ASP.Net WebForms Authentication using JMeter (Series)

If you have read the complete series of JMeter so far, you should have hands on with JMeter by now, since we covered almost all the nitty-gritty details of JMeter. In this post we are going to see one of the real time scenario on user authentication done in ASP.Net webForm. This is one of the problem which I faced while working with JMeter, and user authentication cannot  be achieved via recording controller in JMeter discussed in last post of this series.

Application under Test (AUT)

I have a simple application which has just two pages one is login and another one is home page as shown below

Figure 1 : Application Under Test

The application does very crazy authentication, if both username and password are same, then it allow the user to login, else will not, I told you it’s crazy.

Problem with above authentication

If you try to create manually all the HTTP Request Default, HTTP Cookie Manager and HTTP Request, along with some assertion to see if the user is correctly logged in as shown below and run we will get error as displayed.

Figure 2 : Test Plan

Note

We need to create the HTTP Request as post, since we are going to submit parameters to server as shown below

Figure 3 : HTTP Request (Post)

As you can see, I am passing the name, password and Button1 (Submit) button as parameter for the HTTP Post page. While running this we get error in JMeter as shown

Figure 4 : Error in execution

Let’s check the same in Fiddler and see what request has been posted

Figure 5 : Fiddler Post

As you can see above, our request is posted exactly the one we did.

So where is the problem and how to solve that?

Let’s login manually from browser and see what are the post happening via fiddler (So that we can see a clear post happening in site)

Figure 6: Manual Post view in Fiddler

As you can see above, there are two additional parameters passed along

• View State
• Event Validation

Problem’s Solutions

As we know, ASP.Net WebForm application maintains View State and event validation (Which change for every session), without having them, the request will fail to request another page and hence the authentication of user. Thus, we need to pass both of these additional parameters along with our earlier request.

Passing View State and Event Validation Information as Parameters

Since these two parameters will keep on changing for each and every request, we need to know

1. What the values are for that particular session and
2. How to extract the values our from the session

Getting Session information

You can get this from JMeter itself as shown below

Figure 7: View state and Event Validation in request

Extracting Values from Session

We need to somehow extract the values from response data and pass these as parameters to HTTP Request. In order to do that we need to use Regular Expression extractor available in Post Processors. Now add regular expression to extract the values for both View state and event validation as shown below

Figure 8: View State extract via Regular expression

Figure 9 : Event Validation extract via Regular expression

You can use online regular expression evaluator as I have used one shown below

Figure 10 : regex101.com

Now all we have to do is to add these extracted value in HTTP Post as shown below

Figure 11 : Adding extracted value

Now run the test and see the output, you will have a perfect authentication and the output will be as expected.

Figure 12 : Test executed sucessfully

I hope this lengthy post should have given you a clear understanding of how to work with ASP.Net authentication using JMeter. Please leave your comments and thanks for reading!!! Thanks, Karthik KK