I'm trying to write a JavaScript client for Visual Studio Team Services REST API which send AJAX requests to our self hosted Team Foundation Server 2015 but I'm facing to a cross domain issue.
我正在尝试为Visual Studio Team Services REST API编写一个JavaScript客户端,它将AJAX请求发送到我们自托管的Team Foundation Server 2015,但我面临着跨域问题。
The API requires credentials to authenticate but due to security reasons, the browser blocks my requests because the parameter Access-Control-Allow-Origin
is set with the wildcard *
.
API需要凭据进行身份验证,但由于安全原因,浏览器会阻止我的请求,因为参数Access-Control-Allow-Origin是使用通配符*设置的。
I tried to add this parameter in HTTP Response Headers in IIS Manager and also in the TFS web.config file (which is actually the same) but I got an error telling me that this parameter has two different value (eg: *
and http://localhost:58785
) and should have only one. I guess this value is already defined in libraries's code which I can't access because the TFS web service is already compiled and running on IIS.
我尝试在IIS管理器中的HTTP响应标头中添加此参数,也在TFS web.config文件中添加此参数(实际上是相同的),但我收到一个错误,告诉我此参数有两个不同的值(例如:*和http: // localhost:58785)并且应该只有一个。我想这个值已经在库的代码中定义,我无法访问,因为TFS Web服务已经在IIS上编译和运行。
I also tried to use the markup <location allowOverride="false">
in web.config, to forbid configuration override but in that case TFS won't start.
我还尝试在web.config中使用标记
Somebody already asked about this issue here and also posted a ticket on uservoice but as the name of the API is really ambiguous (Visual Studio Online REST API), I don't know if this guy talks about the real Visual Studio online or if his case is the same as mine (self hosted TFS Server).
有人已经在这里询问了这个问题,并且在uservoice上发布了一张票,但由于API的名称非常模糊(Visual Studio Online REST API),我不知道这个人是否在线谈论真正的Visual Studio或者他的case与我的相同(自托管TFS服务器)。
We already implemented some features in C# which are working well but now we really need to implement a JavaScript client. Writing a web service and use it as a proxy to query the API is for us a real mess and we don't want to do this.
我们已经在C#中实现了一些运行良好的功能,但现在我们确实需要实现一个JavaScript客户端。编写Web服务并将其用作查询API的代理对我们来说真是一团糟,我们不想这样做。
This is so sad we can't send AJAX requests to the API because of a configuration we aren't able to change.
这太可悲了,我们无法向API发送AJAX请求,因为我们无法更改配置。
1 个解决方案
#1
3
Somebody at Microsoft finally gave me the solution, so here it is:
微软的某个人终于给了我解决方案,所以这里是:
In PowerShell, run these commands:
在PowerShell中,运行以下命令:
[Reflection.Assembly]::LoadFrom("C:\Program Files\Microsoft Team Foundation Server 14.0\Tools\Microsoft.TeamFoundation.Client.dll")
$configServer = new-object Microsoft.TeamFoundation.Client.TfsConfigurationServer "http://localhost:8080/tfs/"
$configHive = $configServer.GetService([Microsoft.TeamFoundation.Framework.Client.ITeamFoundationRegistry])
$configHive.SetValue("/Configuration/WebSecurity/AllowedOrigins", "domain1;domain2")
So you can specify several domains and you can also restrict to a given port and/or scheme like this:
因此,您可以指定多个域,也可以限制为给定的端口和/或方案,如下所示:
$configHive.SetValue("/Configuration/WebSecurity/AllowedOrigins", "localhost,port=58785,scheme=http;")
Here is an old blog post about Updating the TF Registry using Powershell
这是一篇关于使用Powershell更新TF注册表的旧帖子
Then you can finally send authenticated AJAX requests to the API.
然后,您最终可以将经过身份验证的AJAX请求发送到API。
[EDIT]: At this point, if you are running it in Windows it may be working, however it doesn't use Basic Authentication.
[编辑]:此时,如果您在Windows中运行它可能正在工作,但它不使用基本身份验证。
Two options:
两种选择:
1. It uses Generic Credentials
automatically added in the Credential Manager
(Sorry it's in French)
1.它使用在Credential Manager中自动添加的Generic Credentials(对不起,用法语)
2. Or it could also use your Windows session credentials
.
2.或者它也可以使用您的Windows会话凭据。
So to get it working in a non-Windows environment, you still need few more steps.
因此,要使其在非Windows环境中运行,您仍需要更多步骤。
On your TFS server, run this PowerShell command to add Basic Authentication feature:
在TFS服务器上,运行此PowerShell命令以添加基本身份验证功能:
dism /online /enable-feature /featurename:IIS-BasicAuthentication
Then in IIS Manager click "Authentication" on your TFS site node. You should now see Basic Authentication, just enable it.
然后在IIS管理器中单击TFS站点节点上的“身份验证”。您现在应该看到基本身份验证,只需启用它。
Finally in your JavaScript code convert the string
最后在您的JavaScript代码中转换字符串
DOMAIN\username:password
域\用户名:密码
to Base64 and add it to the request's header (assuming you use XMLHttpRequest):
到Base64并将其添加到请求的标头(假设您使用XMLHttpRequest):
client.setRequestHeader('Authorization', 'Basic ' + myBase64AuthString);
NOTE: Be careful with the pure JavaScript Base64 converter you may find on internet. The converted string could be wrong due to encoding. Compare your string with some online Base64 converters to be sure.
注意:请注意您可能在Internet上找到的纯JavaScript Base64转换器。由于编码,转换的字符串可能是错误的。将您的字符串与一些在线Base64转换器进行比较以确定。
Hope this will help other people.
希望这会有助于其他人。
#1
3
Somebody at Microsoft finally gave me the solution, so here it is:
微软的某个人终于给了我解决方案,所以这里是:
In PowerShell, run these commands:
在PowerShell中,运行以下命令:
[Reflection.Assembly]::LoadFrom("C:\Program Files\Microsoft Team Foundation Server 14.0\Tools\Microsoft.TeamFoundation.Client.dll")
$configServer = new-object Microsoft.TeamFoundation.Client.TfsConfigurationServer "http://localhost:8080/tfs/"
$configHive = $configServer.GetService([Microsoft.TeamFoundation.Framework.Client.ITeamFoundationRegistry])
$configHive.SetValue("/Configuration/WebSecurity/AllowedOrigins", "domain1;domain2")
So you can specify several domains and you can also restrict to a given port and/or scheme like this:
因此,您可以指定多个域,也可以限制为给定的端口和/或方案,如下所示:
$configHive.SetValue("/Configuration/WebSecurity/AllowedOrigins", "localhost,port=58785,scheme=http;")
Here is an old blog post about Updating the TF Registry using Powershell
这是一篇关于使用Powershell更新TF注册表的旧帖子
Then you can finally send authenticated AJAX requests to the API.
然后,您最终可以将经过身份验证的AJAX请求发送到API。
[EDIT]: At this point, if you are running it in Windows it may be working, however it doesn't use Basic Authentication.
[编辑]:此时,如果您在Windows中运行它可能正在工作,但它不使用基本身份验证。
Two options:
两种选择:
1. It uses Generic Credentials
automatically added in the Credential Manager
(Sorry it's in French)
1.它使用在Credential Manager中自动添加的Generic Credentials(对不起,用法语)
2. Or it could also use your Windows session credentials
.
2.或者它也可以使用您的Windows会话凭据。
So to get it working in a non-Windows environment, you still need few more steps.
因此,要使其在非Windows环境中运行,您仍需要更多步骤。
On your TFS server, run this PowerShell command to add Basic Authentication feature:
在TFS服务器上,运行此PowerShell命令以添加基本身份验证功能:
dism /online /enable-feature /featurename:IIS-BasicAuthentication
Then in IIS Manager click "Authentication" on your TFS site node. You should now see Basic Authentication, just enable it.
然后在IIS管理器中单击TFS站点节点上的“身份验证”。您现在应该看到基本身份验证,只需启用它。
Finally in your JavaScript code convert the string
最后在您的JavaScript代码中转换字符串
DOMAIN\username:password
域\用户名:密码
to Base64 and add it to the request's header (assuming you use XMLHttpRequest):
到Base64并将其添加到请求的标头(假设您使用XMLHttpRequest):
client.setRequestHeader('Authorization', 'Basic ' + myBase64AuthString);
NOTE: Be careful with the pure JavaScript Base64 converter you may find on internet. The converted string could be wrong due to encoding. Compare your string with some online Base64 converters to be sure.
注意:请注意您可能在Internet上找到的纯JavaScript Base64转换器。由于编码,转换的字符串可能是错误的。将您的字符串与一些在线Base64转换器进行比较以确定。
Hope this will help other people.
希望这会有助于其他人。