pranoti kolhe February 2016

jMeter Login issue with MVC and Anti Forgery

I am trying to load test my Website using jMeter. I am getting issue with my login page. I have passed the __RequestVerificationToken value in login page by capturing it via RegEx as shown:

Field to check: Body.
Reference Name: token.
Regular Expression: <input name="__RequestVerificationToken" type="hidden" value="(.*)" />.
Template: $1$

I am still getting the same error with response as :

<title>The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the &lt;machineKey&gt; configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.</title>
<b> Exception Details: </b>System.Web.Mvc.HttpAntiForgeryException: The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the &lt;machineKey&gt; configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.<br><br>

More details from the Request tab in View tree results:

POST data:
__RequestVerificationToken=%24%7Btoken%7D&UserModel.UserName=pm&UserModel.Password=Abc1234D

Cookie Data:
ASP.NET_SessionId=l0cvy41ons0xv1t3e5glx2j5; __RequestVerificationToken_L0NyZWlzc1dlYg2=elGNi5_GoW2DYFM-obeXg9DHsihM26jv8HgT4IEpjngwc1gfJ4lRTboi3t-UV4L9485dM_9bdAVfRZKauTIXAZoKvNt2Q9R0yW19ZQIO17A1

Request Headers:
Connection: keep-alive
Referer: http://172.52.50.137/CreissWeb/
Accept-Language: en-US,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Content-        

Answers


vins February 2016

Your regular expression extractor does not work as you expected. The POST data clearly shows that __RequestVerificationToken=${token}.

Try to change the Regular Expression to name="__RequestVerificationToken" type="hidden" value="(.*)" & see if it helps.

If it does not work, Post the HTTP response you get.

Post Status

Asked in February 2016
Viewed 3,885 times
Voted 6
Answered 1 times

Search




Leave an answer