0

I have ASP.Net application which uses TFS API and works under Domain. The problem is that locally everything works fine. After deployment to IIS, which is configured to use ApplicationPoolIdentity, my app is giving me 500 Internal Server Error. When I set Identity to use my username and password everything works fine again. App uses Windows authentication, and is used by multiple users.

We're submitting data to TFS, and if Identity is configured to my username, the in TFS history it shows that I have modified that item. We need it to be the user that actually made the modification.

Before in some places, like "Assigned To" or "Deployed By" I used 

var currentDisplayName = System.DirectoryServices.AccountManagement.UserPrincipal.Current.DisplayName;

After I discovered this issue, resolved it by using 

var currentDisplayName = System.Web.HttpContext.Current.User.Identity.Name;

But the issue where when i use Identity - ApplicationPoolIdentity, the app is not working.

Method where i get Team Project Collection:

var tfsTeamProjectUrl = ConfigurationProvider.TfsTeamProjectUrl;
        var teamProjectCollection = new TfsTeamProjectCollection(new Uri(tfsTeamProjectUrl));
        teamProjectCollection.EnsureAuthenticated();
        return teamProjectCollection;

Locally this works fine, but on IIS, it wants to use Identity from IIS App Pools, But i need it to use credentials from the actual user.

UPDATE I tried to Impersonate the actual user by doing this:

        var tfsTeamProjectUrl = ConfigurationProvider.TfsTeamProjectUrl;

        var baseUserConnection = new TfsTeamProjectCollection(new Uri(tfsTeamProjectUrl));
        var ims = baseUserConnection.GetService<IIdentityManagementService>();
        var username = System.Web.HttpContext.Current.User.Identity.Name;

        var identity = ims.ReadIdentity(IdentitySearchFactor.AccountName, username,
            MembershipQuery.None, ReadIdentityOptions.None);

        var teamProjectCollection = new TfsTeamProjectCollection(new Uri(tfsTeamProjectUrl), identity.Descriptor);
        teamProjectCollection.EnsureAuthenticated();
        return teamProjectCollection;

But now i'm gettin

An exception of type 'Microsoft.TeamFoundation.TeamFoundationServerInvalidResponseException' occurred in Microsoft.TeamFoundation.Client.dll but was not handled in user code Additional information: Please contact your administrator. There was an error contacting the server. Technical information (for administrator): HTTP code 500: Internal Server Error

Girts Krumbergs
  • 1
  • 2
  • Possible duplicate of [IIS7 Impersonation doesn't work to access TFS repository](http://stackoverflow.com/questions/9695671/iis7-impersonation-doesnt-work-to-access-tfs-repository) – nschonni Aug 09 '16 at 13:52

1 Answers1

0

It seems like IIS is deciding to try to access TFS with the app pool identity instead of the credentials that you are explicitly supplying. You are authenticating to the server but then not using the server object, so the app was reverting to whatever identity it was running under.

Try to use the authentication with below code:

string tfsServerUrl = "http://servername:8080/tfs";
System.Net.NetworkCredential tfsCredential = new System.Net.NetworkCredential("ServiceAccountName", "password", "DOMAIN");
TfsConfigurationServer tfs =  new TfsConfigurationServer(new Uri(tfsServerUrl), tfsCredential);
tfs.Authenticate();
PatrickLu-MSFT
  • 49,478
  • 5
  • 35
  • 62
  • This works fine, I've tried this already, but if i connect like this, part of the problem still exist. I need to set up that as credentials are used information from the actual user whocis connected to app, not one hard-coded. Because in TFS in history it will still show the wrong person who made the changes., – Girts Krumbergs Aug 09 '16 at 06:47
  • Using the NetworkCredntial such as `var _credentials = new NetworkCredential(UserName, Password);` Won't a pop up to allow users to type and enter their username and password? Using the Windows authentication when you deployed the project in Server will occurs an error such as "You are not authorized to access " https://social.msdn.microsoft.com/Forums/vstudio/en-US/b4c707da-0355-41b1-9c1d-a453dcc5bba3/connecting-tfs-using-windows-authentication-in-the-web?forum=tfsgeneral – PatrickLu-MSFT Aug 09 '16 at 07:40
  • Just as ***nschonni*** commented, Double-Hop may be the root cause. The issue is not related to your code. I also find a related article for your reference: http://stackoverflow.com/questions/4013081/passthrough-impersonation-authentication-with-asp-net-and-tfs-api – PatrickLu-MSFT Aug 10 '16 at 02:36