Anti forgery token and web testing

Question

I am trying to do a web test in VS2012 for an MVC site. One of the scenarios is to login and go through a list of products, select the one you want and follow through to the purchase page.

Problem is that when the web test is run, I get an error about the anti forgery token and that it does not match.

How on earth is it possible to do the testing with the anti forgery token? The user must login - there will be thousands of users for the load test (eventually) but need to make it work for 1 user first.

the login view/action does do an AntiForgeryToken in the view and validation on the controller.

any advice and tips are appreciated.

Answer 1

Once you run your script and it fails, go to the call proceeding the one that fails.

• Go to the response tab

• In the body, find the __RequestVerificationToken name which is in an input tag and extract everything in between the value attribute.

• Select the value and right click > add extraction rule and press OK.

• You will find an Extraction rules folder and underneath it, the Extraction rule we just created. Feel free to rename the Context Parameter Name.

• Go to the next page , which should be the one that failed, and find the Form Post Parameter named "__RequestVerificationToken". View it's properties

• Bind it to the Context Parameter Name created previously. To do so, view the properties of this post parameter and set the "Value" to be:

{{Name Of Context Parameter}}

(Include the 2x curly braces)

• Press enter to confirm/save

Next time you run the script - all works

This is how it worked for me...

Answer 2

I was seeing a similar problem. After recording a web test script, the script would fail at the point of log-in on with the following message:

The provided anti-forgery token was meant for user "Domain\UserName", but the current user is "".

The solution was to set the PreAuthenticate property to false in the test properties. By default the web tests will pass an authentication header to the server which was being used in the generation the token.

Answer 3

I am not familiar with "web testing in VS2012" but as I know "Anti-Forgery Token" requires sending the token from browser to the server back.

I had an experience with Selenium-Webdriver and suggest you use it because it provides an API to interact with supported browsers as real user does.

You can easily start using Selenium WebDriver if you add Selenium WebDriver 2.37.0 NuGet package to you test project.

Selenium-WebDriver makes direct calls to the browser using each browser’s native support for automation. How these direct calls are made, and the features they support depends on the browser you are using.

Selenium-webdriver currently supports the following drivers:

• Chrome
• Internet Explorer
• Firefox
• Opera
• HtmlUnit
• Android