I have to record a load test for a successful login and further browsing in to the asp.net application.
After recording the script in jmeter, my samplers are 1) get request (login page) 2) post request (posting the credentials and click login) 3)and other samplers (after successful login).
My problem is it shows incorrect username password error(manually it is working) whenever i play the the script, i have parameterized the valid credentials, also did correlation(by seeing the post request i got to know the fields that were posted) with event state validation, viewstate genearator, viewstate and hdnkey from get response(sampler 1) to my post request(sampler 2) and tried again, but i am getting the same error everytime.
Please let me know, what should be done to login successfully. So i can perform the load test on this asp.net application.i have came accross lots of sites for this issue but nothing solved it. Please help!
You can try to debug your JMeter script. Look here and here. I would use Debug Sampler as the first step for seeing variables values.
You can use tool like Fiddler to record the requests that are made when you manually login into the site. Then you can compare them with your JMeter script.
Make sure to add HTTP Cookie Manager to your Test Plan
Make sure to correlate any dynamic parameters like View State, EventValidation, etc.
Run your test with 1 virtual user and 1 loop and inspect request and response details using View Results Tree listener. Compare requests you send with JMeter with what real browser sends (can be found in your browser Developer Tools "Network" tab") - requests should be the same (apart from dynamic parameters)
Check out ASP.NET Login Testing with JMeter article for example test plan building explained.
Related
I'm trying to scrape some pages on a website that uses ASPX forms. The forms involve adding details of people by updating the server (one person at a time) and then proceeding to a results page that shows information regarding the specified people. There are 5 steps to the process:
Hit the login page (the site is HTTPS) by sending a POST request with my credentials. The response will contain cookies that will be used to validate all subsequent requests.
Hit the search criteria page by sending a GET request (no parameters). The only purpose of this is to discover the __VIEWSTATE and __EVENTVALIDATION tokens in the HTML response to be used in the next step.
Update the server with a person. This involves hitting the same webpage in step 2 but using a POST request with form parameters that correspond to the form controls on the page for adding person details and their values. The form parameters will include the __VIEWSTATE and __EVENTVALIDATION tokens gained from the previous step. The server response will include a new __VIEWSTATE and __EVENTVALIDATION. This step can be repeated using the new __VIEWSTATE and __EVENTVALIDATION, or can proceed to the next step.
Signal to the server that all people have been added. This involves hitting the same page as the previous 2 steps by sending a POST request with form parameters that correspond to the form controls on the page for signalling that all people have been added. The server response will simply be 25|pageRedirect||/path/to/results.aspx|.
Hit the search results page specified in the redirect response from the previous step by sending a GET request (no parameters - cookies are enough). The server response will be the HTML that I need to scrape.
If I follow the process manually with any browser, filling in the form controls and clicking the buttons etc. (testing with just one person) I get to the results page and the results are fine. If I do this programmatically from an application running on my machine, then ultimately the search results HTML is wrong (the page returns valid HTML, but there are no results compared with the browser version and some null values were there should not be).
I've run this using a Java application with Apache HttpClient handling the requests. I've also tried it using a Ruby script with Mechanize handling the requests. I've setup a proxy server using Charles to intercept and examine all 5 HTTPS requests. Using Charles, I've scrutinized the raw requests (headers and body) and made comparisons between requests made using a browser and requests made using the application(s). They are all identical (except for the VIEWSTATE / EVENTVALIDATION values and session cookie values, which I would expect to differ).
A few additional points about the programmatic attempts:
The login step returns successful data, and the cookies are valid (otherwise the subsequent requests would all fail)
Updating the server with a person (step 3) returns successful responses, in that they are the same as would be returned from interaction using a browser. I can only assume this must mean the server is updating successfully with the person added.
A custom header is being added to requests in step 3 X-MicrosoftAjax: Delta=true (just like the browser requests are doing)
I don't own or have access to the server I'm scraping
Given that my application requests are identical to the browser requests that succeed, it baffles me that the server is treating them differently somehow. I can't help but feel that this is an ASP.net issue with forms that I'm overlooking. I'd appreciate any help.
Update:
I went over the raw requests again a bit more methodically, and it turns out I was missing something in the form parameters of the requests. Unfortunately, I don't think it will be of much use to anyone else, because it would seem to be specific to this particular ASP servers logic.
The POST request that notifies the server that all people have been added (step 4) requires two form parameters specifying the county and address of the last person that was added to the search. I was including these form parameters in my request, but the values were empty strings. I figured the browser request was just snagging these values because when the user hits the Continue button on the form, those controls would have the values of the last person added. I figured they wouldn't matter and forgot about them, but I was wrong.
It's a peculiar issue that I should have caught the first time. I can't complain though, I am scraping a site after all.
Review Charles logs again. It is possible that the search results and other content may be coming over via Ajax, and that your Java/Ruby apps are not actually doing all of the requests/responses that happen with the browser. Look for any POST or GET requests in between the requests you are already duplicating. If search results are populated via Javascript your client app may not be able to handle this?
While executing jmeter script recording in asp dot net webpage, the request is given as POST request in script but in results it shown as a node having 2 request, the first one is having "POST" request but the response data for that request appears as "Object moved to here". The follow redirected option is enabled. The second request is going to the correct page and posting the data but the request is given as GET. Is there any other methods by which the Object moved to here/Response code 302 can be avoided?
Added the screenshots for View state and Event validation post processors and the request in which the post processors are used.
Attached screenshots.
Check out ASP.NET Login Testing with JMeter for step-by-step walkthrough on how to get started with performance testing of ASP.NET-powered web applications and troubleshooting tips.
You are probably missing the extraction of either a header or hidden form .
Usually for Asp it's viewstate , check this blog :
http://www.markschabacker.com/blog/2013/05/10/jmeter_with_webforms_authentication/
I see in your login request a __ViewStateEncrypted, did you also variabilize it ?
Compare a login recorded with login by jmeter to see the differences.
One other possibility, try for login switching from Httpclient4 to Java implementation.
I am having a problem implementing Microsoft's latest Identity 2.0 in my ASP.net 4.5 Web Forms project. This is my scenario...
I have downloaded the latest Webforms.Samples code from https://aspnet.codeplex.com/SourceControl/latest and pretty much performed a straight port (for the purposes of testing) into my project.
In development, the code/implementation works correctly, when we move to our IIS 7.5 staging server, after a period of time (usually 3 or 4 hours, but varies) the test users experience the following problem...
When they login, the login process appears to run correctly and redirects them back to the specified return url, but the authorisation is not complete/recognised and they get immediately returned back to the login page.
I should say that the login page/process doesn't fail (no errors) and the underlying code return 'success' (as this is the only path that will invoke the redirect), but the actual mechanism appears to be passive. To prove this, I have created a test page that simply echoes the user's identity and even immediately after an apparently successful login, the user identity is anonymous.
The only way I have found of fixing the issue is to restart the web application and again it runs fun for a while.
Can anyone give me any pointers on where I can look to begin to debug this issue or what the cause might be?
Thanks.
ASP.NET_SessionId + OWIN Cookies do not send to browser This page seems to provide a workaround to the issue by creating a session on application start up.
Starting with this great analysis by #TomasDolezal, I had a look at both the Owin and the System.Web source.
The problem is that System.Web has its own master source of cookie information and that isn't the Set-Cookie header. Owin only knows about the Set-Cookie header. A workaround is to make sure that any cookies set by Owin are also set in the HttpContext.Current.Response.Cookies collection.
The workaround I created is now outdated: I've made a small middleware
(source, nuget) that does exactly that, which is intended to be placed immediately above the cookie middleware registration.
Use Microsoft's suggestion of a SystemWebCookieManager instead.
First I have added HTTP proxy server and recorded whole login and logout action.
after running script in view result tree, i have selected HTTP(downloaded) but in response data it is displaying an error message to enter your email address and enter your password error.
Please help me to solve this problem.....
Note: Username and password fields are in home page. So, i have to login through home page.
First of all try adding a HTTP Cookie Manager to your Test Plan which should be smart enough to deal with sessions and cookies.
I also recall that ASP.NET powered websites require dynamic parameter called VIEWSTATE or something like that. You'll additionally need to add some correlation to your tests, t.w.
Open Home Page
Obtain VIEWSTATE value via Regular Expression Extractor Post Processor and store it to a JMeter Variable, i.e. ASPNET_VIEWSTATE
Add a corresponding parameter to next request in "Parameters" stanza as VIEWSTATE = ${ASPNET_VIEWSTATE}
What is to be done?
We have an application deployed on the Sharepoint (corporate) Server which uses the windows credentials to log into the application.
App URL format: http://testmachine:1000/sites/test/
Windows Credentials Format: user_id#domain.co.in
The objective is to perform the load/performance testing on the application (especially the log in functionality) for such n number of users.
Normally when I hit the app URL in the Firefox/IE, it pops up a window asking for credentials. I enter the credentials, browse the app and then log out. I intend to capture this in JMeter and simulate this for large number of users.
Where I’m stuck?
Now I start the JMeter proxy server, and then try the same steps as above. But when the pop up window appears, JMeter simply doesn’t record the it nor it does record anything else after the login.
What I’ve tried?
If I try the same steps after enabling “Automatically detect intranet network” in IE, then it simply auto detects my windows credentials (No credentials pop-up), logs me into the app (this is not recorded in JMeter either) and takes me to the home page. And any page thereafter I hit gets recorded in JMeter.
I’ve also tried to use the HTTP Authorization Manager using following parameters:
BaseURL : http://testmachine:1000/sites/test/
Username: DOMAIN\USER_ID
Password: i_wont_tell_you
Domain: \
Realm:
It didn't help. I am quite confused about how-to-use the above element. And not even sure whether its a right approach to get the solution to my problem.
Any help/suggestions?
P.S. I know about a tool called Badboy, but have to go for it as a last resource. Also not even sure if it records the pop windows.
And sorry if the post is verbose.
UPDATE:
I have also tried -
Username: USER_ID and Domain: my_company_domain
But this is not the actual problem. Problem is, when I try to hit the pages (automation) which I've recorded previously return success response even if I haven't used the HTTP Authorization Manager. I'm not sure what I'm missing.
OK. Finally I got what was missing.
First, I had to change the implementation of every request to HttpClient3.1
Second, it was really frustrating to see that JMeter documentation was misleading.
It says that the config file httpclient.parameters, should be edited as following:
http.authentication.preemptive$Boolean=false
But it didn't work. Changing it to true worked like a charm.
Hope this helps other people.
JMeter works at the HTTP layer so the proxy will only capture requests made over this protocol layer. It sounds to me like you have already found the right approach to use for recording by using '“Automatically detect intranet network” in IE', you can use this method to capture most requests and you will have to figure out authentication manually. How you do this depends on how your application communicates with your server to authenticate a user.