TFS 2015 REST API Authentication

by

The OAuth mechanism is used against the VSO api at the time of writing this as you’ve seemingly identified. official docs for VSO OAuth tokens here.

For on-prem however, the following is required:

Via a javascript client (note I’m using jquery for the ajax request here)

Since alternative creds or token based auth isn’t available on-prem to match current vso implementation; You can consider the following approach: If you have admin permissions on the TFS app tier, you can configure basic authentication for the tfs application in IIS, and set the default domain.

enabling basic auth and setting domain

And then invoke as follows:

var self = this;
        self.tasksURI = 'https://<SERVER>/tfs/<COLLECTION>/<PROJECT>/_apis/build/builds?api-version=2.0';
        self.username = "<USERNAME>"; //basic username so no domain here.
        self.password = "<PASSWORD>";

        self.ajax = function (uri, method, data) {
            var request = {
                url: uri,
                type: method,
                contentType: "application/json",
                accepts: "application/json",
                cache: false,
                dataType: 'json',
                data: JSON.stringify(data),
                beforeSend: function (xhr) {
                    xhr.setRequestHeader("Authorization", "Basic " + btoa(self.username + ":" + self.password));
                },
                error: function (jqXHR) {
                    console.log("ajax error " + jqXHR.status);
                }
            };
            return $.ajax(request);
        }

        self.ajax(self.tasksURI, 'GET').done(function (data) {

            alert(data);

        });

IMPORTANT NOTE! : If you enable basic auth you really should configure your site to use https too or your credentials will be sent in clear text (as indicated in the warning seen -> top right of the image above).

Via a .NET client

In on-prem (currently rtm’d: 2015 update 1) the api is generally gated/fenced off with NTLM, meaning a pre-flight request is made, 401 returned from server to challenge for auth, in this case, setting the request Credential as follows allows the request to auth against the server once the preflight challenge is received.
To accommodate the challenge you can do this:

request.Credentials = new NetworkCredential(this.UserName, this.Password);
//you may want to specify a domain too

If you’ve enabled basic auth for tfs on prem you can attempt authenticating as follows, this pattern matches the mechanism used when invoking vso after enabling alternative credentials in the ui:

request.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(this.UserName + ":" + this.Password));

Note: In some code I modified a few weeks ago; support for both VSO and on-prem was required so I used the two patterns above to deal with the specific scenario.

More Related Contents:

  1. access MONGODB on remote server [closed]
  2. “SyntaxError: Unexpected token < in JSON at position 0"
  3. JavaScript/jQuery to download file via POST with JSON data
  4. How to call a REST web service API from JavaScript?
  5. Access-Control-Allow-Origin denied spotify api [duplicate]
  6. jQuery.when – Callback for when ALL Deferreds are no longer ‘unresolved’ (either resolved or rejected)?
  7. AngularJS $resource RESTful example
  8. How do you create a custom adapter for ember.js?
  9. JavaScript REST client Library [closed]
  10. How to prevent browser to invoke basic auth popup and handle 401 error using Jquery?
  11. Cross Domain Resource Sharing GET: ‘refused to get unsafe header “etag”‘ from Response
  12. Using PUT/POST/DELETE with JSONP and jQuery
  13. Can I connect directly to a Redis server from JavaScript running in a browser?
  14. Returning data from Axios API
  15. Add CORS header to an http request using Ajax
  16. How to use the ‘main’ parameter in package.json?
  17. How do I fetch a single model in Backbone?
  18. Websocket API to replace REST API? [closed]
  19. Does MongoDB have a native REST interface?
  20. How to fetch data server-side in the app directory of Next.js? Tried getStaticProps but it’s returning undefined
  21. jQuery.inArray(), how to use it right?
  22. JavaScript syntax (0, fn)(args)
  23. App.settings – the Angular way?
  24. How to debug Javascript with IE 8
  25. What does document.domain = document.domain do?
  26. “Uncaught ReferenceError: this is not defined” in class constructor
  27. How to implement debounce fn into jQuery keyup event?
  28. NodeJs : TypeError: require(…) is not a function
  29. Nothing was returned from render. This usually means a return statement is missing. Or, to render nothing, return null [closed]
  30. Conflict on Template of Twig and Vue.js

Leave a Comment