JonBoyLM

I've created a webtest for the sole purpose of making sure access to my company's help pages are inaccessible without proper login. So I recorded a countless number of pages within. The problem I'm coming across, is that when I run this test all of these pages actually display when they should not. I'm wanting to believe the reason for this is that there are cookies set to each of these page requests. Is there an easy way to find out if this is the problem or better yet fix then requests to not use cookies

Thanks,

Jon



Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

slumley MSFT

are you setting the web test to run as a user that does not have access to the pages






Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

JonBoyLM

No, Perhaps this is the problem Our company has just implemented VSTS, so we're all relatively unfamiliar with how this testing works. Where would I access a setting such as this Is this something you must setup before actually recording the test or is it something that you can edit after the fact to apply to specific runs




Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

slumley MSFT

Open the web test in the web test editor.

Click on the root node of the web test

Set the user name and password property. The user property can be domain\user

You can also databind to these fields. So if you have a list of users and passwords that you want to simulate, you can bind these fields to that list or database table.

By default, the user we simulate is the user that runs the test.






Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

JonBoyLM

This is beneficial information to have, but as for my current problem it dos not seem to accomplish what I'm looking for.

If I set these fields to something random I would expect it to work as if I don't have access What I want to be able to do is run the test as if the user is just someone random that does not have access.(no username and password)

I entered in random username and password and the test still runs these pages that are protected without proper access. If I try to load these links in my regular browser I cannot access them, why then is it that I can through this test

Is there another way perhaps around this or am I still going about this incorrectly





Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

Chris Lively

How are these pages secured

In other words, is the website set up for Integrated Windows Authentication If so, then you have two options:

1) Run the test from a machine that isn't part of your domain.

or,

2) remove the Integrated Windows Authentication from your site.

Your best bet is the "clean" solution of running it from a machine that is not part of the domain anyway.






Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

Ed Glas - MSFT

There are different ways to configure your app for login, one is windows auth, in which case the user name and password web test properties are used. The other is via forms authentication, in which case login is done from a web page. In that case, you have to set the user name and password form post parameters. Which kind of authentication does your site use

Ed.






Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

JonBoyLM

"custom form with username/password and a browser session cookie ĘC anonymous web user is used." from one of our developers.

Then by your suggestion I should be setting those parameters.. If I set them to something random I should not have access correct

I've done this and it made no difference. I'll still try from a computer outside our domain.(haven't gotten to it yet)

I also just wanted to say thanks for everyone's input so far!





Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

Ed Glas - MSFT

Ok, so you found the login page in the request list and set the username and password form post parameters

If you run the test, then select the login page in the request tree, can you see in the request tab that user name and password are getting set as you expected

Ed.






Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

JonBoyLM

I tried this and it shows it as entering the login and password I had changed. When it gets to the actual pages I want to check are inaccessible, they atill show up.

I spoke with one of our developers today and he suggests it has to do with the session cookies.

So I checked the request tab in the test details from a random request and there is a sessionID cookie

Cookie : ASP.NET_SessionId=vujhpz45drtamy3rdb5kdf45

Is there a way to remove this from the request The web test I recorded is enormous and it would take a very long time to go through and remove this from all requests if it is. So even if there is a way to record without cookies or something along those lines.

Thanks





Re: Visual Studio Team System - Web and Load Testing Webtests Cookies?

Ed Glas - MSFT

If you are just running the web test, the server is generating the cookie while the test is running, it is not recorded. Look at the cookies in the very first request, you won't see this one.

You can find a set-cookie header in a response to see which response is adding the cookie.

Ed.