I never professionally dealing with WCF in my working life. All my previous projects were not using WCF. By using, I mean providing services for other systems to consume. If any, they were only consuming web services from other systems. So WCF is one of many areas in .NET-world which I am yet to explore deeply.

But why WCF, and why now? I myself consider this decision to pick up WCF now is quite silly. First, that WCF is no longer actively develop by Microsoft. Second, Microsoft is already working on the replacement (WCF Core). But since it’s not yet production-ready, Microsoft is currently recommending gRPC for production.

But in Singapore, many businesses (especially Government-linked) are fully Microsoft-shop and heavily using WCF. That is my conclusion after seeing many job postings ask for WCF skills. So this is my effort to improve my professional skill, and widen my possible career-net 😀

In order to be able to host WCF projects in my laptop (Windows 10 upgraded to Windows 11), I need to enable IIS. I did stumbled here and there in my progress, so I write it down here for my own future reference. And hopefully, it will also help others. So here’s what I’ve learned.

How To Enable IIS

1. Press Window button
2. Type turn Windows features on or off
3. Select and expand “Internet Information Services”
   
4. Select and expand “World Wide Web Service”
   
5. Select and expand “Application Development Feature”. Select the .NET version to work with.
   
6. Expand “.NET Framework 4.8 Advanced Services”
   
7. Select and expand “WCF Services”
   

Now we need to verify that IIS is able to serve .svc files (Web Service Descriptor, shown below).

<%@ ServiceHost Language="C#" Debug="true" 
    Service="Service" 
    CodeBehind="~/App_Code/Service.cs" %>

1. Press Window + R keys
2. Type inetmgr, then press Enter
3. Click “Handler Mappings”
   
4. Verify that *.svc handlers are listed.
   

That’s all friends. I hope it helps. Cheers!

After getting familiar with Locust, it’s time for me to try to write the real test. The project to be tested is using ADFS authentication. So if an unauthenticated user visited its URL https://project.mycompany.com, it will be redirected to:

https://fs.mycompany.com/adfs/ls/?wtrealm=https%3A%2F%2Fproject.mycompany.com&wctx=WsFedOwinState%3__SUPER_LONG_BASE64_TEXT__&wa=wsignin1.0

Which prompts the username and password:

Once I entered the correct username and password, the project’s landing page is shown.

To help me to know the submission sequence, I logout, open Chrome’s DevTools, then repeat the login process. Here’s what I see on DevTools -> Network -> Doc tab:

We can see that there was 3 redirects (302):

1. When we load https://project.mycompany.com
2. When we submit the username and password (POST)
3. POST to https://project.mycompany.com

First, let’s observe the form of the login page:

<form method="post" id="loginForm" autocomplete="off" novalidate="novalidate" 
	onkeypress="if (event &amp;&amp; event.keyCode == 13) Login.submitLoginRequest();" 
	action="/adfs/ls/?wtrealm=https%3A%2F%2Fproject.mycompany.com&amp;wctx=WsFedOwinState%3D__LONG_BASE64_TEXT__&amp;wa=wsignin1.0&amp;client-request-id=__GUID_VALUE__">
	<div id="error" class="fieldMargin error smallText" style="display: none;">
		<span id="errorText" for=""></span>
	</div>

	<div id="formsAuthenticationArea">
		<div id="userNameArea">
			<label id="userNameInputLabel" for="userNameInput" class="hidden">User Account</label>
			<input id="userNameInput" name="UserName" type="email" value="" tabindex="1" class="text fullWidth" spellcheck="false" 
			placeholder="someone@example.com" autocomplete="off">
		</div>

		<div id="passwordArea">
			<label id="passwordInputLabel" for="passwordInput" class="hidden">Password</label>
			<input id="passwordInput" name="Password" type="password" tabindex="2" class="text fullWidth" placeholder="Password" autocomplete="off">
		</div>
		<div id="kmsiArea" style="display:''">
			<input type="checkbox" name="Kmsi" id="kmsiInput" value="true" tabindex="3">
			<label for="kmsiInput">Keep me signed in</label>
		</div>
		<div id="submissionArea" class="submitMargin">
			<span id="submitButton" class="submit" tabindex="4" role="button" 
			onkeypress="if (event &amp;&amp; event.keyCode == 32) Login.submitLoginRequest();" 
			onclick="return Login.submitLoginRequest();">Sign in</span>
		</div>
	</div>
	<input id="optionForms" type="hidden" name="AuthMethod" value="FormsAuthentication">
</form>

From above, we can confirm that we need to extract out the form’s action value.

Looking at the first POST (submit username and password), we can confirm the parameters submitted.

After submit, it redirected to a page:

<html>
	<head>
		<title>Working...</title>
	</head>
	<body>
		<form method="POST" name="hiddenform" action="https://project.mycompany.com:443/">
			<input type="hidden" name="wa" value="wsignin1.0"/>
			<input type="hidden" name="wresult" value="&lt;t:RequestSecurityTokenResponse ....VERY LONG ENCODED XML... &lt;/t:RequestSecurityTokenResponse>"/>
			<input type="hidden" name="wctx" value="WsFedOwinState=...QUITE LONG BASE64 TEXT ..."/>
			<noscript>
				<p>Script is disabled. Click Submit to continue.</p>
				<input type="submit" value="Submit"/>
			</noscript>
		</form>
		<script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>
	</body>
</html>

We can see above, it is an auto-submit form where the ADFS authentication result is submitted.

Base on the sequence above, here’s how the construct of our test:

from locust import HttpUser, between, task
import logging

#to parse HTML
from bs4 import BeautifulSoup

class WebsiteUser(HttpUser):
    host = "https://project.mycompany.com"
    #wait for 3 to 10 seconds before each request
    wait_time = between(3,10)

    def on_start(self):
        resp = self.client.get("/", allow_redirects=True) 
        soup = BeautifulSoup(resp.text, "html.parser")
        logging.info(soup.title)
        
        #steps to handle unauthenticated users
        if soup.title.contents[0] == "Sign In":
            # find the login form's action
            logging.info('Trying to login')
            action = soup.form["action"]
            url = "https://fs.mycompany.com" + action
            logging.info("Post URL: " + url)
        
            #submit login information
            loginResp = self.client.post(url, {"UserName":"__USERNAME__", "Password":"__PASSWORD__", "AuthMethod": "FormsAuthentication"}, allow_redirects=True)            
            logging.info("Login Result URL: " + loginResp.url)
            #parse the login submit result
            soupLogin = BeautifulSoup(loginResp.text, "html.parser")

            #construct the auto-submit form
            inputs = soupLogin.find_all("input")
            dict = {}
            for inp in inputs:
                if inp.get("name") != None:
                    dict[inp["name"]] = inp["value"]

            # POST auto-submit form
            resp = self.client.post("/", dict, allow_redirects=True) 
            soup = BeautifulSoup(resp.text, "html.parser")
            # the title should be project's landing page title
            logging.info(soup.title)

    @task
    def index(self):
        resp = self.client.get("/", allow_redirects=True)
        soup = BeautifulSoup(resp.text, "html.parser")
        logging.info("URL: " + resp.url)
        logging.info(soup.title)

With that, we should be able to write more @task to test the performance of each pages. Hopefully, we can identify the choke-points before opening access to the users.

That’s all friends! I hope it helps. Cheers!

As I mentioned in previous post, I decided to pick Locust to help to do performance testing on my soon-to-be launched project.

First, we need to get Locust installed. If Python is not available in our system, we can download and get it installed. Since I’m on Windows, I downloaded Python 3.10.0 for Windows. Below is the command to install Locust:

pip install locust

To verify the installation:

locust -V
# locust 1.3.2

If above command produced errors, we need to add python’s script folder to PATH environment variable

C:\Users\__YOUR_WINDOWS_USERNAME__\AppData\Roaming\Python\Python310\Scripts

Before we can start writing the test script in Python, I recommend to install VS Code as editor for .py(python scripts). Having VS Code installed, let’s prepare the folder for all the test scripts, then launch VS Code:

mkdir projects
mkdir projects\python
mkdir projects\python\locust
cd projects\python\locust
code .

On VS Code it is highly recommended to install the python extension

Now let’s write our first test script (test.py):

from locust import HttpUser, between, task

class WebsiteUser(HttpUser):
    host = "https://sodeve.net"
    
    # wait in between requests, 5-15 seconds
    wait_time = between(5, 15)  
     
    @task
    def index(self):
        self.client.get("/") 
        
    @task
    def category(self):
        self.client.get("/posts-by-category/")

    @task
    def sitemap(self):
        self.client.get("/map/") 

Let’s run locust from VS Code console (press Ctrl+Shift+`):

locust -f test.py --logfile locust.log

If we never run a python program before, we will have below prompt:

Click “Allow”, then open this address http://localhost:8089 in your browser. You should see something like this:

Click “Start swarming” to start the test.

That’s all for my start on testing website using Locust. Next, let’s try to test an application which is using ADFS (Active Directory Federation Service) authentication. Cheers!