I have a repo in Azure DevOps Server 2020 (on-premise), which contains a lot of files. I'm trying to use Sourcetree to maintain changes in repo.
Sourcetree has an option to setup remote account to connect to ADS. But I cannot connect to ADS, I get strange errors.
I tried using Host URL with only domain, with collection name and even with project name, but no success :(
Settings before clicking "Refresh Personal Access Token".
Then I add my PAT via "Refresh Personal Access Token", I use my ADS username (integrated with Active Directory) and PAT as password:
I get the error after enterring username and PAT:
So my questions:
Is my authenication flow correct?
Should I use only hostname as "Host URL" in Sourcetree or I should add also Organisation (Collection) and Project name?
What should I use in PAT request:
Active Directory username (with domain or not?) and PAT as password?
PAT as username and as password?
PAT as password and no username?
something else?
Sourcetree has an option to setup remote account to connect to ADS.
But I cannot connect to ADS, I get strange errors.
The Remote option is only for Azure DevOps Services, the on-premise Azure DevOps Server is not supported with this option. Something like Bitbucket and Bitbucket Server, they have different authentication methods
E.G The Azure DevOps Services https://dev.azure.com/{org} works as expected:
For on-premise Azure DevOps Server, we can use the Clone option, just copy the specific repo URL from your project, then set the local path to clone. After that you can change your source files on your local repo and push them to remote repo.
Related
Our organization has changed name and with it our emails (xxx#abc --> xxx#def), and apparently we can no longer connecter Azure Data Factory to Git.
We get the following error:
You have GIT enabled in your data factory. Publishing in 'Data Factory' mode is disabled. Please switch back to GIT mode to make further changes.
Read about our Best Practices.
Also the switch from ADF to Devops Git is greyed (see screenshot below)
How do we fix this ?
PS: I have access to Azure Devops and to all the repositories in it, that is why I do not get it why we have this problem
Thanks in advance
A possible scenario can be, you had the previous Azure DevOps tenant with xxx#abc credential and now when you moved to xxx#def, you have an Azure AD account to connect to ADF. Or the other way around. In the backend this is causing mismatch when ADF and Azure DevOps tenant are passing credentials for connecting. Try to clear browser data or cache and explicitly login into DevOps account using same creds from ADF before testing.
See similar in MS DOC: Connect to Git repository failed due to different tenant
After a quick internet search I couldn't seem to find an easy way for my Azure Pipeline to write a custom comment back to the PR that triggered it. Is this possible? Does it require a PAT? I can't use any solution that requires exposing a PAT to a external PR, as they could then easily exfiltrate it.
Sure, you can add comments to the PR on GitHub from Azure pipelines. You can use the GitHub Comment task in your pipeline to easily write comments to the GitHub PR.
With this task, you also need to create a GitHub service connection, or a GitHub Enterprise Server service connection if your repository is hosted on GitHub Enterprise Server, for use on the task.
When creating the GitHub (or GitHub Enterprise Server) service connection, you can choose an authorization method from the optional.
GitHub service connection -- Grant authorization or Personal Access Token
GitHub Enterprise Server service connection -- Personal Access Token, Username and Password or OAuth2
So, a GitHub PAT is not required if the authorization method you choose is not Personal Access Token.
[UPDATE]
If you are worrying about that the service connection would be abused by someone to attack your source code repository, you can do the following things:
On GitHub, you can create a PAT, and limit the permission scopes of this PAT. More details, see "Creating a personal access token".
On Azure DevOps, you can choose Personal Access Token as the authorization method on the service connection, and fill with the PAT that you created in above step. Then you can limit which users, teams and groups, even which pipelines, can use the service connection in the project. More details, you can see "Secure a service connection".
I just created a new organization for my team on Azure DevOps. I wanted to activated the git access through username/password to begin with(for multiple reasons: We use Https, so no ssh certificate, and I've no idea how to use PAT with our current git client(sourcetree)).
Currently, when I go in my settings on "Alternate credentials", I get this:
But I've been into the organization page and I cannot find this settings? How can I enable it?
But I've been into the organization page and I cannot find this
settings? How can I enable it?
You can't enable that, the Alternate authentication credentials setting has been removed from Organization settings=>Policies for newly created organizations. Check the blog shared above in Michael's answer.
I've no idea how to use PAT with our current git client.
It's recommended to use PAT instead since you have no SSH certificate. Here're samples about how to use git+pat without pop-up window for credentials (Useful when you're running the commands in pipeline, since you can't enter credentials if there's pop-up window):
1.You can generate Git credentials to get temp username and password, and then use format:
git clone https://UserName:Password#dev.azure.com/OrgName/ProjectName/_git/RepoName
2.You can create a limited PAT(more secure then Full access) and use command:
git clone https://anything:{yourPAT}#dev.azure.com/OrgName/ProjectName/_git/RepoName
Same format when using git push...
Also you can clone the repo with git clone + URL from this button. Per my experience, it will prompt for credentials and save the credentials in local machine.
For Source Tree:
Url: https://OrganizationName.visualstudio.com
userName: The email address of your azure devops account
password: PAT
Enter correct URL format, click the refresh PAT button and enter the email as username, PAT as password. The authentication succeeds in my source tree for windows.
Looks like effective March 2, 2020 Alternate Credentials are no longer supported. Organizations created before then can use them for a short time to transition to PATs. New organizations do not have that option. Source
From Microsoft DevBlog:
Deprecation Timeline
Beginning December 9, 2019 we will disable and hide Alternate Credentials settings for organizations that don’t have Alternate Credentials set. This change will be in effect for all these organizations by December 20, 2019.
In the coming months we will work with our customers that are still using the feature, to help them switch to another, more secure authentication method.
March 2, 2020 – Start gradually disabling Alternate Credentials for all Azure DevOps organizations.
Legacy Organizations
If you have a legacy organization, the option would appear under Organization Settings, Policies (under the Security subheading). The toggle is called "Alternate authentication credentials"
I've set up a git repo in Azure Dev Ops and I'm trying to do a git pull to my computer via https. I set up a credential alias in Dev Ops (this seemed to be the only authentication method that worked for pulling originally).
When I pull to my computer I'm being prompted for the alias password (which is definitely correct, as is working on other computers). When I enter the password I'm getting the following error message:
fatal: Authentication failed for [git url]
Does anyone know what might be causing this?
The email address linked to the Dev Ops account has been added to the team members in Dev Ops (this was causing issues with git pulling on another computer, however this resolved that instance of the error)
Hello I am loging into my work github on a different repository, however none of my work machine's repos (and organizations) show up in spite of it being the same login. Are there any permissions that must be granted for remote access?
There is no "remote access" when it comes to github.com: only a GitHub account and its password, than can be entered from any post.
The same principle should apply for a GitHub for Enterprise instance (possible linked to an enterprise LDAP user referential), provided you are using the same user/password account as usual, even if your remote session is done under a different account.
I just go to github.com and log with my work credentials
That is not how github.com credentials work: your "work" credentials have nothing to do with your GitHub account. Use the login/password of your GitHub account, not your "work" credentials.