locked
Testing Blackboard - encoded password on login page RRS feed

  • Question

  • Hi,

    I wonder if anyone in this forum has came across with doing some web testing on a Blackboard site. Blackboard is a VLE used in some uni and colleges. It is java based. On the Blackboard login page, you type in a user name and a password. The trouble is the password is posted as an encoded password. Every time, even if I log in using the same username, the encoded password is different. Please see below;

    1st Login: user_id=ABC&password=&login=Login&action=login&remote-user=&new_loc=%c2%a0&auth_type=&one_time_token=E35F389477E398B30925EA2B9B15423X&encoded_pw=BB7D2E492003496DC263AB8C294A780X&encoded_pw_unicode=4281ACAF78636BD22ACF91A21F37C372

    2nd Login: user_id=ABC&password=&login=Login&action=login&remote-user=&new_loc=%c2%a0&auth_type=&one_time_token=18F976EA494E9D15F40161A1A35F8618&encoded_pw=5C54CCBB746D1103198000153X88B9F7&encoded_pw_unicode=4BE635352B83B0D7310262DB4XB95773

    I captured these query strings from fiddler. The replay of the web performance test recording instantly failed. The replay did capture "one_time_token" as a dynamic parameter, and it works correctly. The encoded_pw and encoded_pw_unicode are recorded as static value.

    I don't know if the encoded_pw is related to the one_time_token, or it just related to the encoded_pw_unicode. Anyway the replay instantly failed. Instead of logging in, it goes to a page says valid authentication credentials were not provided.

    I then tried set credentials in the web test. Then run the test. It still shows an error in the login page step (a redirection to a invalid authentication page which is a validation error). But the rest of the test continued ok with the credentials just provided. I can see the contents inside Blackboard.

    Not sure what to do now. Wonder if anyone has tested Blackboard here before.

    Many thanks

       

     

    Wednesday, December 1, 2010 3:57 PM

Answers

  • Hello,

    Web test consists of a series of http requests and works by sending these requests. No matter how your web applicaiton is developed, as long as it works on http layer, it is ok with web test.

    About your issue, I suggest you consult with the developer about how the credential is passed to the server, then we can modify the requests of the web test to have it worked.

    Here is a great article offers detailed information about Web Test Authoring and Debugging Techniques you can refer to: http://blogs.msdn.com/b/edglas/archive/2007/12/02/web-test-authoring-and-debugging-techniques-for-vs-2008.aspx

    Thanks.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help
    Friday, December 3, 2010 5:52 AM
    Moderator