0
votes

I have recorded ‘Login’ in jmeter. My Application uses ‘CSRF’ token.

So I added regular expression extractor as in the screen shot.

I have tried different types of patterns:

"<input name="__RequestVerificationToken" type="hidden" value="([A-Za-z0-9+=/-_]+)">"

"<input name="__RequestVerificationToken" type="hidden" value="(.+?)" />". etc

But, When I check the response it is like ‘__RequestVerificationToken=%24%7Btoken%7D’

I tried with Xpath extractor also:

‘//input[@name='__RequestVerificationToken']/@value’

I also added cookie manager

! enter image description here

! enter image description here

! enter image description here

Below screenshots are response data(having tokens) for different pages(or paths) before login

This screenshot is for the path ‘/web’(which has the token)

! enter image description here

This screenshot is for the path ‘/Web/Account/Login’ (which has different token)

! enter image description here

But the login is failing due to authentication

! enter image description here

Question :

  1. Am I following the right method

  2. Why there are two different token values for two different path (‘/web’ and ‘/Web/Account/Login’)

  3. How can I resolve this issue

PS: I have read most of the articles/blogs. Still not able to resolve authentication error

4

4 Answers

1
votes

You need to add the Regular Expression Extractor to the previous request to the login page, normally it should have HTTP GET method so amend your test like:

  • Open login page (HTTP GET)
    • Regular Expression Extractor (to get __RequestVerificationToken)
  • Perform login (HTTP POST)

More information: ASP.NET Login Testing with JMeter

0
votes

As per my understanding, your request verification token is a dynamic value and it needs to be co-related everywhere. Try to pass the co-related variable in the request which is failing.

0
votes

I had to pass cookies in my request along with the above solutions given by Dimitri T and UBIK LOAD PACK.

By modifying jmeter property file, i am successfully passing all the cookies in my request and Login is successful

CookieManager.save.cookies=true

CookieManager.check.cookies=false

If anybody facing issue with '__RequestVerificationToken' forgery token and '__RequestVerificationToken_L1dlYg2' cookies, please follow the below link.

How can i pass cookies in jmeter?.

Thanks to DIMITRI T