码迷,mamicode.com
首页 > 其他好文 > 详细

JMETER + POST + anti-forgery token

时间:2019-10-31 10:30:38      阅读:142      评论:0      收藏:0      [点我收藏+]

标签:inf   rfc   done   word   rom   and   cookie   ready   one   

JMETER + POST + anti-forgery token

Looking into XSRF/CSRF Prevention in ASP.NET MVC and Web Pages it appears that you‘re either sending an incorrect __RequestVerificationToken parameter value or completely miss the step.

If the current HTTP request already contains an anti-XSRF session token (the anti-XSRF cookie __RequestVerificationToken), the security token is extracted from it. If the HTTP request does not contain an anti-XSRF session token or if extraction of the security token fails, a new random anti-XSRF token will be generated.

So your test should look like:

  • Open Login Page (HTTP Get Request)

  • Once done you can refer the extracted value as ${token} in the next request

    技术图片

     

     

Check out ASP.NET Login Testing with JMeter article for more detailed information and step-by-step instructions if needed

 

JMETER + POST + anti-forgery token

标签:inf   rfc   done   word   rom   and   cookie   ready   one   

原文地址:https://www.cnblogs.com/chucklu/p/11769739.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!