This is a migrated thread and some comments may be shown as answers.

Load Testing with MultiFactor Websites

5 Answers 30 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
John
Top achievements
Rank 2
John asked on 15 Feb 2013, 08:03 PM
We have recently started to see how we might be able to utilize the load testing features, and we are running into some issues with our multifactor aspects on the webpage. It uses guids and cookies and when you capture that traffic it doesn't recognize(it doesn't pass the multifactor check) it when you play it back. So all the load tests just hit the login page , then the challenge page over and over, and don't ever reach the main site. Normal tests we are able to bypass it by running a database command to set the challenge code to a known code. We could put code to bypas our multifactor in order to test, but we really don't like that idea. What are some of the approaches that others have used to load test websites with multifactor.
Thanks
John

5 Answers, 1 is accepted

Sort by
0
Cody
Telerik team
answered on 18 Feb 2013, 05:30 PM
Hi John,

Please excuse my ignorance but I do not understand what are these "multifactor aspects on the webpage" you speak of. I fully understand what cookies are and how they are generally used. I also understand what a GUID is, but can you please explain how they are being used in your web application?

Once I understand these details then I'll be able to assist you with getting our load testing feature to work with it.

Regards,
Cody
the Telerik team
Quickly become an expert in Test Studio, check out our new training sessions!
Test Studio Trainings
0
John
Top achievements
Rank 2
answered on 19 Feb 2013, 01:00 PM
Multifactor is related to a FDIC guideline for banks and such that you must have multiple pieces of information to verify your identity. Such as a username/password pair and a cellphone. If they haven't logged in from a particular location, or they didn't want to remember the location last time you need to challenge them with this secondary piece of information, which could be a cell phone call,text, or email. The main problem this causes is that for a load test I haven't been able to "fake" a second authentication by sending what was recorded as the authentication code that is delivered by various means changes everytime.
0
Cody
Telerik team
answered on 19 Feb 2013, 08:42 PM
Hi John,

Here's an idea that may work, depending on how the authentication is performed at the HTTP level of your web application. We support data driving load tests. The data source can be an external file (Excel spreadsheet, XML file, CSV file) or a SQL database. If you can come up with some mechanism whereby the required dynamically changing challenge data (e.g. string or number sent in text message to cell phone) is placed into the data source just prior to running the load test, then the load test can pull the data from your data source, use it in the authentication process and continue on its merry way.

If you use a SQL data base you could even go so far as to create a stored procedure that automatically runs on a regular basis to maintain the correct value needed by the load test.

Do you think this approach might work?

Kind regards,
Cody
the Telerik team
Quickly become an expert in Test Studio, check out our new training sessions!
Test Studio Trainings
0
John
Top achievements
Rank 2
answered on 19 Feb 2013, 08:48 PM
I could probably do something like your second post, where I set with a sql trigger the challenge info to a known value instead of the random one.
Can you run a sql script before the load test somehow, like in the coded steps on the regular tests?

0
Cody
Telerik team
answered on 19 Feb 2013, 09:25 PM
Hi John,

Yes that is possible. If you scroll down to the middle of this page you can see how you can enter your own T-SQL statements i.e. execute your own SQL queries to get the data as part of the test initialization process.

All the best,
Cody
the Telerik team
Quickly become an expert in Test Studio, check out our new training sessions!
Test Studio Trainings
Tags
General Discussions
Asked by
John
Top achievements
Rank 2
Answers by
Cody
Telerik team
John
Top achievements
Rank 2
Share this question
or