffic reported by Chrome shows several, so I will add that into the recording to see if that changes the result.

Any other thoughts you may have to overcome this would be greatly appreciated!

Kind Regards
Eric Rubin
Senior Developer
PANDORA Jewelry LLC

T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | mailto:[hidden email]

Make Your Own Wish List
on PANDORA.net
-----Original Message-----
From: Herbener, Martin - Division of School Technology Planning and Project Management <[hidden email]>
Sent: Monday, December 9, 2019 1:04 PM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

Hi,

This is absolutely possible.

I would start with https://cwiki.apache.org/confluence/display/JMETER/DifferentBehaviour and https://cwiki.apache.org/confluence/display/JMETER/JMeterFAQ#JMeterFAQ-HowdoIparameterizemyJMetertestcases, and see if you can get to a more specific problem/question.

Good luck!

Martin

-----Original Message-----
From: Eric Rubin [mailto:[hidden email]]
Sent: Monday, December 9, 2019 10:52 AM
To: [hidden email]
Subject: Authenticating To A .NET Web Application

I want to stress test some areas of an application that sit behind a log in page. Is there a way to do this using JMeter?

When a user enters their credentials and submits the form to authenticate, the data is sent to the server using a strongly typed object. In an attempt to replicate, I recorded the login process using the BlazeMeter extension for Chrome. After recording it, I converted the .har file to a .jmx, imported it into JMeter, and then ran my test. Unfortunately, authentication is still not taking place.

Is there another approach? Any suggestions would be greatly appreciated.
Kind Regards
Eric Rubin
Senior Developer
[http://logo.pandora.net/HQ_logo_email_signature.jpg]
Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201 T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | [hidden email]<mailto:[hidden email]>
Make Your Own Wish List on
PANDORA.net<http://www.pandora.net/us/>
[http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-online_2017.jpg]<https://www.facebook.com/pandorajewelry>[http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bird-blue-on-white_2017.jpg]<https://twitter.com/pandora_NA>[http://pandorajewelrymarketing.blob.core.windows.net/logos/google_youtube_2017.jpg]<https://www.youtube.com/user/TheOfficialPandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2017.jpg]<http://instagram.com/theofficialpandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_badge_red_2017.jpg]<https://www.pinterest.com/officialpandora/> [http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png] <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
whitespace

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Authenticating To A .NET Web Application

Eric Rubin
Thanks, Martin.

I've made a bit of progress with authenticating. Added a Regular Expression Extractor since a Request Verification Token is sent in the request and stored in a cookie.

Inspected the traffic using Fiddler and it appears that the token's value is being sent across the wire. Previously, I was seeing an error indicating that the cookie was not present. Now I'm encountering this error:  The required anti-forgery form field "__RequestVerificationToken" is not present. Any thoughts on how to resolve?

-----Original Message-----
From: Herbener, Martin - Division of School Technology Planning and Project Management <[hidden email]>
Sent: Monday, December 16, 2019 1:18 PM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

Eric,

If you add a "View Results Tree" listener (https://jmeter.apache.org/usermanual/component_reference.html#View_Results_Tree) you should be able to get more insight into what is being sent by jMeter and what is being received.

Thanks

Martin

-----Original Message-----
From: Eric Rubin [mailto:[hidden email]]
Sent: Tuesday, December 10, 2019 11:26 AM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

Hi Martin,

Thanks for reaching out.

As it relates to the documentation provided in the links you sent, I used JMeter as a proxy to record the test plan process. Unfortunately, the test sill doesn't appear to authenticate the user during playback. I don't believe the form was even submitted, as we log both failed and successful login attempts in our database. Further, I added an HTTP request to a page behind the login, but the response message is unauthorized.

I also compared the traffic generated by the recording and compared it to the network output from Chrome's dev tools. There are numerous requests, so it's a bit difficult to isolate the differences. One thing that's obvious is that my recording contains a cookie manager but is not supplying any name value pairs. The network traffic reported by Chrome shows several, so I will add that into the recording to see if that changes the result.

Any other thoughts you may have to overcome this would be greatly appreciated!

Kind Regards
Eric Rubin
Senior Developer
PANDORA Jewelry LLC

T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | mailto:[hidden email]

Make Your Own Wish List
on PANDORA.net
-----Original Message-----
From: Herbener, Martin - Division of School Technology Planning and Project Management <[hidden email]>
Sent: Monday, December 9, 2019 1:04 PM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

Hi,

This is absolutely possible.

I would start with https://cwiki.apache.org/confluence/display/JMETER/DifferentBehaviour and https://cwiki.apache.org/confluence/display/JMETER/JMeterFAQ#JMeterFAQ-HowdoIparameterizemyJMetertestcases, and see if you can get to a more specific problem/question.

Good luck!

Martin

-----Original Message-----
From: Eric Rubin [mailto:[hidden email]]
Sent: Monday, December 9, 2019 10:52 AM
To: [hidden email]
Subject: Authenticating To A .NET Web Application

I want to stress test some areas of an application that sit behind a log in page. Is there a way to do this using JMeter?

When a user enters their credentials and submits the form to authenticate, the data is sent to the server using a strongly typed object. In an attempt to replicate, I recorded the login process using the BlazeMeter extension for Chrome. After recording it, I converted the .har file to a .jmx, imported it into JMeter, and then ran my test. Unfortunately, authentication is still not taking place.

Is there another approach? Any suggestions would be greatly appreciated.
Kind Regards
Eric Rubin
Senior Developer
[http://logo.pandora.net/HQ_logo_email_signature.jpg]
Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201 T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | [hidden email]<mailto:[hidden email]>
Make Your Own Wish List on
PANDORA.net<http://www.pandora.net/us/>
[http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-online_2017.jpg]<https://www.facebook.com/pandorajewelry>[http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bird-blue-on-white_2017.jpg]<https://twitter.com/pandora_NA>[http://pandorajewelrymarketing.blob.core.windows.net/logos/google_youtube_2017.jpg]<https://www.youtube.com/user/TheOfficialPandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2017.jpg]<http://instagram.com/theofficialpandora>[http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_badge_red_2017.jpg]<https://www.pinterest.com/officialpandora/> [http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png] <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
whitespace

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Authenticating To A .NET Web Application

Mariusz W
Hi,
In  my case I support this token as follows:
1. http sample is send (I get response and in form is hidden input fileld
named __RequestVerificationToken)
2. I add css extractor to sampler from previous point and save token e.g.
input[name="__RequestVerificationToken"] as selector
3. Add token saved in previous point to next http sample - in my case it is
send as parameter named __RequestVerificationToken = ${SAVED_TOKEN}.

Regards,
Mariusz

wt., 17 gru 2019 o 22:17 Eric Rubin <[hidden email]> napisał(a):

> Thanks, Martin.
>
> I've made a bit of progress with authenticating. Added a Regular
> Expression Extractor since a Request Verification Token is sent in the
> request and stored in a cookie.
>
> Inspected the traffic using Fiddler and it appears that the token's value
> is being sent across the wire. Previously, I was seeing an error indicating
> that the cookie was not present. Now I'm encountering this error:  The
> required anti-forgery form field "__RequestVerificationToken" is not
> present. Any thoughts on how to resolve?
>
> -----Original Message-----
> From: Herbener, Martin - Division of School Technology Planning and
> Project Management <[hidden email]>
> Sent: Monday, December 16, 2019 1:18 PM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Eric,
>
> If you add a "View Results Tree" listener (
> https://jmeter.apache.org/usermanual/component_reference.html#View_Results_Tree)
> you should be able to get more insight into what is being sent by jMeter
> and what is being received.
>
> Thanks
>
> Martin
>
> -----Original Message-----
> From: Eric Rubin [mailto:[hidden email]]
> Sent: Tuesday, December 10, 2019 11:26 AM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Hi Martin,
>
> Thanks for reaching out.
>
> As it relates to the documentation provided in the links you sent, I used
> JMeter as a proxy to record the test plan process. Unfortunately, the test
> sill doesn't appear to authenticate the user during playback. I don't
> believe the form was even submitted, as we log both failed and successful
> login attempts in our database. Further, I added an HTTP request to a page
> behind the login, but the response message is unauthorized.
>
> I also compared the traffic generated by the recording and compared it to
> the network output from Chrome's dev tools. There are numerous requests, so
> it's a bit difficult to isolate the differences. One thing that's obvious
> is that my recording contains a cookie manager but is not supplying any
> name value pairs. The network traffic reported by Chrome shows several, so
> I will add that into the recording to see if that changes the result.
>
> Any other thoughts you may have to overcome this would be greatly
> appreciated!
>
> Kind Regards
> Eric Rubin
> Senior Developer
> PANDORA Jewelry LLC
>
> T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | mailto:
> [hidden email]
>
> Make Your Own Wish List
> on PANDORA.net
> -----Original Message-----
> From: Herbener, Martin - Division of School Technology Planning and
> Project Management <[hidden email]>
> Sent: Monday, December 9, 2019 1:04 PM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Hi,
>
> This is absolutely possible.
>
> I would start with
> https://cwiki.apache.org/confluence/display/JMETER/DifferentBehaviour and
> https://cwiki.apache.org/confluence/display/JMETER/JMeterFAQ#JMeterFAQ-HowdoIparameterizemyJMetertestcases,
> and see if you can get to a more specific problem/question.
>
> Good luck!
>
> Martin
>
> -----Original Message-----
> From: Eric Rubin [mailto:[hidden email]]
> Sent: Monday, December 9, 2019 10:52 AM
> To: [hidden email]
> Subject: Authenticating To A .NET Web Application
>
> I want to stress test some areas of an application that sit behind a log
> in page. Is there a way to do this using JMeter?
>
> When a user enters their credentials and submits the form to authenticate,
> the data is sent to the server using a strongly typed object. In an attempt
> to replicate, I recorded the login process using the BlazeMeter extension
> for Chrome. After recording it, I converted the .har file to a .jmx,
> imported it into JMeter, and then ran my test. Unfortunately,
> authentication is still not taking place.
>
> Is there another approach? Any suggestions would be greatly appreciated.
> Kind Regards
> Eric Rubin
> Senior Developer
> [http://logo.pandora.net/HQ_logo_email_signature.jpg]
> Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201 T. +1
> (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 |
> [hidden email]<mailto:[hidden email]>
> Make Your Own Wish List on
> PANDORA.net<http://www.pandora.net/us/>
> [
> http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-online_2017.jpg
> ]<https://www.facebook.com/pandorajewelry>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bird-blue-on-white_2017.jpg
> ]<https://twitter.com/pandora_NA>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/google_youtube_2017.jpg
> ]<https://www.youtube.com/user/TheOfficialPandora>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2017.jpg
> ]<http://instagram.com/theofficialpandora>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_badge_red_2017.jpg
> ]<https://www.pinterest.com/officialpandora/> [
> http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png]
> <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
> whitespace
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

RE: Authenticating To A .NET Web Application

Eric Rubin
I realized I was not passing in the right name for the request verification token. Now there is a new error:  "The anti-forgery cookie token and form field token do not match"

I'm not sure what is causing them to be mismatched, which I confirmed is the case by looking at the Results Tree. My test script flow is:

1)  Open login page
2)  Add Regular Expression Extractor to get the __RequestVerificationToken value:
        Variable name:  REQUEST_VERIFICATION_TOKEN
        Regular Expression:  input name="__RequestVerificationToken" type="hidden" value="([A-Za-z0-9+=/\-\_]+?)"
3)  Using the HTTP Cookie Manager, set the cookie name to __RequestVerificationToken and its value to ${REQUEST_VERIFICATION_TOKEN}
4)  Perform the login using a Post; the parameters being sent with the request are UserName, Password, and __RequestVerificationToken. Follow Redirects and User KeepAlive are both checked.

Upon examining the Login step from the Results Tree, the __RequestVerificationToken in the post data differs from that of the cookie data.

Any insight on how to resolve is greatly appreciated!

-----Original Message-----
From: Mariusz W <[hidden email]>
Sent: Wednesday, December 18, 2019 2:15 AM
To: JMeter Users List <[hidden email]>
Subject: Re: Authenticating To A .NET Web Application

Hi,
In  my case I support this token as follows:
1. http sample is send (I get response and in form is hidden input fileld named __RequestVerificationToken) 2. I add css extractor to sampler from previous point and save token e.g.
input[name="__RequestVerificationToken"] as selector 3. Add token saved in previous point to next http sample - in my case it is send as parameter named __RequestVerificationToken = ${SAVED_TOKEN}.

Regards,
Mariusz

wt., 17 gru 2019 o 22:17 Eric Rubin <[hidden email]> napisał(a):

> Thanks, Martin.
>
> I've made a bit of progress with authenticating. Added a Regular
> Expression Extractor since a Request Verification Token is sent in the
> request and stored in a cookie.
>
> Inspected the traffic using Fiddler and it appears that the token's
> value is being sent across the wire. Previously, I was seeing an error
> indicating that the cookie was not present. Now I'm encountering this
> error:  The required anti-forgery form field
> "__RequestVerificationToken" is not present. Any thoughts on how to resolve?
>
> -----Original Message-----
> From: Herbener, Martin - Division of School Technology Planning and
> Project Management <[hidden email]>
> Sent: Monday, December 16, 2019 1:18 PM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Eric,
>
> If you add a "View Results Tree" listener (
> https://jmeter.apache.org/usermanual/component_reference.html#View_Res
> ults_Tree) you should be able to get more insight into what is being
> sent by jMeter and what is being received.
>
> Thanks
>
> Martin
>
> -----Original Message-----
> From: Eric Rubin [mailto:[hidden email]]
> Sent: Tuesday, December 10, 2019 11:26 AM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Hi Martin,
>
> Thanks for reaching out.
>
> As it relates to the documentation provided in the links you sent, I
> used JMeter as a proxy to record the test plan process. Unfortunately,
> the test sill doesn't appear to authenticate the user during playback.
> I don't believe the form was even submitted, as we log both failed and
> successful login attempts in our database. Further, I added an HTTP
> request to a page behind the login, but the response message is unauthorized.
>
> I also compared the traffic generated by the recording and compared it
> to the network output from Chrome's dev tools. There are numerous
> requests, so it's a bit difficult to isolate the differences. One
> thing that's obvious is that my recording contains a cookie manager
> but is not supplying any name value pairs. The network traffic
> reported by Chrome shows several, so I will add that into the recording to see if that changes the result.
>
> Any other thoughts you may have to overcome this would be greatly
> appreciated!
>
> Kind Regards
> Eric Rubin
> Senior Developer
> PANDORA Jewelry LLC
>
> T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | mailto:
> [hidden email]
>
> Make Your Own Wish List
> on PANDORA.net
> -----Original Message-----
> From: Herbener, Martin - Division of School Technology Planning and
> Project Management <[hidden email]>
> Sent: Monday, December 9, 2019 1:04 PM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Hi,
>
> This is absolutely possible.
>
> I would start with
> https://cwiki.apache.org/confluence/display/JMETER/DifferentBehaviour 
> and
> https://cwiki.apache.org/confluence/display/JMETER/JMeterFAQ#JMeterFAQ
> -HowdoIparameterizemyJMetertestcases,
> and see if you can get to a more specific problem/question.
>
> Good luck!
>
> Martin
>
> -----Original Message-----
> From: Eric Rubin [mailto:[hidden email]]
> Sent: Monday, December 9, 2019 10:52 AM
> To: [hidden email]
> Subject: Authenticating To A .NET Web Application
>
> I want to stress test some areas of an application that sit behind a
> log in page. Is there a way to do this using JMeter?
>
> When a user enters their credentials and submits the form to
> authenticate, the data is sent to the server using a strongly typed
> object. In an attempt to replicate, I recorded the login process using
> the BlazeMeter extension for Chrome. After recording it, I converted
> the .har file to a .jmx, imported it into JMeter, and then ran my
> test. Unfortunately, authentication is still not taking place.
>
> Is there another approach? Any suggestions would be greatly appreciated.
> Kind Regards
> Eric Rubin
> Senior Developer
> [http://logo.pandora.net/HQ_logo_email_signature.jpg]
> Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201 T. +1
> (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 |
> [hidden email]<mailto:[hidden email]>
> Make Your Own Wish List on
> PANDORA.net<http://www.pandora.net/us/>
> [
> http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-on
> line_2017.jpg ]<https://www.facebook.com/pandorajewelry>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bir
> d-blue-on-white_2017.jpg
> ]<https://twitter.com/pandora_NA>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/google_yout
> ube_2017.jpg ]<https://www.youtube.com/user/TheOfficialPandora>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2
> 017.jpg ]<http://instagram.com/theofficialpandora>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_b
> adge_red_2017.jpg ]<https://www.pinterest.com/officialpandora/> [
> http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.
> com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png]
> <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
> whitespace
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Authenticating To A .NET Web Application

Herbener, Martin - Division of School Technology Planning and Project
 Management
Eric,

I am 98% sure that your Post (your step 4) needs to send the __RequestVerificationToken name/value as form fields instead of putting it into the cookies.  This is done using Parameters within the HTTP Request object/component in jMeter (http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Request).

Martin

-----Original Message-----
From: Eric Rubin [mailto:[hidden email]]
Sent: Wednesday, December 18, 2019 11:43 AM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

I realized I was not passing in the right name for the request verification token. Now there is a new error:  "The anti-forgery cookie token and form field token do not match"

I'm not sure what is causing them to be mismatched, which I confirmed is the case by looking at the Results Tree. My test script flow is:

1)  Open login page
2)  Add Regular Expression Extractor to get the __RequestVerificationToken value:
        Variable name:  REQUEST_VERIFICATION_TOKEN
        Regular Expression:  input name="__RequestVerificationToken" type="hidden" value="([A-Za-z0-9+=/\-\_]+?)"
3)  Using the HTTP Cookie Manager, set the cookie name to __RequestVerificationToken and its value to ${REQUEST_VERIFICATION_TOKEN}
4)  Perform the login using a Post; the parameters being sent with the request are UserName, Password, and __RequestVerificationToken. Follow Redirects and User KeepAlive are both checked.

Upon examining the Login step from the Results Tree, the __RequestVerificationToken in the post data differs from that of the cookie data.

Any insight on how to resolve is greatly appreciated!

-----Original Message-----
From: Mariusz W <[hidden email]>
Sent: Wednesday, December 18, 2019 2:15 AM
To: JMeter Users List <[hidden email]>
Subject: Re: Authenticating To A .NET Web Application

Hi,
In  my case I support this token as follows:
1. http sample is send (I get response and in form is hidden input fileld named __RequestVerificationToken) 2. I add css extractor to sampler from previous point and save token e.g.
input[name="__RequestVerificationToken"] as selector 3. Add token saved in previous point to next http sample - in my case it is send as parameter named __RequestVerificationToken = ${SAVED_TOKEN}.

Regards,
Mariusz

wt., 17 gru 2019 o 22:17 Eric Rubin <[hidden email]> napisał(a):

> Thanks, Martin.
>
> I've made a bit of progress with authenticating. Added a Regular
> Expression Extractor since a Request Verification Token is sent in the
> request and stored in a cookie.
>
> Inspected the traffic using Fiddler and it appears that the token's
> value is being sent across the wire. Previously, I was seeing an error
> indicating that the cookie was not present. Now I'm encountering this
> error:  The required anti-forgery form field
> "__RequestVerificationToken" is not present. Any thoughts on how to resolve?
>
> -----Original Message-----
> From: Herbener, Martin - Division of School Technology Planning and
> Project Management <[hidden email]>
> Sent: Monday, December 16, 2019 1:18 PM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Eric,
>
> If you add a "View Results Tree" listener (
> https://jmeter.apache.org/usermanual/component_reference.html#View_Res
> ults_Tree) you should be able to get more insight into what is being
> sent by jMeter and what is being received.
>
> Thanks
>
> Martin
>
> -----Original Message-----
> From: Eric Rubin [mailto:[hidden email]]
> Sent: Tuesday, December 10, 2019 11:26 AM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Hi Martin,
>
> Thanks for reaching out.
>
> As it relates to the documentation provided in the links you sent, I
> used JMeter as a proxy to record the test plan process. Unfortunately,
> the test sill doesn't appear to authenticate the user during playback.
> I don't believe the form was even submitted, as we log both failed and
> successful login attempts in our database. Further, I added an HTTP
> request to a page behind the login, but the response message is unauthorized.
>
> I also compared the traffic generated by the recording and compared it
> to the network output from Chrome's dev tools. There are numerous
> requests, so it's a bit difficult to isolate the differences. One
> thing that's obvious is that my recording contains a cookie manager
> but is not supplying any name value pairs. The network traffic
> reported by Chrome shows several, so I will add that into the recording to see if that changes the result.
>
> Any other thoughts you may have to overcome this would be greatly
> appreciated!
>
> Kind Regards
> Eric Rubin
> Senior Developer
> PANDORA Jewelry LLC
>
> T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | mailto:
> [hidden email]
>
> Make Your Own Wish List
> on PANDORA.net
> -----Original Message-----
> From: Herbener, Martin - Division of School Technology Planning and
> Project Management <[hidden email]>
> Sent: Monday, December 9, 2019 1:04 PM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Hi,
>
> This is absolutely possible.
>
> I would start with
> https://cwiki.apache.org/confluence/display/JMETER/DifferentBehaviour
> and
> https://cwiki.apache.org/confluence/display/JMETER/JMeterFAQ#JMeterFAQ
> -HowdoIparameterizemyJMetertestcases,
> and see if you can get to a more specific problem/question.
>
> Good luck!
>
> Martin
>
> -----Original Message-----
> From: Eric Rubin [mailto:[hidden email]]
> Sent: Monday, December 9, 2019 10:52 AM
> To: [hidden email]
> Subject: Authenticating To A .NET Web Application
>
> I want to stress test some areas of an application that sit behind a
> log in page. Is there a way to do this using JMeter?
>
> When a user enters their credentials and submits the form to
> authenticate, the data is sent to the server using a strongly typed
> object. In an attempt to replicate, I recorded the login process using
> the BlazeMeter extension for Chrome. After recording it, I converted
> the .har file to a .jmx, imported it into JMeter, and then ran my
> test. Unfortunately, authentication is still not taking place.
>
> Is there another approach? Any suggestions would be greatly appreciated.
> Kind Regards
> Eric Rubin
> Senior Developer
> [http://logo.pandora.net/HQ_logo_email_signature.jpg]
> Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201 T. +1
> (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 |
> [hidden email]<mailto:[hidden email]>
> Make Your Own Wish List on
> PANDORA.net<http://www.pandora.net/us/>
> [
> http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-on
> line_2017.jpg ]<https://www.facebook.com/pandorajewelry>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bir
> d-blue-on-white_2017.jpg
> ]<https://twitter.com/pandora_NA>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/google_yout
> ube_2017.jpg ]<https://www.youtube.com/user/TheOfficialPandora>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2
> 017.jpg ]<http://instagram.com/theofficialpandora>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_b
> adge_red_2017.jpg ]<https://www.pinterest.com/officialpandora/> [
> http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.
> com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png]
> <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
> whitespace
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  X  ܚX KK[XZ[
 \ \ ][  X  ܚX P Y]\  \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \ Z[ Y]\  \X K ܙ B

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Authenticating To A .NET Web Application

Eric Rubin
Martin,

Thanks for that.

One thing I failed to mention was that I was using Fiddler to capture traffic by setting the JMeter Proxy Server in my HTTP requests. Once I removed that and the name/value pair for the __RequestVerificationToken from the Cookie Manager, my login was successful.

-----Original Message-----
From: Herbener, Martin - Division of School Technology Planning and Project Management <[hidden email]>
Sent: Wednesday, December 18, 2019 1:17 PM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

Eric,

I am 98% sure that your Post (your step 4) needs to send the __RequestVerificationToken name/value as form fields instead of putting it into the cookies.  This is done using Parameters within the HTTP Request object/component in jMeter (http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Request).

Martin

-----Original Message-----
From: Eric Rubin [mailto:[hidden email]]
Sent: Wednesday, December 18, 2019 11:43 AM
To: JMeter Users List <[hidden email]>
Subject: RE: Authenticating To A .NET Web Application

I realized I was not passing in the right name for the request verification token. Now there is a new error:  "The anti-forgery cookie token and form field token do not match"

I'm not sure what is causing them to be mismatched, which I confirmed is the case by looking at the Results Tree. My test script flow is:

1)  Open login page
2)  Add Regular Expression Extractor to get the __RequestVerificationToken value:
        Variable name:  REQUEST_VERIFICATION_TOKEN
        Regular Expression:  input name="__RequestVerificationToken" type="hidden" value="([A-Za-z0-9+=/\-\_]+?)"
3)  Using the HTTP Cookie Manager, set the cookie name to __RequestVerificationToken and its value to ${REQUEST_VERIFICATION_TOKEN}
4)  Perform the login using a Post; the parameters being sent with the request are UserName, Password, and __RequestVerificationToken. Follow Redirects and User KeepAlive are both checked.

Upon examining the Login step from the Results Tree, the __RequestVerificationToken in the post data differs from that of the cookie data.

Any insight on how to resolve is greatly appreciated!

-----Original Message-----
From: Mariusz W <[hidden email]>
Sent: Wednesday, December 18, 2019 2:15 AM
To: JMeter Users List <[hidden email]>
Subject: Re: Authenticating To A .NET Web Application

Hi,
In  my case I support this token as follows:
1. http sample is send (I get response and in form is hidden input fileld named __RequestVerificationToken) 2. I add css extractor to sampler from previous point and save token e.g.
input[name="__RequestVerificationToken"] as selector 3. Add token saved in previous point to next http sample - in my case it is send as parameter named __RequestVerificationToken = ${SAVED_TOKEN}.

Regards,
Mariusz

wt., 17 gru 2019 o 22:17 Eric Rubin <[hidden email]> napisał(a):

> Thanks, Martin.
>
> I've made a bit of progress with authenticating. Added a Regular
> Expression Extractor since a Request Verification Token is sent in the
> request and stored in a cookie.
>
> Inspected the traffic using Fiddler and it appears that the token's
> value is being sent across the wire. Previously, I was seeing an error
> indicating that the cookie was not present. Now I'm encountering this
> error:  The required anti-forgery form field
> "__RequestVerificationToken" is not present. Any thoughts on how to resolve?
>
> -----Original Message-----
> From: Herbener, Martin - Division of School Technology Planning and
> Project Management <[hidden email]>
> Sent: Monday, December 16, 2019 1:18 PM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Eric,
>
> If you add a "View Results Tree" listener (
> https://jmeter.apache.org/usermanual/component_reference.html#View_Res
> ults_Tree) you should be able to get more insight into what is being
> sent by jMeter and what is being received.
>
> Thanks
>
> Martin
>
> -----Original Message-----
> From: Eric Rubin [mailto:[hidden email]]
> Sent: Tuesday, December 10, 2019 11:26 AM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Hi Martin,
>
> Thanks for reaching out.
>
> As it relates to the documentation provided in the links you sent, I
> used JMeter as a proxy to record the test plan process. Unfortunately,
> the test sill doesn't appear to authenticate the user during playback.
> I don't believe the form was even submitted, as we log both failed and
> successful login attempts in our database. Further, I added an HTTP
> request to a page behind the login, but the response message is unauthorized.
>
> I also compared the traffic generated by the recording and compared it
> to the network output from Chrome's dev tools. There are numerous
> requests, so it's a bit difficult to isolate the differences. One
> thing that's obvious is that my recording contains a cookie manager
> but is not supplying any name value pairs. The network traffic
> reported by Chrome shows several, so I will add that into the recording to see if that changes the result.
>
> Any other thoughts you may have to overcome this would be greatly
> appreciated!
>
> Kind Regards
> Eric Rubin
> Senior Developer
> PANDORA Jewelry LLC
>
> T. +1 (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 | mailto:
> [hidden email]
>
> Make Your Own Wish List
> on PANDORA.net
> -----Original Message-----
> From: Herbener, Martin - Division of School Technology Planning and
> Project Management <[hidden email]>
> Sent: Monday, December 9, 2019 1:04 PM
> To: JMeter Users List <[hidden email]>
> Subject: RE: Authenticating To A .NET Web Application
>
> Hi,
>
> This is absolutely possible.
>
> I would start with
> https://cwiki.apache.org/confluence/display/JMETER/DifferentBehaviour
> and
> https://cwiki.apache.org/confluence/display/JMETER/JMeterFAQ#JMeterFAQ
> -HowdoIparameterizemyJMetertestcases,
> and see if you can get to a more specific problem/question.
>
> Good luck!
>
> Martin
>
> -----Original Message-----
> From: Eric Rubin [mailto:[hidden email]]
> Sent: Monday, December 9, 2019 10:52 AM
> To: [hidden email]
> Subject: Authenticating To A .NET Web Application
>
> I want to stress test some areas of an application that sit behind a
> log in page. Is there a way to do this using JMeter?
>
> When a user enters their credentials and submits the form to
> authenticate, the data is sent to the server using a strongly typed
> object. In an attempt to replicate, I recorded the login process using
> the BlazeMeter extension for Chrome. After recording it, I converted
> the .har file to a .jmx, imported it into JMeter, and then ran my
> test. Unfortunately, authentication is still not taking place.
>
> Is there another approach? Any suggestions would be greatly appreciated.
> Kind Regards
> Eric Rubin
> Senior Developer
> [http://logo.pandora.net/HQ_logo_email_signature.jpg]
> Pandora Jewelry LLC | 250 W. Pratt Street | Baltimore, MD 21201 T. +1
> (410) 309-0200 | F. +1 (410) 309-0250 | M. 410-309-0200 |
> [hidden email]<mailto:[hidden email]>
> Make Your Own Wish List on
> PANDORA.net<http://www.pandora.net/us/>
> [
> http://pandorajewelrymarketing.blob.core.windows.net/logos/FB-fLogo-on
> line_2017.jpg ]<https://www.facebook.com/pandorajewelry>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/twitter-bir
> d-blue-on-white_2017.jpg
> ]<https://twitter.com/pandora_NA>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/google_yout
> ube_2017.jpg ]<https://www.youtube.com/user/TheOfficialPandora>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/instagram_2
> 017.jpg ]<http://instagram.com/theofficialpandora>[
> http://pandorajewelrymarketing.blob.core.windows.net/logos/pinterest_b
> adge_red_2017.jpg ]<https://www.pinterest.com/officialpandora/> [
> http://media.greatrated.com.s3.amazonaws.com/reviews.greatplacetowork.
> com/badges/1234569353-PANDORA-Jewelry-(United-States)-box.png]
> <http://reviews.greatplacetowork.com/pandora-jewelry-united-states>
> whitespace
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  X  ܚX KK[XZ[  \ \ ][  X  ܚX P Y]\  \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[  \ \ Z[ Y]\  \X K ܙ B B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  X  ܚX KK[XZ[
 \ \ ][  X  ܚX P Y]\  \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \ Z[ Y]\  \X K ܙ B

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating To A .NET Web Application

glinius@live.com
In reply to this post by Eric Rubin
Most probably it's a matter of missing or not properly working  correlation
<https://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.html#correlate-start>  

In the absolute majority of cases you cannot replay the recorded script "as
is" as modern web applications widely use dynamic parameters i.e. for
client-side state tracking
<https://www.c-sharpcorner.com/UploadFile/225740/what-is-view-state-and-how-it-works-in-Asp-Net53/>  
or  security
<https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks>  

You need to identify all these dynamic parameters, extract them from the
previous responses using a suitable JMeter  post-processor,
<https://jmeter.apache.org/usermanual/component_reference.html#postprocessors>  
save them into  JMeter Variables
<https://jmeter.apache.org/usermanual/functions.html>   and replace recorded
values with the variables.

Check out  ASP.NET Login Testing with JMeter
<https://www.blazemeter.com/blog/aspnet-login-testing-jmeter/>   article for
more information if needed.



--
Sent from: http://www.jmeter-archive.org/JMeter-User-f512775.html

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]