2

I'm trying to automate testing of an ASP.NET (not MVC) website that uses Forms authentication.

I want to simulate what happens when a user submits a particular form; to do this, my code can POST to the corresponding URL - but that won't work unless my code can first log in as my test user.

I've tried posting to the LogOn page (supplying a suitable username and password), but this fails - and I think it fails because the website uses ASP.NET event validation. (If I use Fiddler to watch what's sent to and from the browser, there's an __EVENTVALIDATION hidden form item).

I'm guessing that I'll need to visit the login page once, get the __EVENTVALIDATION value, and include that when I post the username and password to the LogOn page?

Is that all I need to do, or is spoofing a Forms-authentication-based website a non-starter?

Gary McGill
  • 26,400
  • 25
  • 118
  • 202
  • possible duplicate of [HttpClient and forms authentication in C#](http://stackoverflow.com/questions/640116/httpclient-and-forms-authentication-in-c-sharp) – CodeCaster May 04 '15 at 14:07
  • @CodeCaster: I've edited the question to include the extra complication of __EVENTVALIDATION which is not addressed in the question you referenced. – Gary McGill May 04 '15 at 14:28

1 Answers1

4

Well, in case it helps anyone else, I was able to get this working by issuing a GET request to the LogOn page, extracting the values of the __EVENTVALIDATION, __VIEWSTATE and __VIEWSTATEENCRYPTED hidden form fields from the returned HTML, and then POSTing those values back to the LogOn page along with the rest of my form values (user name and password).

I'm using a single instance of HttpClient throughout, so the ASP.NET session cookie is preserved between requests.

Gary McGill
  • 26,400
  • 25
  • 118
  • 202