Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
TFS authentication issues
See original GitHub issueWe’re trying to use SourceLink for TFS (on-premise using Git for source control). We’re using Microsoft.SourceLink.Tfs.Git in one of our test private nuget packages, and this builds correctly adding the sourcelink info. However, when I try to use this test package in another application, then step into the code (ie. using sourcelink), it fails.
Running Fiddler (when I try to step into the library) to look at the http request that Visual Studio is making to TFS, it’s failing with a 401 from TFS.
If I use FiddlerScript to modify the request (effectively man-in-the-middling the sourcelink request that Visual Studio is making), and I explicitly add an Authorization header, this then works perfectly.
The authorization header I’m adding looks like this: “Authorization: Bearer ******”
Where ***** is the base64 encoding of “domain\ad-username:personalaccesstoken”.
This hack makes SourceLink work in TFS as expected. It didn’t work if I used my AD password instead of a personal access token.
If I copy the URL that is being used into Google Chrome (even a fresh incognito window), this shows the source code (so works as expected). Fiddler sees this as a 200 response. If I replay this request again in Fiddler, it fails again with a 401 (although the request is identical). Likewise, if I “copy as curl” that successful (200) request from Chrome devtools and run that CURL outside of the browser, this fails with 401.
So it appears that Chrome (and IE) does something extra not in the request to authenticate with TFS. My machine is on the domain - so it’s probably related to that.
So I’m now stuck on how to get SourceLink working without using FiddlerScript to inject the Authorization header with my username and a personal access token. The fact that there’s a Microsoft.SourceLink.Tfs.Git nuget package suggest that it should work fine. Any ideas?
Issue Analytics
- State:
- Created 5 years ago
- Reactions:3
- Comments:36 (14 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Sorry for the slow responses everybody, I have been very busy with other work. I am currently working on Source Link Auth, and we will ship improvements in the first update to VS 2019 (dev 16.1). I will update this thread when those preview become available.
The new work will support Source Link for Windows Authentication scenarios (as opposed to just Basic Auth through GCM). The primary motivation for this is for those using on premises TFS servers that use Windows Authentication. This may light other auth scenarios, such as GitHub Enterprise or on prem GitLab instances that use LDAP authentication mechanisms (I cannot guarantee this as I do not know exactly how these services work with these auth providers, and I cannot set up the infrastructure to test).
I hope the community will try out this preview and continue to provide feedback.
Just to keep this thread updated, the test DLL that @chuckries gave me to test worked perfectly. So hopefully the fix will be released soon. I asked if him if there was an ETA, but he said not yet, as they need to assess the security impact of this fix. He said he’d keep this thread up to date as they progress with the fix. So 🤞!