Load testing IdentityServer4 gives Exception: Correlation failed when trying to request signin-oidc route after sing in
We are moving our application to IdentityServer4 for our application, I’m trying to write a load test using Visual Studio and can run it manually on my local machine through the browser, but when I record a webtest and try to reply it, I’m getting Exception: Correlation Failed Unknown location Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync().
I’m assuming this is because I’m missing the .AspNetCore.Correlation.oidc cookie when making the request to signin-oidc route. Visual studio extracts the code, id_token, scope, state, and session state when logging in . Not sure how to debug this cause it works with my browser, it just won’t work when running a webtest through visual studio. Could this be a proxy issue when doing the recording?
Any advice would be helpful, not finding much info on load testing signing in with Identity Server 4 with Visual Studio Load Testing.
I've tried extracting nonce and state from the initial request to put in the request to sign-oidc, but visual studio already is already extracting the same data from there Hidden fields.
Here is the request that fails, it's on the web server that hosts the signin-oidc
Response:
Here is the webtest request
Its using the values from the previous response from the authorize/callback, I also made sure they were the same values, the only one that wasn't the exact same where the scopes which had a + sign instead of spaces, so I set the encoding to false to make sure they were the same.
Since the browser is doing the post from the previous request when going in manually, and the webtest isn't doing it from the browser, its just making a post request, that could be messing something up?
When I go through fiddler manually, that request has the following cookie that the webtest doesn't have:
That's prob why the webserver is throwing the error, but I'm not sure where that cookie gets set and if you can even do it through a webtest.
I was able to get to the .AspNetCore.Correlation.oidc and .AspNetCore.OpenIdConnect.Nonce cookies from the response of the first request
I had to add a custom extraction rule to get these cookies from the header and save them the context (to use in the singin-oidc request).
Then on the request to signin-oidc I made a webtest plug in and added PreRequest method to add the cookies from the context that was extracted from the first request.
After doing this I didn’t get the error for correlation on identity, and the right cookies are set from the response, and when I called to get an access token using a refresh token, I was able to get the token to set it to the bearer token to make calls to other apis.
I feel like I shouldn’t need to extract cookies from the first response if the header is setting them, however since it is a 302 redirect, there are dependent requests that also are setting cookies.
I don’t know if this is overriding the ones set from the previous request (the ones I need, like nonce and correlation). I also had to take off follow dependent requests and extract the Location Header from the 302 from the first request and manually make the next request.
If anyone else is writing a webtest to log into IdentityServer4 and found a different solution please let me know.