Azure Load Testing
An Azure service that enables developers and testers to generate insights on how to improve the performance, scalability, and capacity usage of their application
78 questions
How to perform Azure Load Testing for Secure Endpoints with Auth0 Session-Based Authentication
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 13%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Parth Patel
0
Reputation points
A load testing scenario is being set up for a secure endpoint using Azure Load Testing within an application stack that includes:
- Frontend: React + Next.js
- Authentication: Auth0 with session-based authentication (tokens stored in cookies)
Steps Taken So Far:
- Created a simple test in Azure Load Testing:
- Method: GET
- I am testing a secure page that requires authentication. The exact URL structure is similar to https://example.com/secure-endpoint
- Added Authorization header with a bearer token. (copied manually from browser DevTools)
- Added the authorization header, but the request resulted in a 307 Temporary Redirect instead of a 200 OK.
- Tried passing session-based tokens in headers:
- Auth0 session tokens are stored in cookies (appSession.0, appSession.1).
- Included session cookies (appSession.0 and appSession.1) in headers.
- The request still resulted in a 307 Temporary Redirect instead of a 200 OK.
- Checked Azure Load Testing documentation:
- Noticed references to using JMeter .jmx files, but only an option to upload a .csv file was available.
- Uploaded a CSV file with username and password.
- Set the login URL as the request URL and attempted to use the generated token in the next API call.
- The CSV file does not have any headers—it only contains myusername and mypassword seperated by comma in single cell.
- Specified username,password as the variable names in Azure Load Testing.
- Encountered the following error when running the test with the login URL
- "File login-jmeter.csv must exist and be readable"
- Using a single user to send 100 requests for the test.
Questions:
- What is the correct way to authenticate session-based authentication in Azure Load Testing?
- Should the full login request headers (captured via DevTools) be passed in Azure Load Testing?
- Is the Authorization token alone sufficient?
- Do session cookies need to be handled differently in Azure Load Testing?
- How can the token be dynamically fetched and used during the test?
- If dynamic authentication is necessary, how should this be configured in Azure Load Testing?
- Given that .jmx files cannot be uploaded, what alternative is available to pass authentication dynamically?
The primary goal is to obtain load testing data for the secure endpoint, and there's a willingness to add statically generated tokens or cookies. Any guidance on properly managing Auth0 authentication in Azure Load Testing would be greatly appreciated!
Sign in to answer