1
Solved

TFS Authentication

Hi guys, and thanks for the great work.

I'm a TFS admin, and I would like to use your soft at work, but when I tested it I've seen two disturbing things in my fiddler :

CONTEXT : TFS 2015 Update 2.1, two AD Domains, and each user has an account on each domain (ex : DOMAIN1\adminuser and DOMAIN2\admlinuser)

1 - Seems like all requests are doubled : first one ends on a 401, and second passes (is it by design ?) :

Result Protocol Host  URL                Body Caching             Content-Type  Process 
401  HTTP  tfs:8080 /tfs/defaultcollection/_api/_identity/checkName?name=band... 341  text/html;    charset=us-ascii dnx:2328
500  HTTP  tfs:8080 /tfs/defaultcollection/_api/_identity/checkName?name=band... 20 030 private text/html;  charset=utf-8  dnx:2328
401  HTTP  tfs:8080 /tfs/defaultcollection/_api/_identity/ReadIdentitiesPageJ... 341  text/html;    charset=us-ascii dnx:2328
200  HTTP  tfs:8080 /tfs/defaultcollection/_api/_identity/ReadIdentitiesPageJ... 7 521 private, no-sto...  charset=utf-8  dnx:2328
401  HTTP  tfs:8080 /tfs/defaultcollection/TeamProject1/_apis/build/builds/?ap... 341  text/html;    charset=us-ascii dnx:2328
200  HTTP  tfs:8080 /tfs/defaultcollection/TeamProject1/_apis/build/builds/?ap... 20 304 no-cache; Expir...  charset=utf-8;... dnx:2328
401  HTTP  tfs:8080 /tfs/defaultcollection/TeamProject2/_apis/build/builds/?ap... 341  text/html;    charset=us-ascii dnx:2328
200  HTTP  tfs:8080 /tfs/defaultcollection/TeamProject2/_apis/build/builds/?ap... 16 599 no-cache; Expir... charset=utf-8;... dnx:2328
401  HTTP  tfs:8080 /tfs/defaultcollection/TeamProject1/_apis/build/definition... 341  text/html;    charset=us-ascii dnx:2328
200  HTTP  tfs:8080 /tfs/defaultcollection/TeamProject1/_apis/build/definition... 788  no-cache; Expir... charset=utf-8;... dnx:2328
401  HTTP  tfs:8080 /tfs/defaultcollection/TeamProject2/_apis/build/definition... 341  text/html;    charset=us-ascii dnx:2328
200  HTTP  tfs:8080 /tfs/defaultcollection/TeamProject2/_apis/build/definition... 395  no-cache; Expir... charset=utf-8;... dnx:2328

2 - On my TFS Server I can see many errors in the eventvwr, like this one :

TF53010: The following error has occurred in a Team Foundation component or extension:
Date (UTC): 18/05/2016 12:17:58
Machine: TFS 
Application Domain: /LM/W3SVC/2/ROOT/tfs-1-131078583469284956
Assembly: Microsoft.TeamFoundation.Framework.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v4.0.30319
Service Host: bdeb4505-3c61-41b5-a0b9-1cd7c48f7370 (DefaultCollection)
Process Details:
  Process Name: w3wp
  Process Id: 4420
  Thread Id: 12184
  Account name: DOMAIN2\adminuser
 
Detailed Message: TF30065: An unhandled exception occurred.
 
Web Request Details
    Url: http://tfs:8080/tfs/defaultcollection/_api/_identity/checkName?name=adminuser[method: GET]
    User Agent:
    Headers: not available
    Path: /tfs/defaultcollection/_api/_identity/checkName
    Local Request: False
    Host Address: 192.168.131.45
    User: DOMAIN2\useradmin [authentication type: NTLM]
 
Exception Message: Multiple identities found matching 'useradmin' . Use the unique name to specify one of the following identities:
 
- User ADMIN (unique name: DOMAIN2\useradmin)
- User ADMIN (unique name: DOMAIN1\useradmin)
 (type MultipleIdentitiesFoundException)
Exception Stack Trace:    at Microsoft.TeamFoundation.Server.WebAccess.Admin.ApiIdentityController.HandleMultipleIdentitiesFoundException(MultipleIdentitiesFoundException ex)
   at Microsoft.TeamFoundation.Server.WebAccess.Admin.ApiIdentityController.CheckName(String name)
   at lambda_method(Closure , ControllerBase , Object[] )
   at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass42.b__41()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.b__7(IAsyncResult _)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<>c__DisplayClass39.b__33()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.b__49()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.b__49()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.b__49()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.b__49()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.b__49()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.b__49()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.b__49()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.b__36(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<>c__DisplayClass2a.b__20()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.b__22(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.<>c__DisplayClass1d.b__18(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.b__3(IAsyncResult ar)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.b__3(IAsyncResult ar)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.b__3(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.b__3(IAsyncResult ar)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 
I tried to use dedicated account by disabling "Auto-detect settings" and manually enter my informations but the result is the same.
 
Please let me know if I can help you, and good luck for .Net Core RC2 port ;)

 

2 replies

Thanks for reporting this!

1 - request doubling is currently expected, as this is the way Kerberos authentication handshake works over http - it requires some back-and-forth between server and client. .Net had a feature to cache those authentications, but it was not implemented in .Net Core. If it will be added back, we'll use it.

2 - this looks like a bug that occurs in a multi-domain configuration, we'll fix it in future versions. 

L

Thanks for the reactivity.

 

Kudos !

In version 1.6.3 we improved current user detection mechanism, and it should work correctly in multi-domain environments. You can get the latest version from https://catlight.io/downloads , or just wait about a week for auto-update.