Testing of SharePoint Applications


Using WAPT Cloud, you can test web applications based on SharePoint platform.

SharePoint applications use special tokens called "request digest" or "form digest" to validate POST requests to SharePoint. There are several ways to transfer the Request Digest value in the server response:

Response to the SOAP request
Responses to the REST API or JSON requests
X-RequestDigest response header
AJAX UpdatePanel Controls
Hidden fields of server response

There is a special function in WAPT Cloud - $RequestDigest which can find any of these Request Digest values in server responses and automatically parameterize them.

  1. Response to the SOAP request
    In the SOAP approach the response body looks something like:
    <?xml version="1.0" encoding="utf-8"?>
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <soap:Body>
            <GetUpdatedFormDigestInformationResponse xmlns="http://schemas.microsoft.com/sharepoint/soap/">
                <GetUpdatedFormDigestInformationResult>
                    <DigestValue>0x1122334455 ... FF,27 Jul 2015 03:06:54 -0000</DigestValue>
                    <TimeoutSeconds>1800</TimeoutSeconds>
                    <WebFullUrl>$(SPWebUrl)</WebFullUrl>
                    <LibraryVersion>16.0.3208.1222</LibraryVersion>
                    <SupportedSchemaVersions>14.0.0.0,15.0.0.0</SupportedSchemaVersions>
                </GetUpdatedFormDigestInformationResult>
            </GetUpdatedFormDigestInformationResponse>
        </soap:Body>
    </soap:Envelope>
    
    WAPT Cloud extracts the Request Digest value from the DigestValue block.

  2. Responses to the REST API or JSON requests
    In the REST approach the response body looks like the following:
    {
        "FormDigestTimeoutSeconds" : 1800,
        "FormDigestValue" : "0x1122334455 ... FF,27 Jul 2015 03:06:54 -0000",
        "LibraryVersion" : "16.0.4230.1217",
        "SiteFullUrl" : "$(SPSiteUrl)",
        "SupportedSchemaVersions" : ["14.0.0.0", "15.0.0.0"],
        "WebFullUrl" : "$(SPWebUrl)"
    }
    
    WAPT Cloud extracts the Request Digest from the FormDigestValue property.

    In case of JSON requests WAPT Cloud also extracts the Request Digest value from the FormDigestValue property and creates the corresponding variable:



  3. X-RequestDigest response header
    Request Digest values can be transferred in the headers of server response to a POST request. WAPT Cloud finds the X-RequestDigest value in the header and creates the corresponding variable:



  4. AJAX UpdatePanel Controls
    In this case you will see the Request Digest values in the code of server response in the following way: |__REQUESTDIGEST|. WAPT Cloud will extract the |__REQUESTDIGEST| parameters from the responses and correctly parameterize them.

  5. Hidden fields of server response
    WAPT Cloud finds a Request Digest value in the hidden fields of server response and creates the corresponding variable:



In all these cases, WAPT Cloud extracts the Request Digest values from server responses and correctly parameterizes them. When the program finds a new Request Digest value during recording, it automatically creates a variable using the $RequestDigest function and substitutes it to the corresponding places where that Request Digest value was used: to the form (POST parameters of the 'Form-Data' type):



and/or to the headers of the corresponding requests:



SharePoint uses the Request Digest header to prevent the replay attacks. When you send a POST request to the SharePoint server, it expects to see a valid Request Digest header; otherwise you can probably get a 403 error.

All parameterization work is done automatically by WAPT Cloud during recording, so you will not need to parameterize the Request Digest values manually.

Next page