防伪令牌和Web测试 [英] Anti forgery token and web testing
问题描述
我正在尝试在VS2012中为MVC站点进行Web测试.一种情况是登录并浏览产品列表,选择所需的产品,然后进入购买页面.
I am trying to do a web test in VS2012 for an MVC site. One of the scenarios is to login and go through a list of products, select the one you want and follow through to the purchase page.
问题是,在运行网络测试时,我收到有关防伪令牌的错误,并且该令牌不匹配.
Problem is that when the web test is run, I get an error about the anti forgery token and that it does not match.
到底该如何使用防伪令牌进行测试?用户必须登录-最终将有成千上万的用户进行负载测试,但需要首先使其对1个用户起作用.
How on earth is it possible to do the testing with the anti forgery token? The user must login - there will be thousands of users for the load test (eventually) but need to make it work for 1 user first.
登录视图/操作确实在视图中执行了AntiForgeryToken并在控制器上进行了验证.
the login view/action does do an AntiForgeryToken in the view and validation on the controller.
任何建议和技巧都将受到赞赏.
any advice and tips are appreciated.
推荐答案
一旦您运行脚本并且脚本失败,请转到继续执行失败脚本的调用.
Once you run your script and it fails, go to the call proceeding the one that fails.
-
转到响应标签
Go to the response tab
在正文中,找到输入标签中的__RequestVerificationToken名称,并提取value属性之间的所有内容.
In the body, find the __RequestVerificationToken name which is in an input tag and extract everything in between the value attribute.
选择值,然后右键单击>添加提取规则,然后按OK.
Select the value and right click > add extraction rule and press OK.
您将找到一个Extraction Rules文件夹,在它下面,是我们刚创建的Extraction规则.随时重命名上下文参数名称.
You will find an Extraction rules folder and underneath it, the Extraction rule we just created. Feel free to rename the Context Parameter Name.
转到下一页,该页面应该是失败的页面,然后找到名为"__RequestVerificationToken"的Form Post参数.查看其属性
Go to the next page , which should be the one that failed, and find the Form Post Parameter named "__RequestVerificationToken". View it's properties
将其绑定到先前创建的上下文参数名称.为此,请查看此post参数的属性并将值"设置为:
Bind it to the Context Parameter Name created previously. To do so, view the properties of this post parameter and set the "Value" to be:
{{上下文名称参数}}
{{Name Of Context Parameter}}
(包括2个大括号)
- 按Enter确认/保存
下次运行脚本-一切正常
Next time you run the script - all works
这就是我的工作方式...
This is how it worked for me...
这篇关于防伪令牌和Web测试的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
