I need to test a web application using Selenium. The app is fairly common in its setup: it requires signing in for most of the functionality to be exposed. Upon loading a page, if the user is not authenticated, it will redirect to a login form and then back to the requested page once credentials are supplied.
What's the usual way to go around this with Selenium? I take it people are not logging in on every single test as this would cause significant overhead on big test suites. Is there a way to set up a session in a test and then use the cookie information for subsequent tests, or do a conditional sign-in (without incurring in massive code repetition!)?
I am using PHPUnit with Selenium ATM.
Thank you!
Gonzalo
(I'm using C#+NUnit+Selenium RC)
Most of the time, each test goes through the login form. However, if I'm writing a series of tests that are very short (< 10 seconds each) and there are a lot of them, I usually share the same browser instance across tests by moving the selenium start\close calls from the SetUp\TearDown methods to the Test Fixture SetUp\TearDown methods. This avoids the cost of re-authenticating as well as the cost of launching a new browser every time. I'm sure you can do something similar with PHPUnit.
If this is basic http auth you can use the username/password with the url request as documented in the Selenium FAQ: http://wiki.openqa.org/display/SEL/Selenium+Core+FAQ#SeleniumCoreFAQ-HowdoIuseSeleniumtologintositesthatrequireHTTPbasicauthentication%28wherethebrowsermakesamodaldialogaskingforcredentials%29%3F
How do I use Selenium to login to
sites that require HTTP basic
authentication (where the browser
makes a modal dialog asking for
credentials)?
Use a username and password in the
URL, as described in RFC 1738: Test
Type open
http://myusername:myuserpassword#myexample.com/blah/blah/blah
Note that on Internet Explorer this
won't work, since Microsoft has
disabled usernames/passwords in URLs
in IE. However, you can add that
functionality back in by modifying
your registry, as described in the
linked KB article. Set an
"iexplore.exe" DWORD to 0 in
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE.
If you don't want to modify the
registry yourself, you can always just
use Selenium Remote Control, which
automatically sets that that registry
key for you as of version 0.9.2.
Related
I want to automate requests on a website and when doing so, I need a session cookie in order to identify myself.
When checking the network tab, I can clearly see the session cookie, but when checking the Application tab, this cookie is not shown. After accessing this website with selenium and calling driver.get_cookies() with Python, I only get the cookies shown in the Application tab.
I need to do this with selenium because this way it's possible to login. Only using requests will not work.
I do not have many clues on how to get that cookie and have almost 0 experience in this field, hence my question.
Hi I would like to test using Jmeter for my application which has login page. I am able to write Sample http request for login page which is working ( passing username and password as POST parameters).
But the another Sample HttpRequest (home.do) is not working which is again redirecting to login page. I also added HttpCookieManager at Thread level. Not sure why the authentication is not carry forward to other pages, Can anyone please help me on this.
Most probably your test doesn't work due to missing or incorrect correlation. The absolute majority of modern web applications use dynamic parameters for different reasons (client state tracking, security, etc.) so you need to setup your test plan like:
Open Login Page (usually GET request)
Extract dynamic parameters
Perform Login (usually POST request), provide credentials and dynamic parameters extracted from the previous request
Extract dynamic parameters
Open Home Page (usually GET request)
etc.
You can extract dynamic parameters using JMeter Post-Processors
Also make sure you add HTTP Cookie Manager to your Test Plan to represent browser cookies and deal with cookie based authentication.
BTW, you can quickly build test plan "skeleton" by simply recording your test scenario using HTTP(S) Test Script Recorder
I am trying to use JMeter to test our Web Application. We originally used LoadComplete to test our Web Application, but because LoadComplete is not able to run on a non-GUI mode, we were not able to use the max stat’s from our test server (strain our 8 CPU’s and 8GB’s of RAM). That is why I moving towards JMeter (https://blazemeter.com/blog/5-ways-launch-jmeter-test-without-using-jmeter-gui).
The test includes logging in, choosing a specific app, do a simple task through this app and then end the recording. The HTTP Requests, which are failing are printing Failed Access on their Response Data on the View Results Tree.
I used the HTTP(S) Test Script Recorder to record each HTTP request. My JMeter project is failing on a few different HTTP Requests, which includes oauthtoken Get Request that includes jessionid="item", a GET resourceLastAccessedTime Request, and a couple GET resourceLastAccessedTime Requests. I tried to follow blazementer's guidance for how to use JMeter for Login Authentication, because these requests seem to be involved with the authentication of each user after logging in and the problem I am getting on Response data for each of these requests on the View Results Tree it says Access denied. (https://docs.blazemeter.com/customer/portal/articles/1743663-how-to-use-jmeter-for-login-authentication-).
One of the steps is to "copy and paste" the Parameters from the Post request after you login to these requests. I can add these parameters to these requests right below where it says Send Parameters with the request, but our POST request only has two parameters (the login name and the password). Is there somewhere else to look for these parameters?
I tried a combination of a lot of different attempts, but I am still unsuccessful (meaning: I moved the Regular Expression Extractor to a few different HTTP requests and I moved which HTTP requests to put those parameters and I have not been successful yet).
Do you know of a URL that could be helpful for this?
Don't trust Test Script Recorder! It doesn't follow any logic while recording your requests. It just records requests processed through proxy as they are. In case you use parameters that can't be defined as constants, the best way would be to rewrite the script manually.
Be patient and spend some hours (only once!) to learn how to construct any test scenarios (even complex) manually using Jmeter GUI. It will save you a lot of time for debugging.
It seems like (just a guess) that your test scenario doesn't contain Cookie Manager item. Based on what you wrote above, it seems like after logging to serer (by sending POST with login and password) it sets some cookies by Set-Cookie HTTP header. These cookies should be included in every next request as a prove that you successfully logged in before (the most common logic for simple web applications). So, if you get Access Denied, means you didn't include appropriate cookies in test request. Use Cookie Manager for that.
Feel free to ping me in case you need any assistance.
Jmeter help manual is all you need to know about how each element works.
P.S.: Jmeter also can generate distributed load from multiple slave servers, in GUI and CLI modes both. So, in case you need to stress your server yout, Jmeter is the best choise.
And welcome to Jmeter users family! Good luck.
On my computer, can I login to my web app, grab the cookie values, and have my selenium script use it to test the web app without having to login?
Is it also possible to modify the cookie expiration after logging in on my computer so that the cookie will won't expire when the selenium tests are running?
Is it possible to avoid having to write additional selenium logic to use the login form? If not, does it raise a cookie expired exception so that I know I need to re-login?
What about testing cookieless session webapps like Meteor.js?
Using .NET I know you can set the cookies, or at least retrieve them. Try placing your cookies there.
driver.Manage().Cookies = Your_Cookie_Object_Here;
I am trying to do a web test in VS2012 for an MVC site.
One of the scenarios is to login and go through a list of products, select the one you want and follow through to the purchase page.
Problem is that when the web test is run, I get an error about the anti forgery token and that it does not match.
How on earth is it possible to do the testing with the anti forgery token? The user must login - there will be thousands of users for the load test (eventually) but need to make it work for 1 user first.
the login view/action does do an AntiForgeryToken in the view and validation on the controller.
any advice and tips are appreciated.
Once you run your script and it fails, go to the call proceeding the one that fails.
Go to the response tab
In the body, find the __RequestVerificationToken name which is in an input tag and extract everything in between the value attribute.
Select the value and right click > add extraction rule and press OK.
You will find an Extraction rules folder and underneath it, the Extraction rule we just created. Feel free to rename the Context Parameter Name.
Go to the next page , which should be the one that failed, and find the Form Post Parameter named "__RequestVerificationToken". View it's properties
Bind it to the Context Parameter Name created previously. To do so, view the properties of this post parameter and set the "Value" to be:
{{Name Of Context Parameter}}
(Include the 2x curly braces)
Press enter to confirm/save
Next time you run the script - all works
This is how it worked for me...
I was seeing a similar problem. After recording a web test script, the script would fail at the point of log-in on with the following message:
The provided anti-forgery token was meant for user "Domain\UserName", but the current user is "".
The solution was to set the PreAuthenticate property to false in the test properties. By default the web tests will pass an authentication header to the server which was being used in the generation the token.
I am not familiar with "web testing in VS2012" but as I know "Anti-Forgery Token" requires sending the token from browser to the server back.
I had an experience with Selenium-Webdriver and suggest you use it because it provides an API to interact with supported browsers as real user does.
You can easily start using Selenium WebDriver if you add Selenium WebDriver 2.37.0 NuGet package to you test project.
Selenium-WebDriver makes direct calls to the browser using each
browser’s native support for automation. How these direct calls are
made, and the features they support depends on the browser you are
using.
Selenium-webdriver currently supports the following drivers:
Chrome
Internet Explorer
Firefox
Opera
HtmlUnit
Android