January 7th, 2013

How to connect to TF Service without a prompt for LiveID credentials

Buck Hodges
Director of Engineering

Normally when you connect to the Team Foundation Service you are presented with a web page to log in with your Microsoft Account (aka LiveID). When you log in you can choose to have it remember you and you won’t have to enter your Microsoft Account credentials again (unless you don’t log in again for a long time, and then you’ll be prompted again).

That’s great for humans, but what about an application or another web service that wants to connect? For that the code will need to use “alternate credentials," which you must enable on your account. This is the same setting used to enable basic authentication for git-tf. Then we can write some code to connect to the service with those credentials.

Longer term, we will have OAuth support available as well, but that’s not ready yet.

Enabling Alternate Credentials

You’ll need to first to turn on this feature. First, visit your account or project in a browser, click on your name in the upper right, and then click My Profile.

myprofile

On the User Profile dialog, click on the Credentials tab.

enablecreds

Now provide a password and save the changes.

password

Using Alternate Credentials in code

Before going further, you’ll need to make sure that you have Update 1 for Visual Studio 2012 or newer installed. That update includes enhancements to the TFS client object model to support alternate credentials.

The easiest way to get the latest update is either via clicking on the “toast” notification that pops up from the Windows taskbar or in VS going to Tools –> Extensions and Updates…, clicking on Updates followed by Product Updates and installing the latest update. Alternatively, you can download it here.

You can verify that you have Update 1 (or newer) installed in VS using Help –> About Microsoft Visual Studio.

vshelp

Now that we have the credentials turned on, we’ll now use them from a simple console app.

 

After creating a new console app, add a reference to Microsoft.TeamFoundation.Client.dll, which you will find under v2.0 in ReferenceAssemblies. The client object model for TFS is almost entirely built with .NET 3.5 (CLR 2.0) in order to support running the TFS web parts in SharePoint.

image

Here’s the code.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using System.Threading.Tasks;

using Microsoft.TeamFoundation.Client;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            NetworkCredential netCred = new NetworkCredential(
                "someone@yahoo.com",
                "password");
            BasicAuthCredential basicCred = new BasicAuthCredential(netCred);
            TfsClientCredentials tfsCred = new TfsClientCredentials(basicCred);
            tfsCred.AllowInteractive = false;

            TfsTeamProjectCollection tpc = new TfsTeamProjectCollection(
                new Uri("https://YourAcct.visualstudio.com/DefaultCollection"),
                tfsCred);

            tpc.Authenticate();

            Console.WriteLine(tpc.InstanceId);
        }
    }
}

I’ve added two using statements, one for System.Net to pull in NetworkCredential and one for Microsoft.TeamFoundation.Client for the TFS classes we’ll need.

The first thing we construct is a standard NetworkCredential object with the username (the email address that you use for your Microsoft Account) and the password that you created for alternate credentials. On the TfsClientCredentials object, we set AllowInteractive to false to prevent a prompt dialog being shown if the credentials are invalid.

In constructing the TfsTeamProjectCollection, we must specify the URL to the collection and the credentials. Note that all connections to accounts in TF Service require https. Currently, there is only one collection per account in TF Service, so it is always DefaultCollection.

Finally, we call Authenticate() to verify that we have supplied the correct credentials and test that it is working by printing the unique InstanceId of the collection.

Now the rest of the TFS client object model is available for use with the TF Service from applications that cannot prompt for credentials.

Enjoy!

Follow me on Twitter at https://twitter.com/tfsbuck

Author

Buck Hodges
Director of Engineering

Director of Engineering, Azure DevOps

0 comments