My goal is to upload a file via HTTP POST Request in JMeter. However, this POST request requires a __RequestVerificationToken, which is missing in the HTML of the page.
The problem: While I was able to
However, if you look at the Request Headers of an example /UploadFile POST request (or any GET request of that page) in the browser, you can see that an anti-forgery token has been used, that differ from the token used for logging in.
Error: The provided anti-forgery token is not correct for the current user.
Both requests have the same Cookies (incl. Token). What am I missing?
It should be in the previous response body or headers, you need to take a closer look and you will see it.
If you cannot detect the token you can use your browser developer tools to record your test case traffic and save it into HAR file (which is basically a JSON-like structure). Use your favourite text/JSON viewer/editor and look for the token, I'm 100% sure you will be able to find it somewhere in the previous response.
More information: What is CSRF & How to Load Test CSRF-Protected Websites