Specifically, we are interested in the state and nonce values, which will be different each time. The response should have a Location header with the full URL and query string for the Authorize request. GET http: //localhost: 5000 /Session/SignIn Step 1: Initial GET Requestįirst, turn off auto-redirect and send an initial GET request to your site root or signin route. To setup the sample just clone the repo, execute dotnet run, and sign up a new user. Note: This article is based on the Azure AD B2C ASP.NET Core Web App Sample on Github, as of Nov 2019. Specifically, I want to test a "username and password" type B2C user, not a "social login (MS Live, Google, Facebook)" type user. Lets break down the auth flow into 5 steps, and outline how to craft the request in Postman. In order to get around this, you need to "fake" the functionality of the Javascript code to create the subsequent requests. Postman (and most load testing frameworks like JMeter) do not run client-side Javascript. Problem: Azure AD B2C login pages rely on Javascript. I thought that if I could execute the correct requests in Postman I should be able to create an automated web/load test. Even though there are lots of articles on calling Web APIs with OAuth tokens, I could not find much info on automating the OpenIdConnect authentication flow. Recently a customer asked how to load test a web application that uses Azure AD B2C (OpenIdConnect) for authentication.
0 kommentar(er)
