我正在使用 WCAT 对 ASP.NET MVC 应用程序执行负载测试。因为这个应用程序使用了防伪令牌安全验证,所以我想知道是否可以在 WCAT 脚本值中动态生成 postdata 值,以便在每次获得防伪 cookie 值时注入有效令牌。
有任何想法吗?提前致谢。
问问题
480 次
1 回答
1
I'm sure it could be done, but I am not aware of a way to script a WCAT transaction that will produce a valid anti-forgery token.
Instead, what I have done is to implement a conditional filter which applies the ValidateAntiForgeryTokenAttribute() to all my POST actions. Once you have the conditional filter in place you can then add an AppSettings value which allows you to turn on/off the attribute. i.e. when you are load testing, you turn it off.
You can learn how to implement a conditional filter here.
In my project, I enable and disable the conditional filter in the Global.asax.cs Application_Start() like this:
bool useAntiForgeryToken = string.Compare(ConfigurationManager.AppSettings["useAntiForgeryToken"], "true", StringComparison.InvariantCultureIgnoreCase) == 0;
if (useAntiForgeryToken) {
// Ensure that all POST actions are automatically decorated with the ValidateAntiForgeryTokenAttribute.
IEnumerable<Func<ControllerContext, ActionDescriptor, object>> conditions =
new Func<ControllerContext, ActionDescriptor, object>[] {
(controllerContext, actionDescriptor) =>
string.Equals(controllerContext.HttpContext.Request.HttpMethod, "POST", StringComparison.OrdinalIgnoreCase ) ? new ValidateAntiForgeryTokenAttribute() : null
};
// Create the conditional filter using the condition we defined
var provider = new ConditionalFilterProvider(conditions);
// And add the conditional filter
FilterProviders.Providers.Add(provider);
}
And I have an AppSetting like this in my web.config:
<appSettings>
<add key="useAntiForgeryToken" value="true">
</appSettings>
Note: in addition to disabling the anti forgery token, you will also need to set the requestValidation mode to 2.0 in your web.config, like this (reference):
<httpRuntime requestValidationMode="2.0">
Once you have those things in place, run your WCAT scripts again and you should be golden.
于 2013-11-28T02:10:13.163 回答