Anti forgery token and web testing

后端 未结 3 711
渐次进展
渐次进展 2021-02-09 18:16

I am trying to do a web test in VS2012 for an MVC site. One of the scenarios is to login and go through a list of products, select the one you want and follow through to the pu

相关标签:
3条回答
  • 2021-02-09 18:40

    I am not familiar with "web testing in VS2012" but as I know "Anti-Forgery Token" requires sending the token from browser to the server back.

    I had an experience with Selenium-Webdriver and suggest you use it because it provides an API to interact with supported browsers as real user does.

    You can easily start using Selenium WebDriver if you add Selenium WebDriver 2.37.0 NuGet package to you test project.

    Selenium-WebDriver makes direct calls to the browser using each browser’s native support for automation. How these direct calls are made, and the features they support depends on the browser you are using.

    Selenium-webdriver currently supports the following drivers:

    • Chrome
    • Internet Explorer
    • Firefox
    • Opera
    • HtmlUnit
    • Android
    0 讨论(0)
  • 2021-02-09 18:49

    I was seeing a similar problem. After recording a web test script, the script would fail at the point of log-in on with the following message:

    The provided anti-forgery token was meant for user "Domain\UserName", but the current user is "".

    The solution was to set the PreAuthenticate property to false in the test properties. By default the web tests will pass an authentication header to the server which was being used in the generation the token.

    0 讨论(0)
  • 2021-02-09 18:50

    Once you run your script and it fails, go to the call proceeding the one that fails.

    • Go to the response tab

    • In the body, find the __RequestVerificationToken name which is in an input tag and extract everything in between the value attribute.

    • Select the value and right click > add extraction rule and press OK.

    • You will find an Extraction rules folder and underneath it, the Extraction rule we just created. Feel free to rename the Context Parameter Name.

    • Go to the next page , which should be the one that failed, and find the Form Post Parameter named "__RequestVerificationToken". View it's properties

    • Bind it to the Context Parameter Name created previously. To do so, view the properties of this post parameter and set the "Value" to be:

    {{Name Of Context Parameter}}

    (Include the 2x curly braces)

    • Press enter to confirm/save

    Next time you run the script - all works

    This is how it worked for me...

    0 讨论(0)
提交回复
热议问题