0

I'm trying to allow users to do various tasks using the TFS SDK. I have created a simple .NET web application to do this, which runs perfectly when I'm running locally. I can connect to the TFS host on our domain as myself using my AD credentials.

My issue is when I publish the web application to another server on the domain, I lose the authentication I had when I was running locally. I can't connect to TFS as the current logged-in user.

I have turned on Windows Authentication on the web application, hoping to utilize Kerberos, but I still get the following error:

[TeamFoundationServerUnauthorizedException: TF30063: You are not authorized to access http://<serverName>:8080/tfs/<projectCollection>.]

I am not explicitly passing any credentials to the web app because I want the user that is using the app to automatically log in using their AD credentials. How is this possible, if at all? Are there IIS and/or ASP.NET settings that I need to configure to get this to work?

Brian Chambers
  • 463
  • 5
  • 14

1 Answers1

0

This issue may related to double hop. Some similar questions for your reference:

Also you can use NetworkCredential instead of windows Authentication to authenticate, but the user on the machine may need to type and enter their username,password manually: 

var _credentials = new NetworkCredential(UserName, Password);

TfsTeamProjectCollection server = new TfsTeamProjectCollection(_tfsUri, _credentials);

server.EnsureAuthenticated();
Community
  • 1
  • 1
PatrickLu-MSFT
  • 49,478
  • 5
  • 35
  • 62
  • Thanks for the input! I enabled Kerberos on our web app server and enabled Kerberos authentication on the TFS side, and it still came back with the same error. I also tried using the credential cache to pass the credentials forward. I still haven't had any success. – Brian Chambers Aug 12 '16 at 17:37