CODEWITHSUNDEEP
c#tfstfs-sdk
user2012764
user2012764

Reputation: 21

TFS API - how do I return only projects that an authenticated user has permissions to, instead of the whole list?

I'm currently returning a list of projects from TFS using the api.

var tfs = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri("some URI"));
var store = (WorkItemStore)tfs.GetService(typeof(WorkItemStore));
var projects = store.Projects

This works fine. However, it returns our full list of TFS Team Projects for every user. Is there a way to return or filter the list such that only the projects a particular user has access to are returned?

This is using TFS 2010.

Upvotes: 2

Views: 1836

Answers (2)

James Reed
James Reed

Reputation: 14052

If you add using System.net then you can use the credential cache and pass the default credentials of the current user to TFS when getting the collection

using (var tfs = new TfsTeamProjectCollection(tfsUri, CredentialCache.DefaultCredentials))
            {
                var store = (WorkItemStore)tfs.GetService(typeof(WorkItemStore));
                var projects = store.Projects                
            }

Upvotes: 1

Michael Edenfield
Michael Edenfield

Reputation: 28338

In TFS 2010, I believe you can do this by impersonating the user you are interested in when making your calls.

The TFS 2010 API allows (properly authorized) applications to "impersonate" any valid user you want and take action as that user. This is "authorization" impersonation -- you are not authenticating as another user, so there's no password entry, but you are taking action "on behalf of" another user. There's a specific permission you need to have to do this, so your application would need to be actually run as a user with the "Make requests on behalf of other users" permission.

Once that's done, the code is pretty simple. You extract the identity you want from your TPC then create a second "impersonated" one under a different context, and use that second context for your actual work:

var tfs = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri("some URI"));
var identityService = tfs.GetService<IIdentityManagementService>();
var identity = identity = identityService.ReadIdentity(
        IdentitySearchFactor.AccountName,
        "someuser", 
        MembershipQuery.None, 
        ReadIdentityOptions.None);

var userTfs = new TfsTeamProjectCollection(tfs.Uri, identity.Descriptor);

Any action you take on userTfs will be done as if the specified username did it; this allows you to query for projects, queue builds, etc. on behalf of other users.

Upvotes: 6

Related Questions