Reputation: 57
Cannot connect to TFS after website deployment
I have created a project in MVC that connects to TFS and brings the work items , i am displaying those work items according to my requirement. My project worked well on localhost , as soon i deployed it on some server , i am failing to connect to TFS , all it says is "Unauthorised". Any help ?
Upvotes: 1
Views: 126
Answers (1)
Reputation: 23444
You are running into the dreaded double hop authentication problem.
In AD you are authenticated by virtue of a Kerberos token. That token is issues to the machine that you are logged into and is only valid on that machine or one it directly connects to.
So you can use your local host token to authenticate to TFS, but as soon as you have a second hop (local->webserver->tfs) your authentication fails.
This is security by design.
To resolve this you need to use SetSPN to create a Service Principal Name (SPN) in AD that allows you to reuse the token on the web server.
You can create an SPN that only works for the webserver but you can't then deploy elsewhere. A better way is to create an SPN for the service account that you run the WebServer AppPool under. Then you can run it anywhere.
Upvotes: 1
Related Questions
- Incorrect Website Mapping in local folder from TFS
- Error when trying to connect to TFS 2012 Express server and view in browser
- TFS local project can't connect after Url changed
- ASP.NET-MVC and TFS: Getting TF30076 Error
- TFS build definition not deploying mvc application to IIS
- Cannot connect to TFS althought able to access Web Acess
- ASP.NET Web Application Deployment using TFS
- TFS 2010 user can't connect to TFS when opening a solution: TFS http://... is currently unavailable
- MVC Error when opening a project from TFS
- Setting up my MVC project on IIS 6