TFS 2015 REST API身份验证 [英] TFS 2015 REST API Authentication

问题描述

我们正在尝试使用Javascript从网页调用TFS 2015 REST API，并且在使用TFS服务器建立有效身份验证方面遇到了挑战。

我们不知道如何生成个人访问令牌或OAuth访问令牌。下面的说明似乎更多地适用于VSO而非内部部署TFS。

然后按如下方式调用：

  var self = this; 
 self.tasksURI ='https：//< SERVER> / tfs /< COLLECTION> /< PROJECT> / _apis / build / builds？api-version = 2.0'; 
 self.username =< USERNAME>; //基本用户名，所以这里没有域名。 
 self.password =< PASSWORD>; 
 
 self.ajax = function（uri，method，data）{
 var request = {
 url：uri，
 type：method，
 contentType ：application / json，
接受：application / json，
 cache：false，
 dataType：'json'，
 data：JSON.stringify（data）， 
 beforeSend：function（xhr）{
 xhr.setRequestHeader（Authorization，Basic+ btoa（self.username +：+ self.password））; 
}，
错误：function（jqXHR）{
 console.log（ajax error+ jqXHR.status）; 
} 
}; 
返回$ .ajax（请求）; 
} 
 
 self.ajax（self.tasksURI，'GET'）。done（function（data）{
 
 alert（data）; 
 
}）; 
  

重要提示！ ：如果您启用基本身份验证，您确实应该将您的网站配置为使用https，或者您的凭据将以明文形式发送（如上图所示的警告 - >右上角所示）。

---

通过.NET客户端

在本地（目前rtm'd：2015更新1）api通常使用NTLM进行门控/隔离，意味着发出了飞行前请求，401从服务器返回以质询auth，在这种情况下，设置请求凭据如下所示，一旦收到预检挑战，该请求就会对服务器进行身份验证。
为了适应挑战，你可以这样做：

  request.Credentials = new NetworkCredential（this.UserName，this。密码）; 
 //你可能想要指定一个域
  

如果您启用了基本身份验证对于tfs on prem，您可以尝试进行如下身份验证，此模式与在ui中启用备用凭据后调用vso时使用的机制相匹配：

  request.Headers [HttpRequestHeader.Authorization] =Basic+ Convert.ToBase64String（Encoding.UTF8.GetBytes（this.UserName +：+ this.Password））; 
  

注意：在几周前我修改过的一些代码中;需要支持VSO和on-prem，所以我使用上面的两种模式来处理特定的场景。

We are trying to invoke the TFS 2015 REST API's from a web-page using Javascript and have a challenge in establishing valid authentication with the TFS server.

We do not know how to generate a personal access tokens or an OAuth access tokens. The instruction below seem to apply more toward VSO than on-premise TFS. https://www.visualstudio.com/en-us/integrate/get-started/rest/basics

How can I generate an authentication key/token?

UPDATE: As on Mar 2017, the latest release of On-Prem TFS supports creating personal access tokens for all users. Using the below javascript code by @Elmar you can make requests to update, edit TFS workitems from REST API.

解决方案

The OAuth mechanism is used against the VSO api at the time of writing this as you've seemingly identified. official docs for VSO OAuth tokens here.

For on-prem however, the following is required:

Via a javascript client (note I'm using jquery for the ajax request here)

Since alternative creds or token based auth isn't available on-prem to match current vso implementation; You can consider the following approach: If you have admin permissions on the TFS app tier, you can configure basic authentication for the tfs application in IIS, and set the default domain.

And then invoke as follows:

var self = this;
        self.tasksURI = 'https://<SERVER>/tfs/<COLLECTION>/<PROJECT>/_apis/build/builds?api-version=2.0';
        self.username = "<USERNAME>"; //basic username so no domain here.
        self.password = "<PASSWORD>";

        self.ajax = function (uri, method, data) {
            var request = {
                url: uri,
                type: method,
                contentType: "application/json",
                accepts: "application/json",
                cache: false,
                dataType: 'json',
                data: JSON.stringify(data),
                beforeSend: function (xhr) {
                    xhr.setRequestHeader("Authorization", "Basic " + btoa(self.username + ":" + self.password));
                },
                error: function (jqXHR) {
                    console.log("ajax error " + jqXHR.status);
                }
            };
            return $.ajax(request);
        }

        self.ajax(self.tasksURI, 'GET').done(function (data) {

            alert(data);

        });

IMPORTANT NOTE! : If you enable basic auth you really should configure your site to use https too or your credentials will be sent in clear text (as indicated in the warning seen -> top right of the image above).

---

Via a .NET client

In on-prem (currently rtm'd: 2015 update 1) the api is generally gated/fenced off with NTLM, meaning a pre-flight request is made, 401 returned from server to challenge for auth, in this case, setting the request Credential as follows allows the request to auth against the server once the preflight challenge is received. To accommodate the challenge you can do this:

request.Credentials = new NetworkCredential(this.UserName, this.Password);
//you may want to specify a domain too

If you've enabled basic auth for tfs on prem you can attempt authenticating as follows, this pattern matches the mechanism used when invoking vso after enabling alternative credentials in the ui:

request.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(this.UserName + ":" + this.Password));

Note: In some code I modified a few weeks ago; support for both VSO and on-prem was required so I used the two patterns above to deal with the specific scenario.

这篇关于TFS 2015 REST API身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！