Capturing Form Variables and Injecting into Subsequent Requests
In certain application scenarios like ASP.NET Forms you may need to capture values on one page and provide that value on a POST back page. In ASP.NET this is the
__RequestVerificationToken that is captured the
GET page, and then has to be provided as part of the
POST request for validation of the request.
There may be other scenarios such as validation algorithms or some login routines that require you to capture form variables and provide them in subsequent requests for submission.
You can do this in WebSurge as follows. I'll use Request Validation in ASP.NET as an example.
In order for form variable capture to work, you need to configure User Sessions for at least one User Session. You can find out more about how to set up User Sessions here.
This is done so the captured form variables can be scoped to a specific user as it's possible for multiple users to use separate sessions during a load test. Ideally you'll want to match your number of users to the number of threads you're running in a load test.
ASP.NET Request validation works by creating a unique token on the initial forms page when accessing via a
GET operation. A
__RequestVerificationToken is created and embedded into the initial page request (token truncated for readability):
<input name="__RequestVerificationToken" type="hidden" value="CfDJ8MEIzOTexpVHiU3PqQ5v04rX7IXhWWOG" />
You can capture this value in an HTTP request in WebSurge like this:
User-Agent: Mozilla/5.0... Accept: text/html WebSurge-Request-CaptureFormVariable: __RequestVerificationToken
You specify a form variable by name to be captures via the
This WebSurge specific header allows you to specify a name of a form variable to be captured and stored with a specific user session.
WebSurge-Request-CaptureFormVariable captures the form variable and stores it in the active session user record.
Sessions execute in sequential order and as subsequent requests are accessed they have access to this variable.
To inject a previously captured form variable you can use the
WebSurge-Request-InjectFormVariable header with the name of the variable. For ASP.NET Request validation that value is
Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0... Accept: text/html WebSurge-Request-InjectFormVariable: __RequestVerificationToken
By doing this WebSurge does the following:
- Checks if a Users are configured for the session
- Looks up the session specific user
- Checks it's Captured Form Variables list
- If it finds a match, adds the variable to the request form variables
POST content with the updated token then looks like this:
loginData.Username=webstoreuser loginData.Password=cragglyGoatMachine#1 SignoutAction= _RequestVerificationToken=CfDJ8MEIzOTexpVHiU3PqQ5v04rX7IXhWWOG
Comment or report problem with topic