I am facing one problem that i am unable to login to the liferay website using JMeter.
The problem i know already but don't know how to hanmdle it.
I get to know that "p_auth" token is requried to access the sub pages, but here i am facing an issue in which i don't even able to acccess the login page itself if run the script second time.
My concerns:
how to check "p_auth" token parameter for login page (i.e without login)
Please help me to solve the problem.
Note: i tried to extract the "p_auth" token , but i am unable to see any "p_auth" token for login page itself(i.e without login.. just a login page(get api))
Your test plan need to look like:
Open Login Page - HTTP GET request
Extract p_auth dynamic parameter value using a suitable JMeter Post-Processor
Perform the login - HTTP POST request where you need to provide your credentials and the p_auth token value from the previous request
You won't be able to "see" the token in the page, it's hidden in the page source so you will need to use browser developer tools or JMeter's View Results Tree listener in order to "see" the token value.
Also don't forget to add HTTP Cookie Manager to your test plan as missing CSRF token is not the only thing which can stop you from logging in.
Related
I'm using jmeter to load test a Feature Page.
My jmeter requests (for that page) are being redirected to a login page. How do I provide login info for that redirect?
I already tried:
Controller
Login Page
Feature Page
Logout
But somehow a user even though already authenticated via Login Page is still being asked to login on the Feature Page.
Wondering if someone has a suggestion.
Make sure you're really logged in as "green" result in JMeter doesn't necessarily indicates successful request. You can verify responses using View Results Tree
listener
Add HTTP Cookie Manager to your Test Plan, if your application uses cookies for establishing/maintaining user session it should automatically resolve your problem
Inspect your test plan for any dynamic values (request parameters, headers, URL postfixes, etc.), if the are - they need to be correlated.
When I try to run performance testing on ASP.net web application, always i am getting either "The anti-forgery cookie token and form field token do not match."
or
"The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster."
Could you please help me how to resolve this. I have tried multiple methods like adding regular expression extractor to extract "__RequestVerificationToken", but nothing worked out.
Note: this is happening only when i run from Jmeter. if I browse application directly on web, i dont see any issue.
Thanks,
Pani
Looking into XSRF/CSRF Prevention in ASP.NET MVC and Web Pages it appears that you're either sending an incorrect __RequestVerificationToken parameter value or completely miss the step.
If the current HTTP request already contains an anti-XSRF session token (the anti-XSRF cookie __RequestVerificationToken), the security token is extracted from it. If the HTTP request does not contain an anti-XSRF session token or if extraction of the security token fails, a new random anti-XSRF token will be generated.
So your test should look like:
Open Login Page (HTTP Get Request)
Extract __RequestVerificationToken dynamic parameter value using suitable JMeter PostProcessor, I would recommend going for CSS Selector Extractor, the configuration would be something like:
Once done you can refer the extracted value as ${token} in the next request
Check out ASP.NET Login Testing with JMeter article for more detailed information and step-by-step instructions if needed
I am trying to perform load testing using JMeter on my project's web service (search web service for instance), the problem I am facing is that I am getting {"Message":"Authorization has been denied for this request."} in "Response data" tab in JMeter
This same message I also get when I try to paste the same query string (which I am using in JMeter as Path) in browser new tab without logging in first,, but if I login on my project first and then try to paste the query string in browser's new tab then it works fine.
Now the actual problem that I am facing in JMeter is that I am unable to log in to the system using "HTTP Header Manager"
I tried by adding Basic authentication in "HTTP Header Manager" but it didn't worked, then my developer told me that he is using "ASP Membership" authentication instead of Basic authentication,, now I am not sure how to use this type of authentication in JMeter.
I think I have explained my problem in detail here, can any one please help me in this as I am really stuck into it.
Thanks in advance
You need to add a cookie-manager to your Thread Group. This will preserve the cookies ( hence sessions) between requests. Next add a http request which will do a POST of your login form then another HTTP Request with your actual request. This way you are imitating the steps you do on your browser - that is - login followed by request.
Looking into ASP.NET Forms Authentication Overview article:
Forms authentication lets you authenticate users by using your own code and then maintain an authentication token in a cookie or in the page URL.
So depending on implenentation of ASP.NET Forms on server side you can use one of the following test elements:
HTTP Cookie Manager
HTTP URL Re-writing Modifier
Also you may need to perform the correlation of the mandatory dynamic parameters such as VIEWSTATE or EVENTVALIDATION. See ASP.NET Login Testing with JMeter guide for detailed explanation and walkthrough.
I am testing some api for our product using jmeter. To test the api to verify the user's email address I need to login to the mail account. I have the email and password of a test user. How can I login using an api or any other way in jmeter?
Is it possible at all?
Yes that is possible. You'll have to create a test plan with multiple steps but these depend on the concrete implementation of the login.
First you must identify the following two locations:
The GET request that gets the initial login form (if this is required).
The POST request that posts the login credentials.
If your service has a stateless login form you can even skip the first step.
Otherwise the response of the GET request will contain stuff which needs to be extracted (e.g. the JSESSIONID if you are using JSF) and sent as a parameters in the POST request. You can use the Regular Expression Extractor of JMeter to extract these values and provide them as variables for use in the subsequent requests.
Here is an example screenshot of a HTTP Request element configured to POST login data to the url /common/j_security_check
You might also need to intercept an authentication token from the server response and then pass that into following requests.
Here is a blog entry with a couple of video tutorials on logins with JMeter:
http://community.blazemeter.com/knowledgebase/articles/80479-how-to-use-jmeter-for-login-authentication
You can use jmeter to login,
two ways:
parameterization using csv file(for more users)/user defined variables(UDV)
Login config elements(for single user)
Now that I understand you want to automatically click on a confirmation link from an email using JMeter, here is a blog entry that explains exactly how to do that:
http://blazemeter.com/blog/how-create-jmeter-script-check-email-during-registration-and-grab-confirmation-url
Ophir
Could anyone please help to test the login / authentication with the following scenario?
User access the site "sitaA.com" home page. In that page, there is a button "login with oauth".
Upon clicking the "login with oauth" button, "siteA.com" redirects to "siteB.com" in which the user is able to key in username and passowrd and sign in. It authenticates (oauth) the user and returns back to "siteA.com".
siteA.com will send the client id and call back url when redirects to siteB.com.
How to achieve this using JMeter?
Thanks in advance
OAuth is a basically a way of getting a token. If you're load-testing OAuth-enabled application you need to do the following:
Request temporary access token
Authorize access token
Change temporary access token to something permanent
You can do steps above manually, capture permanent access token via sniffer and add it to your requests as a separate HTTP Request parameter. If you have limited number of user logins to reuse in test it may do the trick for you.
However if you need to test end-to-end flow which assumes obtaining token process via JMeter you need to consider OAuth Sampler Plugin
So basically you need to do one of the following:
Manual 3-stepped OAuth login and capture token process followed by adding token as a parameter of HTTP Requests for each virtual user
Automated OAuth login process by means of JMeter OAuth sampler
If you have limited number of logins/users option 1 may be better
P.S. There is also an option for advanced JMeter users and/or Java developers to add OAuth java client libraries to JMeter lib/ext folder and use Beanshell Samplers to authenticate with OAuth. It's also likely that you'll have to use Selenium with JMeterto navigate to OAuth callback page and confirm authorized login from there.