SoapUI and AntiForgeryTokens
I am trying to do something with SoapUI, and I'm suspecting that itis not possible. I'm hoping someone here can prove me wrong. My situation is this: We have an API that we'd like to start testing with SoapUI. Typical, right? There's a slight rub though: before we can make any API calls, we must get authenticated.In order to get authenticated, we must not only submit a username and password, but one of MVCs AntiForgeryTokens that is automatically generated and stuck in a hidden form field. I can think of several solutions to this, but I'm not sure that SoapUI can do any of them (though admittedly I am a total newbie when it comes to SoapUI). 1.) Have SoapUI bring up the login page, let the tester login normally, and then have the test proceed with the stored cookie. 2.) Load the login page, scrape the token from the form field, and then submit it. My fear is that the AntiForgeryToken system was designed to prevent people from doing exactly what I am trying to do, that is submit web requests via automated means. If anyone has any information on how I might implements one of my ideas, or better yet, an even smarter solution to this problem, I would be very grateful.2.2KViews0likes3Comments