Reputation: 181
Authenticating to Azure Devops Git repo
We are working on a system to automatically commit generated projects into Git repositories located in Azure Devops. We want to use libgit2sharp for this. We want the user to authenticate using their Microsoft account, grab the Access Token(jwt) from the authentication request and use that as means of authentication. But we cannot seem to get this working.
In another post I read 2 other authentication methods: 1. Alternative accounts. 2. Personal Access Tokens, PAT. Both made in the profile sections of your devops account.
I can get Alternative accounts to work perfectly but this is not our preferred route as it will require extra actions from the user. The PAT does not seem to work for me and throws me an error that there were "too many redirects or authentication replays". I figured this is because of the two factor authentication that is enabled on the Microsoft account.
Is it even supported to use an Access Token(jwt) in LibGit2Sharp with 2FA enabled?
using (var repo = new Repository({repo location}))
{
foreach (var file in file)
{
repo.Index.Add(file.Path);
repo.Index.Write();
}
var author = new Signature("{name}", "{name}", DateTime.Now);
var committer = author;
repo.Commit("Here's a commit i made!", author, committer);
var options = new PushOptions();
options.CredentialsProvider = (url, user, cred) => new UsernamePasswordCredentials() { Username = "{username}", Password = "{password}" };
repo.Network.Push(repo.Branches["master"], options);
}
Upvotes: 3
Views: 2627
Answers (1)
Reputation: 223
Personal Access Tokens (PAT) do bypass MFA so that is probably not the error you're getting. A PAT is your best option, at the moment of the push you need the remote-url of your local Git repo to be as follows:
https://pat:{PAT_HERE}@dev.azure.com/...
e.g.
https://pat:gaakbfootuial7ksj4uv55o52335tyhhaasbqdvbg5xgyy33t754@dev.azure.com/auroraloop/devenv/_git/devenv
Tips:
- The PAT will take the permissions of the Azure DevOps user that generated it so the user must have contribute permissions to the repo.
- You cannot automate PAT creation, you must have it upfront stored somewhere, if you don't want to hardcode this (you shouldn't) consider using an Azure Key Vault to store and retrieve the value I'm sure they have c# libraries.
The options.CredentialsProvider part of your code is probably doing exactly what I mentioned about the remote-url try setting it as follows:
options.CredentialsProvider = (url, user, cred) => new UsernamePasswordCredentials() { Username = "pat", Password = "{PAT_HERE}" };
Hardcode the PAT for testing and if successful take a look at the Azure Key Vault approach.
Upvotes: 3
Related Questions
- How to authenticate when I try to git clone from azure git?
- fatal: Authentication failed in git in cmd
- Git: Public key authentication failed
- Authentication Failed for URL after asking credentials from Microsoft
- Azure Devops OnPremise, fatal: Authentication failed for when cloning Git repo
- Using multiple accounts to access Azure Devops Git repo from Visual Studio
- Git credential manager and manually created PAT
- Visual Studio Team Services - Git Repo credentials
- How to enter git credentials on commandline for visualstudio.com?
- How do you authenticate to VSTS using LibGit2Sharp?