使用 ASP.NET 和 TFS api 进行直通(模拟)身份验证

发布于 2024-09-29 10:40:06 字数 1416 浏览 5 评论 0原文

我正在尝试在使用 TFS2010 API 的 ASP.NET 网站内启用直通或模拟身份验证。

我在 Cassini 上可以正常工作,但是在 IIS 7.5 (Windows 7) 上出现问题。

我发现 这篇博客文章关于这个主题,并尝试了以下操作:

private static void Test()
{
    TfsTeamProjectCollection baseUserTpcConnection = 
            new TfsTeamProjectCollection(new Uri(Settings.TfsServer));
    
    // Fails as 'baseUserTpcConnection' isn't authenticated
    IIdentityManagementService ims = 
            baseUserTpcConnection.GetService<IIdentityManagementService>();
    
    // Read out the identity of the user we want to impersonate
    TeamFoundationIdentity identity = ims.ReadIdentity(
            IdentitySearchFactor.AccountName, 
            HttpContext.Current.User.Identity.Name,
            MembershipQuery.None, 
            ReadIdentityOptions.None);

    TfsTeamProjectCollection impersonatedTpcConnection = new 
            TfsTeamProjectCollection(new Uri(Settings.TfsServer), 
            identity.Descriptor);
}

之外不需要任何东西

当我使用 Cassini 时,除了collection = new TfsTeamProjectCollection(new Uri(server));

我已经启用了网络.config 设置(并安装了 Windows Auth 模块):

<authentication mode="Windows"/>
<identity impersonate="true" />

是否有一些明显我错过的事情?

I'm trying to enable passthrough or impersonation authentication inside an ASP.NET website that uses the TFS2010 API.

I've got this working correctly with Cassini, however with IIS 7.5 (Windows 7) something is going wrong.

I found this blog post on the subject, and tried the following:

private static void Test()
{
    TfsTeamProjectCollection baseUserTpcConnection = 
            new TfsTeamProjectCollection(new Uri(Settings.TfsServer));
    
    // Fails as 'baseUserTpcConnection' isn't authenticated
    IIdentityManagementService ims = 
            baseUserTpcConnection.GetService<IIdentityManagementService>();
    
    // Read out the identity of the user we want to impersonate
    TeamFoundationIdentity identity = ims.ReadIdentity(
            IdentitySearchFactor.AccountName, 
            HttpContext.Current.User.Identity.Name,
            MembershipQuery.None, 
            ReadIdentityOptions.None);

    TfsTeamProjectCollection impersonatedTpcConnection = new 
            TfsTeamProjectCollection(new Uri(Settings.TfsServer), 
            identity.Descriptor);
}

When I use Cassini nothing is needed besides

collection = new TfsTeamProjectCollection(new Uri(server));

I have enabled the web.config settings (and have the Windows Auth module installed):

<authentication mode="Windows"/>
<identity impersonate="true" />

Is there something obvious that I've missed out?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

绝情姑娘 2024-10-06 10:40:06

解决方案1

​​这是委托方法。正如 Paul 指出的那样,它是 Active Directory 中的单个设置:

  1. 在“Active Directory 用户和计算机”控制台的计算机节点中查找 IIS 服务器。

  2. 单击“委派”选项卡,然后选择第二个选项:
    AD

  3. 在 IIS 根文件夹中创建“缓存”目录

  4. 将以下内容添加到您的 web.config:



  1. 确保您的 web.config 包含:



  1. 打开 Windows 身份验证和模拟并禁用 IIS 身份验证中的其他所有内容:

 IIS

解决方案 2

避免上述步骤的另一个解决方案是简单地在 TFS:8080 站点下运行您的应用程序,作为一个新应用程序。然后,当您在与应用程序调用的 Web 服务相同的上下文中运行时,跃点问题就会被消除。

  • 创建新的应用程序池,使用网络身份。
  • 确保您的应用程序已关闭匿名身份验证
  • 确保它已打开 Windows 身份验证。
  • 添加到 Web 配置。

Solution 1

This is the delegation method. As Paul points out it's a single setting in your active directory:

  1. Find the IIS server in the computers node of the "Active Directory users and Computers" console.

  2. Click on the delegation tab, and select the second option:
    AD

  3. Create a 'Cache' directory in your IIS root folder

  4. Add the following to your web.config:

<appSettings>
<add key="WorkItemTrackingCacheRoot" value="C:\path-to-web-root\Cache\"/>
</appSettings>

  1. Make sure your web.config contains:

<system.web>
<identity impersonate="true" />
</system.web>

  1. Turn on Windows authentication and impersatonation and disable everything else in IIS authentication:

IIS

Solution 2

Another solution to avoid the steps above is to simply run your application under the TFS:8080 site, as a new application. The hop issue is then removed as you are running in the same context as the web service that your app is calling.

  • Create a new app pool, use network identity.
  • Make sure your application has anonymous authentication turned off
  • Make sure it has windows authentication turned on.
  • Add <identity impersonate="true" /> to the web config.
﹉夏雨初晴づ 2024-10-06 10:40:06

我想知道您是否正在使用旧的

I wonder if you're hitting the old Double-Hop issue here?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文