0

We have an ASP.NET WebAPI which generates a custom document using the TFS SDK. We attempted to wrap the entire call stack for the SDK inside a C# impersonation wrapper. Our document is returned corrupted because the TFS client is not authenticating under the IIS Network Service but is correctly returned with data when we set the App Pool identity to a specific user. The EnsureAuthenticated comes back true. The TestManagementService is not null. The ProjectName parameter is not empty and has a valid ProjectName;

    [Route("generatetestplan")]
    [HttpPost]
    public HttpResponseMessage Post([FromBody]TestPlanRequest Request)
    {
        var wi = (WindowsIdentity)HttpContext.Current.User.Identity;

        HttpResponseMessage Res = new HttpResponseMessage(HttpStatusCode.OK);

        WindowsIdentity.RunImpersonated(wi.AccessToken, () =>
        {
            using (var handler = new HttpClientHandler { UseDefaultCredentials = true })
            using (var client = new HttpClient(handler))
            {
                Res = GenerateTestPlan(Request, Res);
            }
        });

        return Res;
    }

    public HttpResponseMessage GenerateTestPlan(TestPlanRequest Request, HttpResponseMessage Res)
    {
        var TestResultsGen = new TestResultsGenerator(Request.ProjectName, Request.TestPlanId);

        TestResultsGen.Generate();

        var Bytes = TestResultsGen.FBytes;

        Res.Content = new ByteArrayContent(Bytes);

        Res.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");

        return Res;
    }
    public TestResultsGenerator(string ProjectName, int TestPlanId)
    {
        TfsTeamProjectCollection = AuthenticateToCollection();

        this.TestPlanId = TestPlanId;

        this.ProjectName = ProjectName;

        try
        {
            TestManagementService = TfsTeamProjectCollection.GetService<ITestManagementService>();

            TeamProject = TestManagementService.GetTeamProject(ProjectName);
        }
        catch(Exception e)
        {
            logger.Error(DateTime.Now.ToString() + " Test Service Error: " + e.ToString());
        }

    }

    public static TfsTeamProjectCollection AuthenticateToCollection()
    {
        var server = ConfigurationManager.AppSettings["TFS"];

        TfsTeamProjectCollection TfsCollection = new TfsTeamProjectCollection(new Uri(server), new Microsoft.VisualStudio.Services.Common.VssCredentials());
        try
        {
            TfsCollection.EnsureAuthenticated();
        }
        catch (Exception e)
        {
            logger.Error(e.ToString());
            AuthenticateToCollection();
        }
        return Tfs
cloutcomputer
  • 233
  • 1
  • 2
  • 7
  • This issue may related to [double hop](https://blogs.technet.microsoft.com/askds/2008/06/13/understanding-kerberos-double-hop/). You can reference [IIS7 Impersonation doesn't work to access TFS repository](https://stackoverflow.com/questions/9695671/iis7-impersonation-doesnt-work-to-access-tfs-repository) and [Passthrough (impersonation) authentication with ASP.NET and TFS api](https://stackoverflow.com/questions/4013081/passthrough-impersonation-authentication-with-asp-net-and-tfs-api) – Andy Li-MSFT Aug 17 '17 at 09:59
  • Is that helpful? Have you resolved the issue? any update? – Andy Li-MSFT Aug 22 '17 at 01:46
  • Running it under the same app pool as our on premise TFS instance does not work. I am already impersonating the user in my call to the client. No luck. – cloutcomputer Aug 22 '17 at 15:59

0 Answers0