AJAX跨域问题与Visual Studio Team Services REST API [英] AJAX cross domain issue with Visual Studio Team Services REST API

问题描述

我想为Visual Studio Team Services REST API编写一个JavaScript客户端，它向我们自己的Team Foundation Server 2015发送AJAX请求，但是我面临的是跨域问题。

API需要凭证进行验证，但由于安全原因，浏览器封锁了我的要求，因为参数 Access-Control-Allow-Origin 设置通配符 * 。

我尝试在HTTP响应头中添加此参数在IIS管理器和TFS web.config文件（这是相同的），但我有一个错误告诉我这个参数有两个不同的值（例如： * 和 http：// localhost：58785 ），并且应该只有一个。
我想这个值已经定义在库的代码中，我无法访问，因为TFS Web服务已经编译并运行在IIS上。

尝试使用web.config中的标记< location allowOverride =false> 禁止配置覆盖，但在这种情况下TFS将无法启动。

有人已经询问过这个问题

还可以使用Windows会话凭据。

因此，为了在非Windows环境中使用它，仍然需要更多的步骤。

您的TFS服务器，请运行此PowerShell命令添加基本身份验证功能：

  dism / online / enable-feature / featurename：基本身份验证
  

然后在IIS管理器中单击TFS站点节点上的身份验证。您现在应该看到基本身份验证，只需启用它。

最后在您的JavaScript代码中转换字符串

DOMAIN\username：password

到Base64并将其添加到请求的头部（假设您使用XMLHttpRequest）：

  client.setRequestHeader（'Authorization' Basic'+ myBase64AuthString）; 
  

注意：注意您可能在互联网上找到的纯JavaScript Base64转换器。转换的字符串可能由于编码错误。比较你的字符串和一些在线Base64转换器。

希望这将帮助其他人。

I'm trying to write a JavaScript client for Visual Studio Team Services REST API which send AJAX requests to our self hosted Team Foundation Server 2015 but I'm facing to a cross domain issue.

The API requires credentials to authenticate but due to security reasons, the browser blocks my requests because the parameter Access-Control-Allow-Origin is set with the wildcard *.

I tried to add this parameter in HTTP Response Headers in IIS Manager and also in the TFS web.config file (which is actually the same) but I got an error telling me that this parameter has two different value (eg: * and http://localhost:58785) and should have only one. I guess this value is already defined in libraries's code which I can't access because the TFS web service is already compiled and running on IIS.

I also tried to use the markup <location allowOverride="false"> in web.config, to forbid configuration override but in that case TFS won't start.

Somebody already asked about this issue here and also posted a ticket on uservoice but as the name of the API is really ambiguous (Visual Studio Online REST API), I don't know if this guy talks about the real Visual Studio online or if his case is the same as mine (self hosted TFS Server).

We already implemented some features in C# which are working well but now we really need to implement a JavaScript client. Writing a web service and use it as a proxy to query the API is for us a real mess and we don't want to do this.

This is so sad we can't send AJAX requests to the API because of a configuration we aren't able to change.

解决方案

Somebody at Microsoft finally gave me the solution, so here it is:

In PowerShell, run these commands:

[Reflection.Assembly]::LoadFrom("C:\Program Files\Microsoft Team Foundation Server 14.0\Tools\Microsoft.TeamFoundation.Client.dll")

$configServer = new-object Microsoft.TeamFoundation.Client.TfsConfigurationServer "http://localhost:8080/tfs/"

$configHive = $configServer.GetService([Microsoft.TeamFoundation.Framework.Client.ITeamFoundationRegistry])

$configHive.SetValue("/Configuration/WebSecurity/AllowedOrigins", "domain1;domain2")

So you can specify several domains and you can also restrict to a given port and/or scheme like this:

$configHive.SetValue("/Configuration/WebSecurity/AllowedOrigins", "localhost,port=58785,scheme=http;")

Here is an old blog post about Updating the TF Registry using Powershell

Then you can finally send authenticated AJAX requests to the API.

[EDIT]: At this point, if you are running it in Windows it may be working, however it doesn't use Basic Authentication.

2 options: It uses "Generic Credentials" automatically added in "Credential Manager" (Sorry it's in French)

Or it could also use your Windows session credentials.

So to get it work in a non-Windows environment, there still need few more steps.

In your TFS server, run this PowerShell command to add Basic Authentication feature:

dism /online /enable-feature /featurename:IIS-BasicAuthentication

Then in IIS Manager click "Authentication" on your TFS site node. You should now see Basic Authentication, just enable it.

Finally in your JavaScript code convert the string

DOMAIN\username:password

to Base64 and add it to the request's header (assuming you use XMLHttpRequest):

client.setRequestHeader('Authorization', 'Basic ' + myBase64AuthString);

NOTE: Be careful with the pure JavaScript Base64 converter you may find on internet. The converted string could be wrong due to encoding. Compare your string with some online Base64 converters to be sure.

Hope this will help other people.

这篇关于AJAX跨域问题与Visual Studio Team Services REST API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！