Application under Test (AUT)I have a simple application which has just two pages one is login and another one is home page as shown below
Figure 1 : Application Under TestThe application does very crazy authentication, if both username and password are same, then it allow the user to login, else will not, I told you it’s crazy.
Problem with above authenticationIf you try to create manually all the HTTP Request Default, HTTP Cookie Manager and HTTP Request, along with some assertion to see if the user is correctly logged in as shown below and run we will get error as displayed.
Figure 2 : Test Plan
NoteWe need to create the HTTP Request as post, since we are going to submit parameters to server as shown below
Figure 3 : HTTP Request (Post)As you can see, I am passing the name, password and Button1 (Submit) button as parameter for the HTTP Post page. While running this we get error in JMeter as shown
Figure 4 : Error in executionLet’s check the same in Fiddler and see what request has been posted
Figure 5 : Fiddler PostAs you can see above, our request is posted exactly the one we did.
So where is the problem and how to solve that?Let’s login manually from browser and see what are the post happening via fiddler (So that we can see a clear post happening in site)
Figure 6: Manual Post view in FiddlerAs you can see above, there are two additional parameters passed along
- View State
- Event Validation
Problem’s SolutionsAs we know, ASP.Net WebForm application maintains View State and event validation (Which change for every session), without having them, the request will fail to request another page and hence the authentication of user. Thus, we need to pass both of these additional parameters along with our earlier request.
Passing View State and Event Validation Information as ParametersSince these two parameters will keep on changing for each and every request, we need to know
- What the values are for that particular session and
- How to extract the values our from the session
Getting Session informationYou can get this from JMeter itself as shown below
Figure 7: View state and Event Validation in request
Extracting Values from SessionWe need to somehow extract the values from response data and pass these as parameters to HTTP Request. In order to do that we need to use Regular Expression extractor available in Post Processors. Now add regular expression to extract the values for both View state and event validation as shown below
Figure 8: View State extract via Regular expression
Figure 9 : Event Validation extract via Regular expressionYou can use online regular expression evaluator as I have used one shown below
Figure 10 : regex101.comNow all we have to do is to add these extracted value in HTTP Post as shown below
Figure 11 : Adding extracted valueNow run the test and see the output, you will have a perfect authentication and the output will be as expected.
Figure 12 : Test executed sucessfullyI hope this lengthy post should have given you a clear understanding of how to work with ASP.Net authentication using JMeter. Please leave your comments and thanks for reading!!! Thanks, Karthik KK
One Reply to “ASP.Net WebForms Authentication using JMeter (Series)”
Really enjoyed reading your blog! It’s so well explained.
I have done the exact same thing for my test plan. I used two HTTP sampler, one to GET the login page another one to POST the values. But I am getting Login page for both of the request. And in the second request result it is showing an error “Error Occured! Please contact to administrator” . Though i have entered correct username/password.
Can you help me on this?