Skip to content

Load Tests

This document provides the details about how to track SQL, CPU and memory usage of:

  • The endpoints that we expect they will be more used in Security, providing the effective permissions for:
  • A user in a specific application.
  • A user in a specific application over an specific securable to perform an action.
  • Navigating to login screen and completing a happy login.

Solution Sequel.Security.LoadTests is organized as:

  • Web Tests without context parameters
  • Web and Load Tests with context parameters

Web Tests without context parameters

Test parameters like authorization token and data like users, applications, groups and securables are load automatically to set then randomly in the requests.

1. EffectivePermissionsTest webtest

This web test gets all effective permissions for a user in a specific application. Test is run from Visual Studio (opened as administrator).
The following steps are executed automatically when we open the EffectivePermissionsTest.webtest file and we click the button Run Test:

  1. Get the authorization token needed for the next 3 requests (Authorization\users, Authorization\applications and Authorization\groups) by 3 WebTestPlugin.
  2. Request all users (a WebTestRequestPlugin set the authorization header request and the apiServer context parameter, and a ExtractionRule plugin extracts the result in a context parameter).
  3. Request all applications (a WebTestRequestPlugin set the authorization header request and the apiServer context parameter, and a ExtractionRule plugin extracts the result in a context parameter).
  4. Request all groups (a WebTestRequestPlugin set the authorization header request and the apiServer context parameter, and a ExtractionRule plugin extracts the result in a context parameter).

  5. Request all effective permissions for an users in a specific application:

  6. A WebTestRequestPlugin set the authorization token, the apiServer context parameter at first, and then, it selects randomly a user, application and/or group (group of the selected application) as context parameters too.

  7. The request url is {{apiServer}}/Authorization/EffectivePermissions/{{username}}/{{applicationKey}}?groupKeys={{groupKeys}}.
  8. This request is in a loop which repeats the request the number of iterations we want to test

2. HasPermissionsTest webtest

This web test checks if a specific user in an application has permissions over a specific securable to perform an action. Test is run from Visual Studio (opened as administrator).

The following steps are executed automatically when we open the HasPermissionsTest.webtest file and we click the button Run Test:

  1. Get the authorization token needed for the next 4 requests (Authorization\users, Authorization\applications, Authorization\groups and Authorization\securables) by 4 WebTestPlugin.
  2. Request all users (a WebTestRequestPlugin set the authorization header request and the apiServer context parameter, and a ExtractionRule plugin extracts the result in a context parameter).
  3. Request all applications (a WebTestRequestPlugin set the authorization header request and the apiServer context parameter, and a ExtractionRule plugin extracts the result in a context parameter).
  4. Request all groups (a WebTestRequestPlugin set the authorization header request and the apiServer context parameter, and a ExtractionRule plugin extracts the result in a context parameter).
  5. Request all securables (a WebTestRequestPlugin set the authorization header request and the apiServer context parameter, and a ExtractionRule plugin extracts the result in a context parameter).

  6. Request if a user in an application has permissions over a securable to perform an action:

  7. A WebTestRequestPlugin set the authorization token, the apiServer context parameter at first, and then, it selects randomly a user, application, permission, securable (securable of the selected application) and/or a group (group of the selected application) as context parameters too.

  8. The request url is {{apiServer}}/Authorization/EffectivePermissions/{{username}}/{{applicationKey}}/hasPermission/{{permissionAction}}?securableKeys={{securableKeys}}&groupKeys={{groupKeys}}.
  9. This request is in a loop which repeats the request the number of iterations we want to test.

3. LoginTest webtest

The test simulates the session user navigating to login screen and completing a happy login (selected randomly, and repeating users). Test is run from Visual Studio (opened as administrator).
The following steps are executed automatically when we open the LoginTest.webtest file and we click the button Run Test:

  1. Get the authorization token needed for the next request (Authorization\users) by a WebTestPlugin.
  2. Request all users (a WebTestRequestPlugin set the authorization header request and the apiServer context parameter, and a ExtractionRule plugin extracts the result in a context parameter).
  3. Request the login GET action {{identityServer}}/Login), where a WebTestRequestPlugin set the identity Server context parameter .
  4. Request the login POST action {{identityServer}}/Login, where other WebTestRequestPlugin selects randomly a user as the username post parameter (password is the same for all the users).

  5. Request the logout action {{identityServer}}/LogOut.

  6. The three last requests (login/logout) are in a loop which repeats the requests the number of iterations we want to test.

Web and Load Tests with context parameters

We do not want to load test the requests neither to all users, applications, groups or securables. We want just to load test the request to all effective permissions. To get this goal we have to set manually all data as context parameters even the authorization token using the app.config file with the following settings:

  • identity server: url of authentication identity server to get the authorization token.
  • apiServer: url of security Api to request the authorization actions.
  • contextPath: directory which contains the json files with all the users, applications, groups and securables of the environment you are testing
  • authorization: token to authorize.

Note 1: the context json files should be updated manually with the values of the environment your are testing.
Note 2: you can get the token when debugging any of the three web test above. Authorization class has a breakpoint to get the authorization token when debugging a web test. Manually, just copy and paste it as the value of authorization setting before running or debugging some of the following web or load tests below.
Note 3. have a look at the Web Tests without context parameters details before having a look at some Web and Load Tests with context parameters:

1. ContextEffectivePermissionsTest webtest

This web test requests all effective permissions for a user in a specific application. Test is run from Visual Studio (opened as administrator).
The following steps are executed when we open the ContextEffectivePermissionsTest.webtest file and we click the button Run Test:

  • A WebTestRequestPlugin set the authorization token from the settings, the apiServer context parameter at first, and then, it selects randomly a user, application and/or group (group of the selected application) as context parameters too, from the json files in the context directory.
  • The request url is {{apiServer}}/Authorization/EffectivePermissions/{{username}}/{{applicationKey}}?groupKeys={{groupKeys}}.

2. ContextEffectivePermissionsTest loadtest

This load test executes the web test ContextEffectivePermissionsTest.webtest before.

3. ContextHasPermissionsTest webtest

This web test checks if a specific user in an application has permissions over a specific securable to perform an action. Test is run from Visual Studio (opened as administrator).

The following steps are executed when we open the ContextHasPermissionsTest.webtest file and we click the button Run Test:

  • A WebTestRequestPlugin set the authorization token from the settings, the apiServer context parameter at first, and then, it selects randomly a user, application, permission, securable (securable of the selected application) and/or a group (group of the selected application) as context parameters too, from the json files in the context directory.
  • The request url is {{apiServer}}/Authorization/EffectivePermissions/{{username}}/{{applicationKey}}/hasPermission/{{permissionAction}}?securableKeys={{securableKeys}}&groupKeys={{groupKeys}}.

4. ContextHasPermissionsTest loadtest

This load test executes the web test ContextHasPermissionsTest.webtest before.

5. ContextLoginTest webtest

The test simulates the session user navigating to login screen and completing a happy login (selected randomly, and repeating users). Test is run from Visual Studio (opened as administrator).

The following steps are executed when we open the ContextLoginTest.webtest file and we click the button Run Test:

  1. Request the login GET action ({{identityServer}}/Login), where a WebTestRequestPlugin set the identity Server context parameter.
  2. Request the login POST action ({{identityServer}}/Login), where other WebTestRequestPlugin selects randomly a user, from the json files in the context directory, as the username post parameter (password is the same for all the users).
  3. Request the logout action ({{identityServer}}/LogOut).

6. ContextLoginTest loadtest

This load test executes the web test ContextLoginTest.webtest before.

Some notes

Note 1: To compile the solution in Visual Studio without errors:

  • you should add the feature Web performance and load testing tools
  • update your local.testsettings file and add you Sequel.Security.LoadTest.dll as additional file to deploy. this assembly file is located in the /bin/debug directory.

Note 2: you can run web and load tests out of VS too with Developer Command Prompt for VS 2017:

  • execute Developer Command Prompt for VS 2017
  • execute the command mstest /testcontainer:X.webtest /testsettings:Y.testsettings, where X is the webtest filename and Y is the testsettings filename, for example:
    mstest /testcontainer:"C:\Source\Security\Source\LoadTests\Sequel.Security.LoadTest\Authorization\EffectivePermissionsTest.webtest" /testsettings:"C:\Source\Security\Source\Solutions\Local.testsettings"