0

Using OnPremise Azure Devops 2019 server I am trying to programmatically clone a git repository by calling the following git command inside a ProcessInfo:

clone https://{username}:{PATTOKEN}@{DEVOPSSERVERDOMAIN}/{TEAMPROJECT}/_git/{PROJECT}

Here is the c# code:

  var gitInfo = new ProcessStartInfo
                    {
                        CreateNoWindow = true,
                        RedirectStandardError = true,
                        RedirectStandardOutput = true,
                        FileName = pathToGitExe
                    };

Process gitProcess = new Process();
                gitInfo.Arguments = theCloneCommand
                gitInfo.WorkingDirectory = workingFolder;
                gitProcess.StartInfo = gitInfo;
                gitProcess.Start();

But I keep getting the error

Cloning into 'PROJECT'...
fatal: Authentication failed for '{DEVOPSSERVERDOMAIN}/{TEAMPROJECT}/_git/{PROJECT}'

Is the PAT not correctly used? Any suggestions

doorman
  • 15,707
  • 22
  • 80
  • 145

2 Answers2

1

As far as I can see, you should try the clone without username.

https://github.com/MicrosoftDocs/azure-devops-docs/issues/2455

https://<PAT>@mydomain.visualstudio.com/myproject/_git/myrepo
Alex AIT
  • 17,361
  • 3
  • 36
  • 73
  • Hi @AlexAIT I tried your suggestion but I got the error fatal: unable to access 'UrlToProject': SSL certificate problem: unable to get local issuer certificate – doorman Jul 07 '20 at 10:52
  • 1
    Feels like a step forward to me. This issue usually points to a self-signed certificate which cannot be validated. There are workarounds like disabling validation in this case, see as an example: https://confluence.atlassian.com/bitbucketserverkb/ssl-certificate-problem-unable-to-get-local-issuer-certificate-816521128.html The is much more information online if you look for this error specifically. – Alex AIT Jul 07 '20 at 19:24
  • I ended up setting the sChannel property like suggested here: https://stackoverflow.com/questions/23885449/unable-to-resolve-unable-to-get-local-issuer-certificate-using-git-on-windows so no need for PAT just invoke the command git config --global http.sslbackend schannel – doorman Jul 08 '20 at 15:22
1

If you enable IIS Basic Authentication for Azure Devops server, PATs aren't valid. See Enabling IIS Basic Authentication invalidates using Personal Access Tokens.

As it is said in above document, you need to add an extra header which includes a base 64 encoding of "user:PAT" to the Git requests:

git -c http.extraheader='Authorization: Basic [base 64 encoding of "user:PAT"]' ls-remote http://tfsserver:8080/tfs/DefaultCollection/_git/projectName

You can Base64-encode the username and PAT using below poweshell script:

$MyPat = 'yourPAT'
$B64Pat = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("user:$MyPat"))

Or with C# code:

Convert.ToBase64String(
                    System.Text.ASCIIEncoding.ASCII.GetBytes(
                        string.Format("{0}:{1}", "user", personalaccesstoken))));

For more information, See document here.

You can try using your userName and password instead of PAT as authentication:

git clone https://{username}:{password}@{DEVOPSSERVERDOMAIN}/{TEAMPROJECT}/_git/{PROJECT}
#if your password or username contain @ replace it with %40
Levi Lu-MSFT
  • 27,483
  • 2
  • 31
  • 43
  • Hi @LeviLu-MSFT I tried it with the http.extraheader, so the gitInfo.Arguments = "-c http.extraheader='Authorization:Basic TheEncodedPAT' ls-remote TheServerUrl" but I am getting the following error git: 'TheEncodedPAT'' is not a git command. See 'git --help'. – doorman Jul 07 '20 at 10:48
  • Probably an issue with using the processinfo arguments and string attributes – doorman Jul 07 '20 at 10:50