c# - How to extract the X-XSRF_TOKEN in a web performance test -
i had written web performance test earlier working fine. developers have added csrf token validation (to prevent csrf attack on website). after test has started fail (error, bad request). dug , found server generating xsrf-token on login request has passed in every request there after. extract token need parse response login request. how can it?
my coded tests looks this:
webtestrequest request4 = new webtestrequest("https://servertest:8080/webconsole/account/login"); request4.method = "post"; request4.headers.add(new webtestrequestheader("accept", "application/json, text/plain, /")); request4.headers.add(new webtestrequestheader("referer", "https://servertest:8080/webconsole/index.html#/")); stringhttpbody request4body = new stringhttpbody(); request4body.contenttype = "application/json;charset=utf-8"; request4body.insertbyteordermark = false; request4body.bodystring = "{\"username\":\"pkdomain\\administrator\",\"password\":\"sqa@123\"}"; request4.body = request4body; yield return request4; request4 = null;
webtestrequest request5 = new webtestrequest("https://servertest:8080/webconsole/scripts/home/pages/home-view.html"); request5.thinktime = 4; request5.headers.add(new webtestrequestheader("accept", "text/html")); request5.headers.add(new webtestrequestheader("referer", "https://servertest:8080/webconsole/index.html#/")); yield return request5; request5 = null;
i believe xsrf-token returned in cookie. assuming true in case set-cookie header field contains value , required cookie must extracted , saved context parameter. subsequently context parameter can used wherever needed.
i suggest create sandbox .webtest file, steps below convert coded test , copy useful lines real test.
in more detail steps are:
add extract http header extraction rule set-cookie header field request returns xsrf-token value. save extracted value context parameter of choice, give name in 1 of properties of extraction rule; see image below.
add call of plugin below first request after 1 above extraction rule. extracts required field cookie header field. image below shows setting properties of call. (you might change plugin postrequest , add same request 1 extraction rule.)
public class extractcookiefield : webtestrequestplugin { public string allcookiescp { get; set; } public string fieldwantedcp { get; set; } public string savedfieldcp { get; set; } // expected called allcookiescp containing text similar to: // someheader=639025785406236250; path=/; xsrf-token=somestring; secure; httponly public override void prerequestdatabinding(object sender, prerequestdatabindingeventargs e) { string allcookiestext = e.webtest.context[allcookiescp].tostring(); foreach (string namevaluepair in allcookiestext.split(';')) { string[] nameandvalue = namevaluepair.split(new char[] { '=' }, 2); if (nameandvalue[0].trim() == fieldwantedcp) { string sessiontokenid = nameandvalue[1].trim(); e.webtest.context[savedfieldcp] = sessiontokenid; e.webtest.addcommenttoresult(string.format("setting {{{0}}} '{1}'", savedfieldcp, sessiontokenid)); return; } } // dropping out of loop means field not found. throw new webtestexception(string.format("cannot extract cookie field '{0}' '{1}'", fieldwantedcp, allcookiestext)); } } the value of xsrf-token should in context parameter specified in savedfieldcp property of plugin call.
this image shows add extraction rule dialogue , setting context parameter extracted header field saved, ie cookievalues. show add plugin , setting 3 properties. after plugin runs, assuming successful, token value should saved context parameter xsrftoken. parameter values can modified in .webtest file via properties panels of extraction rule , plugin. values should seen simple variables , strings in coded webb test.
Comments
Post a Comment