> ## Documentation Index
> Fetch the complete documentation index at: https://docs.loadforge.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure AD Authentication and Testing

> How to authenticate with Azure AD and test your application.

Below is a **Locustfile** that demonstrates how to:

1. **Authenticate with Azure AD** and obtain an access token.
2. **Store and reuse cookies** (e.g., `AspNetCore.Antiforgery`, `AspNetCore.Cookies`).
3. **Call endpoints with correct headers** while handling stateful session data.

***

### Example test script for LoadForge

This script:

* Logs in to Azure AD using client credentials.
* Stores and manages cookies and tokens.
* Executes requests in a simulated user flow.

```python theme={null}
from locust import HttpUser, task, between
import requests
import json

class PortalUser(HttpUser):
    wait_time = between(1, 3)  # Simulated user wait time
    token_url = "https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token"
    client_id = "YOUR_CLIENT_ID"
    client_secret = "YOUR_CLIENT_SECRET"
    scope = "https://graph.microsoft.com/.default"
    token = None
    headers = {}
    cookies = {}

    def on_start(self):
        """Fetch OAuth2 Token and store it for use in all requests."""
        self.token = self.get_oauth_token()
        self.headers = {
            "Authorization": f"Bearer {self.token}",
            "Content-Type": "application/json",
        }

        # Initial request to fetch session cookies
        self.login_portal()

    def get_oauth_token(self):
        """Retrieve OAuth token from Azure AD."""
        data = {
            "client_id": self.client_id,
            "client_secret": self.client_secret,
            "scope": self.scope,
            "grant_type": "client_credentials",
        }
        response = requests.post(self.token_url, data=data)
        response.raise_for_status()  # Ensure request succeeded
        return response.json().get("access_token")

    def login_portal(self):
        """Initial request to portal to retrieve required cookies."""
        response = self.client.get("/login", headers=self.headers)
        self.cookies.update(response.cookies.get_dict())  # Store cookies

    @task
    def perform_task(self):
        """Perform a simulated user action with correct authentication headers."""
        self.headers["X-CSRF-Token"] = self.cookies.get("AspNetCore.Antiforgery", "")

        response = self.client.get(
            "/dashboard",
            headers=self.headers,
            cookies=self.cookies
        )

        if "AspNetCore.Antiforgery" in response.cookies:
            self.cookies["AspNetCore.Antiforgery"] = response.cookies["AspNetCore.Antiforgery"]

        # Simulated POST action (e.g., event signup)
        self.client.post(
            "/event/signup",
            headers=self.headers,
            cookies=self.cookies,
            json={"event_id": 123}
        )
```

***

### Key Features

1. **OAuth2 Token Handling**
   * Retrieves an **access token** from Azure AD.
   * Uses **client credentials flow** (modify if using user authentication).

2. **Session Management**
   * Stores **ASP.NET Core antiforgery tokens** and **cookies** dynamically.
   * Ensures requests include required headers.

3. **User Flow Simulation**
   * Starts with a **login request** to set up cookies.
   * Calls `/dashboard` (or another resource) with **authentication headers**.
   * Simulates an **event signup** to test form submissions.

***

### Modifications for Your Portal

* Update **Azure AD settings** (replace `YOUR_TENANT_ID`, `YOUR_CLIENT_ID`, etc.).
* Change request **endpoints (`/login`, `/dashboard`, `/event/signup`)** to match your portal.
* Modify authentication **grant type** if using **authorization code flow**.