使用 REST API 登录 TeamCity 服务器而不在 url 中传递凭据 [英] Log onto TeamCity server using REST API without passing credentials in the url

问题描述

作为对我之前提出的问题的跟进:如何在 TeamCity REST API 中传递用户名和密码，我想检查一下.

谁能告诉我是否可以以更安全的方式访问 TeamCity REST API，而不是在 url 中传递用户名和密码?

在 url 中传递凭据是唯一的方法，这对我来说似乎很疯狂，因为嗅探者很容易拿到 url 并自己使用凭据.

解决方案

我们遇到了同样的问题，我花了一些时间看看我们如何解决这个问题并找到了一个方法:

您在初始屏幕 (/ntlmLogin.html) 中执行获取 - 您将能够使用 NTLM 识别用户.
然后您保存 TeamCity 提供给您的 cookie.
现在您可以使用 cookie 访问 API.

请参阅 https://github.com/eduaquiles/TeamCityNtlmApiWrapper 了解如何执行此操作的非常简单示例.>

As a follow up to a previous question I asked: How to pass username and password in TeamCity REST API, I'd like to check on something.

Can someone tell me if it's possible to access the TeamCity REST API in a more secure way, rather then passing the username and password in the url?

It just seems crazy to me that passing credentials in the url is the only way, since it's so easy for a sniffer to get their hands on the url and use the credentials themselves.

解决方案

We faced the same problem and I spent some time to see how could we solve this problem and found a way:

You do a get in the initial screen (/ntlmLogin.html) - you'll be able to identify the user using NTLM.
Then you save the cookie that TeamCity provides to you.
Now you use the cookie to reach the API.

See https://github.com/eduaquiles/TeamCityNtlmApiWrapper with a very simple example on how to do this.

这篇关于使用 REST API 登录 TeamCity 服务器而不在 url 中传递凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！