I am testing a site having login page and then some blogs on which we can comment/post.
I first login to the site and then select a blog and make a comment on that blog.
I am able to pass the login request and select blog request but comment on the blog request showing error Invalid credential.
Here is the response message:
Thread Name: Thread Group 1-1
Sample Start: 2014-09-17 12:41:42 IST
Load time: 9
Latency: 9
Size in bytes: 286
Headers size in bytes: 286
Body size in bytes: 0
Sample Count: 1
Error Count: 1
Response code: 403
Response message: Invalid credentials
Response headers:
HTTP/1.1 403 Invalid credentials
Cache-Control: private
Server: Microsoft-IIS/8.5
X-FRAME-OPTIONS: SAMEORIGIN
X-UA-Compatible: IE=Edge
X-Telligent-Evolution: 8.0.0.37997
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 17 Sep 2014 07:11:42 GMT
Content-Length: 0
HTTPSampleResult fields:
ContentType:
DataEncoding: null
And this is the request data:
POST http://192.xx.xx.61/TelligentCommunity/api.ashx/v2/comments.json
POST data:
Body=This+is+the+sample+post+by+Arjun&ContentId=c6bc2886-1fcb-46a4-8120-e344b8d8e4a1&ContentTypeId=f7d226ab-d59f-475c-9d22-
Cookie Data:
AuthorizationCookie=71710e44-7ba7-4af7-b390-6ae81cdec229; .Telligent.Evolution=F426475F7F35ED7250E97697BCC3DE0147BD3D15C494681A9C188922459CC698DD6F6A0CA77D61E2D5C6A56A5239B338B8DC484DAB6A4073B69F9F9139500867A843A9EB39D217825C47672E1B5165214A990F8E9CF519ED6159591B510967F84F6810CBCC4466E0DA5E37D03AB0E341A6DA0970861A2F58EE873E168D1A851D9B956033B10C9856D680FC6AC5736F961631BDD1A66EE89024020BF55A8422B24A485311C87C5074F2507E4FFA9EFBADC36B0DCBC051965ACE32EDA2B5607FEBDE17F0C2F486A42E05680FD90F30494B
Request Headers:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Rest-Authorization-Code: 7a24113f-2a71-428b-80c7-57234aac67c1
Accept-Language: en-US
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
DNT: 1
Pragma: no-cache
Authorization-Code: 7a24113f-2a71-428b-80c7-57234aac67c1
X-Requested-With: XMLHttpRequest
Referer: http://192.xx.xx.61/TelligentCommunity/certification/b/90days2mcsa/archive/2014/09/12/how-to-win-by-contributing-to-the-mcp-community
Accept-Encoding: gzip, deflate
Content-Length: 123
Host: 192.xx.xx.61
Are you sure that your login request is successful? How do you know? ASP.NET applications use dynamic parameters like viewstate or eventvalidation and they need to be extracted from the previous response and added to the next one. See ASP.NET Login Testing with JMeter guide for details.
Looking into api and json URL bits I would expect that Content-Type header should be application/json. I would suggest adding a HTTP Header Manager as a child of the request which posts a blog comment and configure it to send above Content-Type.
This Authorization-Code header value: is it something you recorded or it came from correlation? If first you need to pass the correct value as well.
Related
Am getting 401 Response code while running my Jmeter script. Here is the sample result, request headers, response body, response headers.
Sample Result:
Thread Name:Thread Group 1-1
Sample Start:2022-05-04 20:13:44 IST
Load time:226
Connect Time:0
Latency:226
Size in bytes:591
Sent bytes:876
Headers size in bytes:417
Body size in bytes:174
Sample Count:1
Error Count:1
Data type ("text"|"bin"|""):text
Response code:401
Response message:
Request Headers:
Connection: keep-alive
Authorization: Bearer 0rPuk9bYwyE=ZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKemRXSWlPaUpPWVhabFpXNTJaV3h3ZFhKcFFHZHZZWFZrYVhSekxtTnZiU0lzSW1saGRDSTZNVFkxTVRZMk9EZzBNQ3dpWlhod0lqb3hOalV4TnpZNE9EUXdMQ0pxZEdraU9pSmxOREF4WlRZNU1pMWxPVFJtTFRRd01XWXRPR0psTlMwMU1tRXdaR1ptTkdSaFpUVWlMQ0pwYzNNaU9pSXpOamN3TURjMVppMWpZemhpTFRRd1lURXRZakEwT1MxbE4yVXhZMlkxWW1GaFpXVWlmUS5KQjdBOUdyS1I0bWE3N1VieXcySm5xZ3RuQjJJdHR6WVVJWTBZcU13Z1Ztb3AxeXpsNkpzRHF2NDlpVHAwTHhDN1JqNXRPT1dWSnFUeWs5bW5BZTkxUQ==
Referer: http://18.133.204.151/
Accept-Language: en-US,en;q=0.5
Origin: http://18.133.204.151
Content-Type: application/json
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: application/json
Content-Length: 2
Host: 18.133.204.151:8080
Response Body:
{"timestamp":"2022-05-04T14:43:44.476+0000","status":401,"error":"Unauthorized","message":"Error -> Unauthorized","path":"/webapp/api/audits/schedule/status/list"}
Response Headers:
HTTP/1.1 401
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 04 May 2022 14:43:44 GMT
Can someone please help me in resolving the issue. I tried in many ways and nothing helping me in resolving this.
Thanks in advance.
As per 401 Unauthorized status code description:
401 Unauthorized
The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.
If this Bearer token is recorded you won't be able to replay the request successfully because the token needs to be correlated. Check out Using Regular Expressions to Extract Tokens and Session IDs to Variables article for example solution (you might need to amend it to your application specifics)
I am using JMeter 4.0, this time I use HTTP RAW request, but it is not showing the proper response, my actual response message is success. I am also using HTTP Cookie manager.
Is it required to put Cookie: JSESSIONID in HTTP RAW request page as Request Data? If yes, then how will I do it? It is showing at Sample Request not in response body.
Sampler Result
Thread Name: Thread Group 1-1
Sample Start: 2018-05-15 18:30:14 IST`enter code here
Load time: 20014
Connect Time: 0
Latency: 10
Size in bytes: 2
Sent bytes:0
Headers size in bytes: 0
Body size in bytes: 2
Sample Count: 1
Error Count: 0
Data type ("text"|"bin"|""): text
Response code: 401
Response message: Unauthorized
Response headers:
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY Set-Cookie: JSESSIONID=A1928A9F41209E241F4ABAFB6DC515E9; Path=/bbbp/; HttpOnly
WWW-Authenticate: Basic realm="Realm"
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 15 May 2018 12:54:07 GMT
SampleResult fields:
ContentType:
DataEncoding: null
Request
POST /bbbp/api/uploadFiles HTTP/1.1
Host: devserver.sdrc.co.in
Connection: keep-alive
Content-Length: 25358
Accept: application/json, text/plain, */*
Origin: http://devserver.sdrc.co.in:8080
X-Requested-With: XMLHttpRequest
Content-Type: Type: application/json
Referer: http://devserver.sdrc.co.in:8080/bbbp/data-entry-awareness
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Accept-Encoding: gzip, deflate
Response data
a2
I recorded my project website workflow on Jmeter. But On rerunning the recorded samples, all the samples having POST request are failing. I am unable to figure out why the same samples which were passing during recording, are failing on re-run.
Below is request of one of the samples which is failing:
Recorded sample request which passed:
POST https://example.com/live/v1/dashboards/promo_pa/ds/promo_program_dimensions
POST data:
{"query":"promo_program_dimensions.filterby(program_master_id = 'GOGGLE').filterby(dimension_name = 'channel').groupby(dimension_value).aggregate(count(dimension_value) as count).orderby(dimension_value+)"}
[no cookies]
Request Headers:
Connection: keep-alive
Referer: https://example.com/live/v1/dashboards/promo_pa/
Accept-Language: en-US,en;q=0.5
DNT: 1
Accept: */*
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Content-Length: 216
Host: example.com
Sampler Result:
Thread Name:
Sample Start: 2018-02-22 17:32:44 IST
Load time: 93
Connect Time: 58
Latency: 93
Size in bytes: 647
Sent bytes:1095
Headers size in bytes: 645
Body size in bytes: 2
Sample Count: 1
Error Count: 0
Data type ("text"|"bin"|""): text
Response code: 200
Response message: OK
Response headers:
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Feb 2018 12:02:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, public, max-age=0
Set-Cookie: live=.eJxNj11vgjAYhf_K0muzMLJdSOIFC6yBQJmuiO1Nw0cdtB0zUEAw_nfRZcbLN2_Oc85zAoGNHA9B9mlDF1gn8JQBCwTm8VD8xH0h3J7CjymFfk92vszHZZklxzpdr1bgvABBBKHrMA-x-MvdzEFVZbzRI1gAtm94WwJLNx2fr6q4wymWr9RRiuJ8iJJtRRLyQsytouJdULwREUQKJfGAkvBWkrfNnulfyes7IhTxQCGqiLkeIqeQaAqn0EElxa5B8feEoK-IkFesDLFnUMd-C4e_zVXBa13p8TntdMn0eODAqjulHj4PY8lua6RwOV6TXcubm8is2XP273q-AI7Dam4.DXBC5A.CJMLbN0B4HC4U8703ZQS50K00lk; HttpOnly; Path=/live
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
Request of the same sample which is failing on re-run:
POST https://example.com/live/v1/dashboards/promo_pa/ds/promo_program_dimensions
POST data:
{"query":"promo_program_dimensions.filterby(program_master_id = 'GOGGLE').filterby(dimension_name = 'channel').groupby(dimension_value).aggregate(count(dimension_value) as count).orderby(dimension_value+)"}
Cookie Data:
live=.eJxNj11vgjAYhf_K0muzuE4uJPHCBNZgaB0O1Pam4aOu5WsGCqMY__uYy4yXJ2_O857nAvw1cTyC-PsaucC-gKcE2MCHwzmroj7L3Z6htzFGm54eN0VqljI5DHUcrFbgOgP-FiHX4R7h0Ye7m4qlSkSjDZgBfmpEK4Gtm05MSWV3OK5YgR3XohXJcR4tyCgVzvdTSi0WUoshOt86HiRhcHuSts2J669C1HcEgdhgJ10wx3shI4a02uUYRiMNpSIwGFguCxyuzYR6ZaEs8SH4xp9_m1Umaq20eY47Lbk2ZwHsuivLh8vDWHrcz2O0NL_NrhXNTWTS7AX_d73-AAjCaeE.DXBNjA.Fy0Fs7zpVKg-f1qSbAljATOn64E
Request Headers:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 216
Host: example.com
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_161)
Sampler Result:
Thread Name: Liberty 1-1
Sample Start: 2018-02-22 18:24:46 IST
Load time: 26
Connect Time: 0
Latency: 26
Size in bytes: 709
Sent bytes:868
Headers size in bytes: 652
Body size in bytes: 57
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 400
Response message: BAD REQUEST
Response headers:
HTTP/1.1 400 BAD REQUEST
Server: nginx
Date: Thu, 22 Feb 2018 12:54:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 57
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, public, max-age=0
Set-Cookie: live=.eJxNj1tvgjAAhf_K0mezGAcPkvjg0q7B0DKciO1Lw6WGcpuBwizG_z50mfHx5ORcvgvw1hS6FIvPNUbAuYCXBDjAW5xPWR0OWYEGjj_GGG8GdtiUqVnmSXRu4mC1AtcZ8HyMERQuFeEX2k7BSiWy1QbMgDi2ssuBo9teTkplj3JS85JAZLOaFqQILTrmihT7SaU23zGbYzb3obugu-A-knbtUejvUjaPCh9Wio7vFY22ikBm0SKrCeSlDwOL79I3OpajjwOLRTRnUWh4jSz28_dZZbLRSpvXuNe50OYkgdP0VfXkPJ1lh_08xktzS_adbO8gE-YgxT_r9Rcq0WoP.DXBPFg.4Rll1tgU0GdWHWyE73uLkKM8z9c; HttpOnly; Path=/live
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
Response Data:
{"error": "Failed to authenticate user for data access."}
I have a login sample before this which passed successfully, So user has logged-in successfully before this sample.
I have used
HTTP Cache Manager, HTTP Cookie Manager and HTTP Header Manager. HTTP Cookie Manager will manage the session automatically. Still i am getting authentication error.
i have used the default settings for the sample i.e. "Redirect Automatically" and "Use KeepAlive". I am using JMeter 3.3
Appreciate any pointers.
In the "successful" request you have the following HTTP Headers:
X-Requested-With: XMLHttpRequest
Content-Type: application/json
In the "failing" one you have:
Content-Type: application/x-www-form-urlencoded
So my expectation is that you need to add HTTP Header Manager as a child of the "failing" request and configure it to send Content-Type header with the value of application/json
I've been battling with Chromium, jQuery and AJAX. My extension takes some resources from some sites using ajax, then parse the results and store it somewhere. One of those sites decided to do the jump to https. Neat. I just have to change the http for https, and fix any problem I hit down the road. No joy.
I use the following ajax method to get the stuff (is the smallest unit I could reproduce):
$.ajax({
url: "https://reader.japanzai.com/search/",
type: 'POST',
data: {
'search': "onna"
},
beforeSend: function (xhr) {
xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
},
headers: {
'Access-Control-Allow-Origin': '*'
}})
Lets ignore for a while that I've set the headers twice, since just using one don't work either and throw the result:
OPTIONS https://reader.japanzai.com/search/ No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'chrome-extension://nhjloagockgobfpopemejpgjjechcpfd' is therefore not allowed access. jquery.js:5
x.support.cors.e.crossDomain.send jquery.js:5
x.extend.ajax jquery.js:5
(anonymous function) VM4000:2
InjectedScript._evaluateOn VM3770:581
InjectedScript._evaluateAndWrap VM3770:540
InjectedScript.evaluate VM3770:459
XMLHttpRequest cannot load https://reader.japanzai.com/search/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'chrome-extension://nhjloagockgobfpopemejpgjjechcpfd' is therefore not allowed access. lab.html:1
As you can see, it says that the request header is not present, which is true following the http request:
Request URL:https://reader.japanzai.com/search/
Request Method:OPTIONS
Status Code:200 OK
Request Headersview parsed
OPTIONS https://reader.japanzai.com/search/ HTTP/1.1
origin: chrome-extension://nhjloagockgobfpopemejpgjjechcpfd
access-control-request-method: POST
dnt: 1
accept-encoding: gzip,deflate,sdch
host: reader.japanzai.com
accept-language: es,en-US;q=0.8,en;q=0.6
method: OPTIONS
user-agent: Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
accept: */*
url: /search/
scheme: https
version: HTTP/1.1
access-control-request-headers: access-control-allow-origin, accept, content-type
Response:
HTTP/1.1 200 OK
cache-control: post-check=0, pre-check=0, max-age=0
content-encoding: gzip
content-type: text/html
date: Thu, 13 Feb 2014 22:58:03 GMT
expires: Sat, 01 Jan 2000 00:00:01 GMT
last-modified: Thu, 13 Feb 2014 22:58:03 GMT
pragma: no-cache
server: nginx/1.5.8
set-cookie: ci_session=U3Q14aq8Q7W4KVifDyLi7%2B3lppr%2FS4BNmW1kD9t60H7dz73M5KMs1jgBo8ZrilKoswn63PvCl1sOldPs1RCl6NdiP1VZeekoMTISyQenQZU0F8yUC0odw6WuMUE5I%2FY%2Bfvddv2YH06b2pxyyNBDZnNn%2BLnLzPrRYBXHuAjFbTyucX%2FMLUUM2cwKLzaK3ILKPhxy8FXW%2FI%2F9EPPbwo%2B8nmbPwOeqDfpDdu61F5yzUU8KjfUo7MwwFIXyGWtqbjbF3PCKNZrY%2F3Cj77DgCpcCbTTKZ%2BVzrdw16oGVDg1dP8lQgSof89rLNqUlQSj60tCVzZ27oPNh9OvvTNJ92tYkTHDukG4dyv21yM4M3PACZ%2FKVNP0i2UWHbBujADPSsrGJhJxPzBsuRDLcPtDcBtuaXA4LLMoGoYW6SxYk%2BseltMvk%3D; expires=Fri, 14-Feb-2014 00:58:03 GMT; path=/
set-cookie: ci_session=tQT8qmNRnMRN2Oj3moCdZg9VNEEsPxi3t88g2SpYQxahFr%2FpiEpQFzsO2mLTp1bPlsGLmqQGnMUiuwFpLYNIneNHtU%2BoKkVOcnR8ZKxPd0FDrkW%2BqT0N2IIsV%2BC%2FXQX%2BZUkLg1E4iP6u%2F0%2Fjk1t%2BAwcwhoC0M3zODuEKv1l9JMFo%2B1g4%2BhIOp%2FHTzBnlMvE2KjanXJR55F3DOHdyi4MvQb1vzgWEZTTAfhZ3bkQPkKe41ZCJYQTw%2FrDfry8n2h43UKPc1IF4tWp%2BKh0yhux%2FsBn84meT3xR%2Bpba9ffeZObrQyVomKlmJg9oRkKvlhR4MlNsiIeIZEvtP52ns0X1uF%2B7Pg6RpcMihe1u2S0%2Fbz5wm75vQ6tyykmFp5qfnoDgXB6J7RmbBQy4GTOFEA2zqN3V6QXT71cSn%2B1ARd9GtNMA%3D; expires=Fri, 14-Feb-2014 00:58:03 GMT; path=/
status: 200 OK
strict-transport-security: max-age=31536000
vary: Accept-Encoding
version: HTTP/1.1
x-powered-by: PHP/5.4.4-14+deb7u7
So, I'm missing something obvious here or there's just no way to do this?
I followed abraham advice and added the site to the permissions field in the manifest. It worked, the only bad thing is that if another site decides to move to https I need to release a new version, so this is what I ended doing:
"permissions" : [
"tabs",
"*://*/*",
"https://ssl10.ovh.net/*",
"unlimited_storage",
"clipboardWrite",
The important part here is "*://*/*" which includes anything from http and https.
I have JsonResult action which required authentication and special role
[Authorize(Roles = "User")]
public virtual JsonResult Cancel()
{
//...
}
But when for example i log off and hit this action with jQuery ajax i could see that status code is 200, but it is should be 401.
$.ajax({
url: "/Cancel/",
type: "POST",
dataType: "text",
cache: false,
success: function (data, textStatus, xhr) {
alert(xhr.status); //200 here when unauthorized
}
});
So I really not able to execute the controller logic because it is not authorized, i checked that on debug, but why i am getting status code 200 in jquery ajax?
UPDATED:
In Fiddler it is saying status code 302 and i could see that request to /Acount/Login was made after /Cancel request.
/Cancel - 302
/Acount/Login - 200
In Chrome network Status Code:302 Found and also i could see that login controller(/Acount/Login) getting called after /Cancel was called.
/Cancel - 302
/Acount/Login - 200
Complete request details in Opera network
Could someone explain whats happening, why jquery didn't get correct status code?
Really what i want to do - a want to get correct status code and if it is 401 i want to redirect user to login page (window.location.href = " /Acount/Login")
Request details
POST /Cancel/ HTTP/1.1
User-Agent: Opera/9.80 (Windows NT 6.1; U; en) Presto/2.9.168 Version/11.50
Host: localhost:999
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate
Referer: http://localhost:999/Action
Cookie: style=normalText; ASP.NET_SessionId=latzewpi3kqmkq4meljv0ln5
Connection: Keep-Alive
Content-Length: 0
Accept: text/plain, */*; q=0.01
X-Requested-With: XMLHttpRequest
Content-Type: text/xml; charset=utf-8
Content-Transfer-Encoding: binary
Response details
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /Account/LogOn?ReturnUrl=%2fCancel%2f
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 11 Aug 2011 03:04:53 GMT
Content-Length: 169
FormsAuthentication have handler in its http module, that will redirect all 401 responses to login page instead of error page.
Looking at source code of FormsAuthenticationModule there should be (quite ugly) workaround - if you append ReturnUrl=/ to your query string, the module should do no redirection.
The best solution is probably to write own http module for authentication - you can open FormsAuthenticationModule in reflector and use it as reference.