# 13.1: Test Login

In this section, we begin Postman testing with the login page.

## Test the URL

You may want to work on another branch

1. Make sure **ElevenNote.Web** is still the startup project
2. Run the app and log off if you're logged in
3. Copy the URL **localhost:XXXXX**
   * XXXXX stands for whatever number your port is in the address bar
4. Open Postman
5. Close the window that comes up
6. Paste the URL, set the request to **POST** and press **Send**

   ![Postman](https://3258533034-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LAU8YfMZK4G04fkoGGv%2F-LAxmw8y5qK1VLyUF4ln%2F-LAxmxfJLQYMN_2WRgPs%2F13.1-A.png?generation=1524676422407891\&alt=media)

## Test the Login URL

1. Login in to your ElevenNote app
2. Back in Postman, add **/Account/Login** to the URL and make sure the request is set to **POST**
3. Click on the **Body** tab, select **x-www-form-urlencoded**, and add the three key/value pairs as shown below:

   ![Postman Login](https://3258533034-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LAU8YfMZK4G04fkoGGv%2F-LAxmw8y5qK1VLyUF4ln%2F-LAxmxgYUURj3tajBn-d%2F13.1-B.png?generation=1524676422414362\&alt=media)
4. You should get a *500 Internal Server* error. Error codes are explained in [section 19.](https://eleven-fifty-academy.gitbook.io/dotnet-201-elevennote/elevennote-api-parts-13-19/part-19-postman-tips/19.0-postmantips)

   ![500](https://3258533034-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LAU8YfMZK4G04fkoGGv%2F-LAxmw8y5qK1VLyUF4ln%2F-LAxmxhGc-gGD5xiT5SI%2F13.1-500.PNG?generation=1524676423462888\&alt=media)
5. Looking at the response, it seems we need a token to log in.
6. Stop the app

## Test the `[ValidateAntiForgeryToken]`

1. Open **ElevenNote.Web -> Controllers -> AccountController**
2. Comment out `[ValidateAntiForgeryToken]` above the login method
3. This is temporary, we'll change it back

   ```csharp
    [HttpPost]
    [AllowAnonymous]
    //[ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
    {
        if (!ModelState.IsValid)
    }
   ```
4. Run the app and login
5. Go to Postman and hit **Send** again with the same request
6. You should get *200 OK*

   ![OK Postman](https://3258533034-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LAU8YfMZK4G04fkoGGv%2F-LAxmw8y5qK1VLyUF4ln%2F-LAxmxkzYSJacKMjWg3N%2F13.1-C.png?generation=1524676420917891\&alt=media)
7. **DO THIS IMMEDIATELY:** Stop the app
8. Un-comment `[ValidateAntiForgeryToken]`, restart the app, and login.
9. Retest in Postman, you should get the *500* error again.
10. Stop the app

[Next,](https://eleven-fifty-academy.gitbook.io/dotnet-201-elevennote/elevennote-api-parts-13-19/part-13-api-intro/13.2-ssl) we'll add SSL for release builds.