Reputation: 1010
TFS2012 / IIS7.5 and Windows authorize
I develop web app, which cooperates with to TFS2012. In my local machine its works fine, but when i deploy on server i get the following exception:
[WebException: The remote server returned an error: (401) Unauthorized.] System.Net.HttpWebRequest.GetResponse() +6440920 Microsoft.TeamFoundation.Client.Channels.TfsHttpWebRequest.SendRequestAndGetResponse(HttpWebRequest webRequest, WebException& webException) +195
My connect to TFS Code:
_collection = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri("http://xxx/tfs/TestPrjects/"));
_collection.EnsureAuthenticated();
_store = _collection.GetService<WorkItemStore>();
my web-config:
<system.web>
<customErrors mode="Off"></customErrors>
<authentication mode="Windows"/>
...
<system.web>
in ISS i activate Windows authorization:
Where is my mistake?
Upvotes: 0
Views: 798
Answers (1)
Reputation: 9189
The details you are using to access TFS are incorrect.
The reason it works on your local machine is because the webserver is running as you, who has access to TFS. On the IIS server it's running as the app pool user, which won't have access.
Potential Solutions
Run the app pool as a user that has access to TFS (or grant the current user access)
This is ok for read only access, but if you're writing back to items you may want to not go down this route
Enable delegation so the code that connects to TFS is run as the currently authenticated windows user This is much harder to do and only works in internet explorer out of the box. Firefox users can change a setting and Chrome users need to start chrome with a commandline switch.
wrap a using(WindowsIdentity.GetCurrent().Impersonate()) {} around your code that uses TFS and ensure you are using CredentialCache.DefaultNetworkCredentials to connect to TFS.
Use the TFS Server API Be naughty and use server instead of the client api. The server API writes directly to the db and doesn't need to impersonate a user. I highly doubt this is a supported path and you won't find much information on it. However it still needs to run as a user with access to the db (like option 1, but supports updates as windows authed users)
Upvotes: 3
Related Questions
- Passthrough (impersonation) authentication with ASP.NET and TFS api
- Basic authentication requires a secure connection to the server. in TFS
- TFS API Request - Authorization and Authentication Setup
- authentication failed while connecting to tfs using tfs api
- Authenticating on TFS 2010
- connect to tfs with current logged in windows user
- Connect to TFS in web server using Windows authentication
- accessing tfs from c# authentication exception
- IIS7 Impersonation doesn't work to access TFS repository
- ASP.NET MVC3 Windows Authentication Pass Through to TFS