Azure Load Testing
An Azure service that enables developers and testers to generate insights on how to improve the performance, scalability, and capacity usage of their application
How to perform Azure Load Testing for Secure Endpoints with Auth0 Session-Based Authentication
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 13%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Parth Patel
0
Reputation points
A load testing scenario is being set up for a secure endpoint using Azure Load Testing within an application stack that includes:
- Frontend: React + Next.js
- Authentication: Auth0 with session-based authentication (tokens stored in cookies)
Steps Taken So Far:
- Created a simple test in Azure Load Testing:
- Method:
GET- URL:
https://domain.com/my-page-with-secure-endpoint- Headers:
-
Authorization: Bearer my-token(copied manually from browser DevTools)- Added the authorization header, but the request resulted in a 307 Temporary Redirect instead of a 200 OK.
- Tried passing session-based tokens in headers:
- Auth0 session tokens are stored in cookies (
appSession.0,appSession.1).- In headers, added
Cookie: appSession.0=token; appSession.1=token- The request still resulted in a 307 Temporary Redirect instead of a 200 OK.
- Checked Azure Load Testing documentation:
- Noticed references to using JMeter
.jmxfiles, but only an option to upload a.csvfile was available.- Uploaded a CSV file with username and password.
- Set the login URL as the request URL and attempted to use the generated token in the next API call.
- The CSV file does not have any headers—it only contains:
user1@example.com,MySecurePassword- Specified `username,password` as the **variable names** in Azure Load Testing. - Encountered the following error when running the test with the login URL: - ❌ **"File login-jmeter.csv must exist and be readable"** - Using a **single user to send 100 requests** for the test.
- Set the login URL as the request URL and attempted to use the generated token in the next API call.
- Uploaded a CSV file with username and password.
- Noticed references to using JMeter
- In headers, added
- Auth0 session tokens are stored in cookies (
-
- Headers:
- URL:
- Method:
Questions:
- What is the correct way to authenticate session-based authentication in Azure Load Testing?
- Should the full login request headers (captured via DevTools) be passed in Azure Load Testing?
- Is the
Authorizationtoken alone sufficient?- Do session cookies need to be handled differently in Azure Load Testing?
- How can the token be dynamically fetched and used during the test?
- If dynamic authentication is necessary, how should this be configured in Azure Load Testing?
- Given that
.jmxfiles cannot be uploaded, what alternative is available to pass authentication dynamically?
- Given that
- If dynamic authentication is necessary, how should this be configured in Azure Load Testing?
- Is the
- Should the full login request headers (captured via DevTools) be passed in Azure Load Testing?
The primary goal is to obtain load testing data for the secure endpoint, and there's a willingness to add statically generated tokens or cookies. Any guidance on properly managing Auth0 authentication in Azure Load Testing would be greatly appreciated! 🚀
Azure Load Testing
Sign in to answer