Need help with StresStimulus? Start here.
Problem on a site that uses Anti-Forgery Tokens
Nikola Lušic Posts: 3
12/29/2012
|
Hi there.
I'm trying out StresStimulus on a site i'm working on which uses Anti-Forgery Tokens. My problem is that even though I extract RequestVerificationToken from a hidden field in the parent request, and use it to replace the recorded value of the token in the POST request, I still get a 302 that redirects to logoin page instead a 200 with JSON data.
No matter what I tried, I could never get it to work properly, so I was wondering if I could maybe get an advice.
Thank you, Nikola
|
|
0
link
|
Vadim @StresStimulus Administrator Posts: 583
12/31/2012
|
Hi Nikola, I suggest checking out two possible issues:
- The Anti-Forgery Token is used in more than one request, so more requests have to be parameterized. To check this, select the _RequestVerificationToken field and click "Bulk clone parameterization rule" (the 2-nd button on the toolbar shown on your screenshot). StresStimulus will search all subsequent requests and will create similar parameterization rules, if more requests using the same token will be found.
- More dynamic parameters, besides the Anti-Forgery Token, are used by your application. In this case they need to be parameterized as well.
If none of these hints will help, I can offer you a WebEx session to check it out. We are in New York time zone and available from 7AM. If you let me know (via a private message or by e-mailing to support@StimulusTechnology.com) the times that works for you and your time zone, I will send you an invite.
Cheers, -Vadim
|
|
0
link
|
Nikola Lušic Posts: 3
1/4/2013
|
Thank you for your reply.
We figured out why it isn't working. There is another dynamic parameter in the header. Here is the header of the replayed test case that is giving us trouble:
The problem is that "Authorization: Basic" should be the same as "authkey". Unfortunately it is copied from the recorded case. Is there a way to parameterize a header?
Thanks, Nikola
|
|
0
link
|
Nikola Lušic Posts: 3
1/4/2013
|
I have no idea why haven't I noticed the Headers tab in the Parameters options. It is working perfectly now. Thank you for your support, and may I just say I'm very pleased with StresStimulus, keep up the good work.
Cheers, Nikola
|
|
0
link
|
Vadim @StresStimulus Administrator Posts: 583
1/4/2013
|
Nikola, I am glad that you found another parameter that has to be parameterized. And thanks for your kind words about StresStimulus!
Cheers, -Vadim
|
|
0
link
|
Copyright © 2024 Stimulus Technology