TFS 2015 REST API 身份验证 [英] TFS 2015 REST API Authentication
问题描述
我们正在尝试使用 Javascript 从网页调用 TFS 2015 REST API,但在与 TFS 服务器建立有效身份验证方面遇到了挑战.
我们不知道如何生成个人访问令牌或 OAuth 访问令牌.下面的说明似乎比本地 TFS 更适用于 VSO.
然后调用如下:
var self = this;self.tasksURI = 'https:///tfs///_apis/build/builds?api-version=2.0';self.username = "<用户名>";//基本用户名,所以这里没有域.self.password = "<密码>";self.ajax = 函数(uri,方法,数据){无功请求 = {网址:uri,类型:方法,内容类型:应用程序/json",接受:应用程序/json",缓存:假,数据类型:'json',数据:JSON.stringify(数据),beforeSend: 函数 (xhr) {xhr.setRequestHeader("授权", "基本" + btoa(self.username + ":" + self.password));},错误:函数(jqXHR){console.log("ajax 错误" + jqXHR.status);}};返回 $.ajax(请求);}self.ajax(self.tasksURI, 'GET').done(function (data) {警报(数据);}); 重要提示!:如果您启用基本身份验证,您确实应该将您的站点配置为也使用 https,否则您的凭据将以明文形式发送(如所见警告所示 -> 上图右上角).
<小时>通过 .NET 客户端
在本地(当前为 rtm'd:2015 更新 1)中,api 通常使用 NTLM 进行门控/围栏,这意味着发出飞行前请求,从服务器返回 401 以挑战身份验证,在这种情况下,如下设置请求 Credential 允许请求在收到预检挑战后对服务器进行身份验证.为了应对挑战,您可以这样做:
request.Credentials = new NetworkCredential(this.UserName, this.Password);//您可能也想指定一个域如果您在 prem 上为 tfs 启用了基本身份验证,您可以尝试如下进行身份验证,此模式与在 ui 中启用替代凭据后调用 vso 时使用的机制相匹配:
request.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(this.UserName + ":" + this.Password));注意:在我几周前修改的一些代码中;需要同时支持 VSO 和本地部署,因此我使用上述两种模式来处理特定场景.
We are trying to invoke the TFS 2015 REST API's from a web-page using Javascript and have a challenge in establishing valid authentication with the TFS server.
We do not know how to generate a personal access tokens or an OAuth access tokens. The instruction below seem to apply more toward VSO than on-premise TFS. https://www.visualstudio.com/en-us/integrate/get-started/rest/basics
How can I generate an authentication key/token?
UPDATE: As on Mar 2017, the latest release of On-Prem TFS supports creating personal access tokens for all users. Using the below javascript code by @Elmar you can make requests to update, edit TFS workitems from REST API.
The OAuth mechanism is used against the VSO api at the time of writing this as you've seemingly identified. official docs for VSO OAuth tokens here.
For on-prem however, the following is required:
Via a javascript client (note I'm using jquery for the ajax request here)
Since alternative creds or token based auth isn't available on-prem to match current vso implementation; You can consider the following approach: If you have admin permissions on the TFS app tier, you can configure basic authentication for the tfs application in IIS, and set the default domain.
And then invoke as follows:
var self = this;
self.tasksURI = 'https://<SERVER>/tfs/<COLLECTION>/<PROJECT>/_apis/build/builds?api-version=2.0';
self.username = "<USERNAME>"; //basic username so no domain here.
self.password = "<PASSWORD>";
self.ajax = function (uri, method, data) {
var request = {
url: uri,
type: method,
contentType: "application/json",
accepts: "application/json",
cache: false,
dataType: 'json',
data: JSON.stringify(data),
beforeSend: function (xhr) {
xhr.setRequestHeader("Authorization", "Basic " + btoa(self.username + ":" + self.password));
},
error: function (jqXHR) {
console.log("ajax error " + jqXHR.status);
}
};
return $.ajax(request);
}
self.ajax(self.tasksURI, 'GET').done(function (data) {
alert(data);
});
IMPORTANT NOTE! : If you enable basic auth you really should configure your site to use https too or your credentials will be sent in clear text (as indicated in the warning seen -> top right of the image above).
Via a .NET client
In on-prem (currently rtm'd: 2015 update 1) the api is generally gated/fenced off with NTLM, meaning a pre-flight request is made, 401 returned from server to challenge for auth, in this case, setting the request Credential as follows allows the request to auth against the server once the preflight challenge is received. To accommodate the challenge you can do this:
request.Credentials = new NetworkCredential(this.UserName, this.Password);
//you may want to specify a domain too
If you've enabled basic auth for tfs on prem you can attempt authenticating as follows, this pattern matches the mechanism used when invoking vso after enabling alternative credentials in the ui:
request.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(this.UserName + ":" + this.Password));
Note: In some code I modified a few weeks ago; support for both VSO and on-prem was required so I used the two patterns above to deal with the specific scenario.
这篇关于TFS 2015 REST API 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
