How to write web performance tests for SharePoint Online and ADFS

Creating web performance tests in Visual Studio for SharePoint on premise is easy and well documented. But writing them for Office 365 / SharePoint online is another thing. The authentication can be different – depending on you configuration – and there is nearly no documentation available. In my case the SharePoint Online tenant authenticates via ADFS against a Windows Active Directory Domain.

The easiest way to get the authentication running is to record the authentication flow in Visual Studio. Before you start recording the web test, open your browser and make sure you are logged off from Office 365. Then record the login process to your site and edit the web test.

The first thing you have to do is to set your credentials for the test in the properties windows.

Set credentials for your web test

Now find the request to your adfs that ends in /adfs/ls/. Delete all the steps before that – you don’t need them. Remove the referrer and make the url to your adfs, the client request id and the user name context parameters. The extraction rule should be correct.

request adfs token

The next request you have to look for is a post to login.microsoft.com/login.srf. Delete all requests between the adfs and this one. Remove the referrer. The form post parameters should be correct – if not you have to adjust them according to the image.

Get access token from login.microsoft.com

The next thing we have to do is a post to /_forms/default.aspx on your SharePoint. This post will redirect you – so make sure to set the expected response url correctly. If you leave this step out you won’t get the authentication cookie!

Post to _forms default.aspx to get access cookie

Visual Studio will now add the cookie to every request. Delete all the other requests and add a new GET request to your desired page.

Request your sharepoint page

To make sure you don’t get redirected you should add a validation rule and validate something on your site. I added a rule and test the site title.

Add validation rule

If you run the test and encounter errors, check that the Set-Cookie ist set correctly after calling the login.srf. It must be in any request.

web test results for sharepoint online

I just started testing SharePoint Online and Office 365 for different customers. So expect more posts to this topic the next months. What’s your experience? Do you use automated tests for SharePoint online?

18 thoughts on “How to write web performance tests for SharePoint Online and ADFS

  1. Wow, I wonder why others haven’t written about this a lot!
    Thanks a lot Michael, highly appreciate this walkthrough.
    I do automated testing but this is something which I have never tried!

  2. Thanks for that post, how can I do that same thing but for PowerBI (cloud) instead of SharePoint. We have the same setup adfs/ls and login.srf. Did the steps (excluding post to /_forms/default.aspx as it’s not Sharepoint)…

      1. Yes exactly we have a SSO setup.

        Response URL: Validation The value of the ExpectedResponseUrl property ‘https://app.powerbi.com/’ does not equal the actual response URL ‘https://powerbi.microsoft.com/en-us/landing/signin/’.

        So it means it’s not logging in because we are getting the “signin” page instead fo the landing page

    1. Hey eetawil, were you able to solve the oauth ?
      I have the same oauth scenario for an app authenticating against Azure AD and can’t quite get the authentication part to work.

  3. Hi,
    Does this still works for your SharePoint Online tenant? I can’t get this to work in same setup (ADFS).

    Missing hidden parameters and can’t get authorized. I noticed the password in one of my form post parameters. Didn’t see that in your example.

    1. Michiel,

      I’m currently facing the same struggles. Were you ever successful in configuring the webtest to SPO? If so, any tips that you could provide? Thank you

  4. Hi, I am currently working on a performance test of an SPO application with the same authentication setup as yours but with a different tool, OpenScript to be exact but it’s recorder does pretty much the same thing. How is the value being passed on the client-request-id obtained if there are no steps before the request to the adfs? I can’t get to the expected page after that step therefore correlation (extraction rule) fails on the next step. Appreciate your response on this.

  5. Hello,
    I’m trying to do the exact same thing with the same authentication process. The only thing is, as the _forms/default.aspx, my Form Post Parameters are code, id_token, session_state, & correlation_id. the extracted hidden fields does not contains t like your screen shots.

    This causes the “Object moved to here.” and to authenticate again. Then on the next/last page it goes to, it authenticates all over again. It’s as if the webtest isn’t passing the cookie from one page to the next.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s