Silent passport authentication from web and load test in VSTT

1. Open IE and clear all cookie cache.

2. Start fiddler.

3. Browse application in IE.

4. It will cause redirect to passport login page.

5. Authenticate. We will land up to home page.

6. Stop fiddler.

7. Examine http traces:

a. Filter out request for CSS, JS, images etc. for ease of reading.

b. Examine POST request made to home page in the trace. Examine cookies collection for this request.

c. The one’s which are of interest to us is: -


ii. MSPP_RPSSecAuth

8. Above cookies uniquely identify a given logged in user. For that browser session all subsequent requests will use these cookies for authentication, failing which, will redirect user back in login page. Session persists for 24 hours from the time of login.

9. Next step is to create web test.

10. Create a web test and add a request for same home page. We will now modify headers collection for this request.

a. Right click on request and “Add Header”.

b. Add above cookies in cookie collection with their respective values. For example,

Cookie= MSPP_RPSAuth= <pick value from trace> ; MSPP_RPSSecAuth= <pick value from trace>;

11. We are done!! Executing this web test will directly take you to home page by impersonating the user.

12. Above web test can be used in load test as well.

Hope that helps,