If you have read the complete series of JMeter so far, you should have hands on with JMeter by now, since we covered almost all the nitty-gritty details of JMeter. In this post we are going to see one of the real time scenario on user authentication done in ASP.Net webForm. This is one of the problem which I faced while working with JMeter, and user authentication cannot be achieved via recording controller in JMeter discussed in last post of this series.
Application under Test (AUT)
I have a simple application which has just two pages one is login and another one is home page as shown below
Figure 1 : Application Under Test
The application does very crazy authentication, if both username and password are same, then it allow the user to login, else will not, I told you it’s crazy.
Problem with above authentication
If you try to create manually all the HTTP Request Default, HTTP Cookie Manager and HTTP Request, along with some assertion to see if the user is correctly logged in as shown below and run we will get error as displayed.
Figure 2 : Test Plan
We need to create the HTTP Request as post, since we are going to submit parameters to server as shown below
Figure 3 : HTTP Request (Post)
As you can see, I am passing the name, password and Button1 (Submit) button as parameter for the HTTP Post page.
While running this we get error in JMeter as shown
Figure 4 : Error in execution
Let’s check the same in Fiddler and see what request has been posted
Figure 5 : Fiddler Post
As you can see above, our request is posted exactly the one we did.
So where is the problem and how to solve that?
Let’s login manually from browser and see what are the post happening via fiddler (So that we can see a clear post happening in site)
Figure 6: Manual Post view in Fiddler
As you can see above, there are two additional parameters passed along
- View State
- Event Validation
As we know, ASP.Net WebForm application maintains View State and event validation (Which change for every session), without having them, the request will fail to request another page and hence the authentication of user. Thus, we need to pass both of these additional parameters along with our earlier request.
Passing View State and Event Validation Information as Parameters
Since these two parameters will keep on changing for each and every request, we need to know
- What the values are for that particular session and
- How to extract the values our from the session
Getting Session information
You can get this from JMeter itself as shown below
Figure 7: View state and Event Validation in request
Extracting Values from Session
We need to somehow extract the values from response data and pass these as parameters to HTTP Request. In order to do that we need to use Regular Expression extractor available in Post Processors.
Now add regular expression to extract the values for both View state and event validation as shown below
Figure 8: View State extract via Regular expression
Figure 9 : Event Validation extract via Regular expression
You can use online regular expression evaluator as I have used one shown below
Figure 10 : regex101.com
Now all we have to do is to add these extracted value in HTTP Post as shown below
Figure 11 : Adding extracted value
Now run the test and see the output, you will have a perfect authentication and the output will be as expected.
Figure 12 : Test executed sucessfully
I hope this lengthy post should have given you a clear understanding of how to work with ASP.Net authentication using JMeter.
Please leave your comments and thanks for reading!!!