How to pass windows authentication from asp.net application to TFS 2017

Question

I'm creating a asp.net web application which uses AD authentication to login. This application provides some services which call TFS RestApi that uses AD authentication as well. I need to pass login information to TFS and I don't want to keep username/password at all after signing. Is there any way just to pass for example a current session token or identity to TFS Rest Api? Somehow similar to SSO?

Thanks

Answer 1

As @PatrickLu mentioned we need to enable impersonation in web.config. Another thing, if you use HttpClient since it's async it's not gonna work:

var client = new HttpClient(new HttpClientHandler() { UseDefaultCredentials=true})
HttpResponseMessage response = client.GetAsync("your-tfs-url").Result;

So it's better to use WebClient

 WebClient wc = new WebClient();              
 wc.UseDefaultCredentials = true;
 wc.Headers.Add(System.Net.HttpRequestHeader.ContentType, "application/json; 
 charset=utf-8");                       
 var result=wc.DownloadString("http://yourtfs-url");

Answer 2

You could try below ways to do this:

• Using ASP.NET impersonation
• Store the TFS credential in a database or secure place and use TFS impersonation in code to connect to TFS
• Create a WCF service that runs under the security of the TFS credentials. This WCF service will make the TFS query. From your web application you can call this WCF service.

Note:

1. For way 1, have a look at this tutorial: Setting up impersonation for ASP.NET TFS API apps
2. For way 2, this also requires TFS Admin to make some settings(impersonate of TFS)