RE: Load testing software for website with AD integrated authenti cation
How exactly do you record this? Is it a cookie that's set or do you need a network traffic sniffer to pick up whatever header is being passed? How often do the tokens or whatever is passed get changed? I'm assuming each time you login there's something that gets set? -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2008 5:27 PM To: CF-Talk Subject: RE: Load testing software for website with AD integrated authenti cation We're having some serious trouble with an internal website that uses IIS pass-through authentication that logs you in automatically based on the user you're logged into your computer as. The problem is, I can't find any load testing apps that will test a site with that type of login. My thinking is that it doesn't exist because it would have to spoof to AD authentication which shouldn't be able to be done or it defeats the purpose of that type of security. Can anyone confirm this or point us toward a product that does it? I know most work with form authentication and cookies and such but none seem to do pass-through. I'm not interested in other solutions for debugging the code and finding the slow parts as we are unable to do that for contractual reasons. Thanks for your help. Almost any load testing tool will do this. There's nothing specific to AD here, you simply have to record your browser session from an authenticated machine. The credentials are just another HTTP request header. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309571 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Load testing software for website with AD integrated authenti cation
Your load testing tool, if it's worth anything, should come with a browser proxy that records everything you do and provides a script you can then edit and to which you can add username/password pairs from a text file. On Thu, Jul 24, 2008 at 8:35 PM, Burns, John D [EMAIL PROTECTED] wrote: How exactly do you record this? Is it a cookie that's set or do you need a network traffic sniffer to pick up whatever header is being passed? How often do the tokens or whatever is passed get changed? I'm assuming each time you login there's something that gets set? -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2008 5:27 PM To: CF-Talk Subject: RE: Load testing software for website with AD integrated authenti cation -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309580 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Load testing software for website with AD integrated authenti cation
Any suggestions on a tool like this? We haven't invested in anything yet so I'm willing to take suggestions. Just looking to find the right tool. -Original Message- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2008 9:25 AM To: CF-Talk Subject: Re: Load testing software for website with AD integrated authenti cation Your load testing tool, if it's worth anything, should come with a browser proxy that records everything you do and provides a script you can then edit and to which you can add username/password pairs from a text file. On Thu, Jul 24, 2008 at 8:35 PM, Burns, John D [EMAIL PROTECTED] wrote: How exactly do you record this? Is it a cookie that's set or do you need a network traffic sniffer to pick up whatever header is being passed? How often do the tokens or whatever is passed get changed? I'm assuming each time you login there's something that gets set? -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2008 5:27 PM To: CF-Talk Subject: RE: Load testing software for website with AD integrated authenti cation -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309583 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Load testing software for website with AD integrated authenti cation
We're having some serious trouble with an internal website Almost any load testing tool will do this. There's nothing specific to AD here, you simply have to record your browser session from an authenticated machine. The credentials are just another HTTP request header. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ One combination I find that works very well is the Badboy (http://www.badboy.com.au/) tool for proxy recording and the Apache Jakarta Project's JMeter (jakarta.apache.org/jmeter/) load testing tool. You record your session using BadBoy, then export the scripts to Jmeter. Tweak them a bit and you have a very good load test setup in a very short time. hth, larry ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309584 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Load testing software for website with AD integrated authenti cation
How exactly do you record this? Is it a cookie that's set or do you need a network traffic sniffer to pick up whatever header is being passed? How often do the tokens or whatever is passed get changed? I'm assuming each time you login there's something that gets set? Yes, every time you login, your browser sends an HTTP request header for every subsequent request. If you use a load testing tool that lets you record a browser session to create a script, this will be recorded along with everything else. Then when you run the script, the load testing tool will send the same HTTP request header along with everything else. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309641 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Load testing software for website with AD integrated authenti cation
We're having some serious trouble with an internal website that uses IIS pass-through authentication that logs you in automatically based on the user you're logged into your computer as. The problem is, I can't find any load testing apps that will test a site with that type of login. My thinking is that it doesn't exist because it would have to spoof to AD authentication which shouldn't be able to be done or it defeats the purpose of that type of security. Can anyone confirm this or point us toward a product that does it? I know most work with form authentication and cookies and such but none seem to do pass-through. I'm not interested in other solutions for debugging the code and finding the slow parts as we are unable to do that for contractual reasons. Thanks for your help. Almost any load testing tool will do this. There's nothing specific to AD here, you simply have to record your browser session from an authenticated machine. The credentials are just another HTTP request header. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309546 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
