IIS7 Impersonation无法访问TFS存储库
the*_*oid 7 asp.net impersonation tfs iis-7 windows-server-2008
我正在尝试构建一个在TFS中添加工作项的ASP.NET页面.
我启用了模拟和Windows身份验证:
<authentication mode="Windows" />
<identity impersonate="true" password="" userName="" />
<customErrors mode="Off" />
在页面中,我访问TFS并尝试添加工作项:
TfsTeamProjectCollection prjCollection = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri("xxx"));
WorkItemStore store = prjCollection.GetService<WorkItemStore>();
...
但是,它仅在我在ASP.NET Impersonation中选择SpecificUser并存储凭据时才有效.选择Authenticated用户时,它不起作用.
我已经检查过SpecificUser与Authenticated的相同,但在后一种情况下我得到权限错误(这表明模拟无法正常工作).
TF30063: You are not authorized to access XXX. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.TeamFoundation.Client.TeamFoundationClientProxyBase.AsyncWebRequest.ExecRequest(Object obj)
--- End of inner exception stack trace ---
at Microsoft.TeamFoundation.Client.TeamFoundationClientProxyBase.ProcessHttpResponse(HttpWebResponse response, Stream responseStream, WebException webException, XmlReader& xmlResponseReader)
at Microsoft.TeamFoundation.Client.TeamFoundationClientProxyBase.ExecWebServiceRequest(HttpWebRequest request, XmlWriter requestXml, String methodName, HttpWebResponse& response)
at Microsoft.TeamFoundation.Framework.Client.LocationWebService.Connect(Int32 connectOptions, ServiceTypeFilter[] serviceTypeFilters, Int32 lastChangeId)
at Microsoft.TeamFoundation.Framework.Client.FrameworkServerDataProvider.Connect(ConnectOptions connectOptions)
at Microsoft.TeamFoundation.Framework.Client.FrameworkServerDataProvider.EnsureConnected(ConnectOptions optionsNeeded)
at Microsoft.TeamFoundation.Framework.Client.FrameworkServerDataProvider.get_InstanceId()
at Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore.InitializeInternal()
at Microsoft.TeamFoundation.Client.TfsTeamProjectCollection.InitializeTeamFoundationObject(String fullName, Object instance)
at Microsoft.TeamFoundation.Client.TfsConnection.CreateServiceInstance(Assembly assembly, String fullName)
at Microsoft.TeamFoundation.Client.TfsConnection.GetService(Type serviceType)
at Microsoft.TeamFoundation.Client.TfsConnection.GetService[T]()
at ASP.index_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
以下变量对于两种情况看起来都相同:
HttpContext.Current.Request.LogonUserIdentity.Name
HttpContext.Current.Request.IsAuthenticated
HttpContext.Current.User.Identity.Name
System.Environment.UserName
System.Security.Principal.WindowsIdentity.GetCurrent().Name
有任何想法吗?
编辑:
实际上,正如John在下面提到的,问题是由Kerberos代表团引起的.
我发现以下文章和随附的工具在解释和减轻这个问题时非常有用:
DelegConfig - 一个工具帮助解决Kerberos身份验证和委派问题
| 归档时间: |
|
| 查看次数: |
1664 次 |
| 最近记录: |