带有访问令牌的非 https VssConnection - 禁用所需的安全连接? [英] non https VssConnection with access token - disable required secure connection?
问题描述
在我们的内部网络中使用 TFS,想要通过访问令牌以编程方式签入更改,但得到这个:InvalidOperationException 基本身份验证需要与服务器的安全连接.有没有办法关闭需要安全连接?
using TFS in our internal network, want to programatically check in changes with an access token, but get this: InvalidOperationException Basic authentication requires a secure connection to the server. Is there a way to turn off requiring secure connection?
var basicCreds = new VssBasicCredential(string.Empty, BuildUnitTestConstants.AccessToken);
var connection = new VssConnection(new Uri(BuildUnitTestConstants.ProjectUri), basicCreds);
var sourceControlServer = connection.GetClient<TfvcHttpClient>();
推荐答案
嗯,这是可能的,尽管不推荐;我也需要它,因为内部 IT 部门不会安装带有 HTTPS 的 TFS(悲伤的故事).此外,对于测试场景,它可以派上用场.
Well, it is possible, albeit not recommended; I needed it as well, because internal IT department would not install TFS with HTTPS (sad story). Also, for testing scenarios it can come quite handy.
与往常一样 YMMV,我不对您在不应该使用它时发生的情况负责 ;-) 您已被警告.
对于一个,您可以简单地不使用 .NET 客户端 API,而是直接使用 HttpClient 并手动将 PAT 放入 URL 以访问 REST API,例如:
For one you could simply not use the .NET client API, but directly use HttpClient and manually put the PAT in the URL to access the REST API, e.g.:
http://<WHATEVER>:<BASE64PAT>@<instance>/_apis/...
(因此 tfx-cli 可以很好地与 PAT 和非 HTTPS TFS 实例配合使用,很可能是因为它在内部就是这样做的,当然不使用 .NET 客户端 API - 它是一个node.js 的东西.)
(Hence that the tfx-cli works nicely with PATs and non-HTTPS TFS instances, most likely because it does just that internally, not using the .NET client API of course - it is a node.js thing.)
如果您想继续使用 .NET 客户端 API,您可以像这样创建自己的凭据类:
If you want to stay with the .NET client API, you can create your own credentials class like so:
using System;
using System.Linq;
using System.Net;
using Microsoft.VisualStudio.Services.Common;
namespace Utilities
{
/// <summary>
/// Same as VssBasicCredential, but doesn't throw when URL is a non SSL, i.e. http, URL.
/// </summary>
/// <inheritdoc cref="FederatedCredential"/>
internal sealed class PatCredentials : FederatedCredential
{
public PatCredentials()
: this((VssBasicToken)null)
{
}
public PatCredentials(string userName, string password)
: this(new VssBasicToken(new NetworkCredential(userName, password)))
{
}
public PatCredentials(ICredentials initialToken)
: this(new VssBasicToken(initialToken))
{
}
public PatCredentials(VssBasicToken initialToken)
: base(initialToken)
{
}
public override VssCredentialsType CredentialType => VssCredentialsType.Basic;
public override bool IsAuthenticationChallenge(IHttpResponse webResponse)
{
if (webResponse == null ||
webResponse.StatusCode != HttpStatusCode.Found &&
webResponse.StatusCode != HttpStatusCode.Found &&
webResponse.StatusCode != HttpStatusCode.Unauthorized)
{
return false;
}
return webResponse.Headers.GetValues("WWW-Authenticate").Any(x => x.StartsWith("Basic", StringComparison.OrdinalIgnoreCase));
}
protected override IssuedTokenProvider OnCreateTokenProvider(Uri serverUrl, IHttpResponse response)
{
return new BasicAuthTokenProvider(this, serverUrl);
}
private sealed class BasicAuthTokenProvider : IssuedTokenProvider
{
public BasicAuthTokenProvider(IssuedTokenCredential credential, Uri serverUrl)
: base(credential, serverUrl, serverUrl)
{
}
protected override string AuthenticationScheme => "Basic";
public override bool GetTokenIsInteractive => this.CurrentToken == null;
}
}
}
然后使用此类创建您的 VssCredentials:
Then create your VssCredentials using this class:
var credentials = new PatCredentials("", personalAccessToken);
var connection = new VssConnection(serverUrl, credentials);
(无耻的插件我在我的 TfsInfoService 中使用它).
(Shameless plug I use it in my TfsInfoService).
这篇关于带有访问令牌的非 https VssConnection - 禁用所需的安全连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
