Issue with accessing TFS Rest API - rest

I am trying to use the TFS REST API to automate a use case, Tried using PersonalAccessToken and System.AcessToken (provided by TFS) but getting unauthorized error.
When analyzed found that SSO is being used to authenticate with TFS, as it works when i try to access it from my browzer. My Question is how can I access REST API from a script ( Can be anything bash,shell, python..etc) protected by SSO
Any inputs will hep. Thanks

Please try to disable the Basic Authentication for your TFS, then try it again.
If you want to run scripts by calling the REST API in build/release pipeline, then you can reference this SO thread : TFS 2015 API - 401 - Unauthorized: Access is denied due to invalid credentials

Related

Azure DevOps Client SDK: Using TestManagementHttpClient.GetTestResultsByBuildAsync2 throws auth error

I am using the .NET client library for Azure DevOps to get test results from a build attempt. The following throws an authentication error, Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: VS30063: You are not authorized to access https://dev.azure.com.
var testClient = connection.GetClient<TestManagementHttpClient>();
var testResults = await testClient.GetTestResultsByBuildAsync2(
project: project,
buildId: ID);
I am using a PAT that is scoped to read and execute Builds and Tests. Not sure why I'm getting this error. Is there another way to get test results per attempt? I am able to use this same connection to call GetTestResultDetailsForBuildAsync but unfortunately, that lists results for all the attempts and I just need the last one.
Try either of the following ways to resolve Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: VS30063: You are not authorized to access https://dev.azure.com. error:
Clean the cache as suggested by Marina Liu:Execute
regedit -> clean key(s) under
HKEY_CURRENT_USER\Software\Microsoft\VSCommon\14.0\ClientServices\TokenStorage\VisualStudio\VssApp
-> restart VS -> run your project with your own credential.
Check whether Personal Access Token has expired or created with the right Scope or not
References: VS30063: You are not authorized to access https://dev.azure.com? Error while trying to register Private agent Pool in Azure DevOps Project using PAT token - Microsoft Q&A , c# - VS30063: You are not authorized to access https://dev.azure.com - Stack Overflow and Visual Studio Feedback

Azure DevOps service hook authentication

Currently we have a use case where we have to call the azure function app from Azure DevOps service hooks. We have enabled the AAD authentication on the azure function app, but from azure DevOps the calls are blocked with 401 unauthorized error. We noticed that the webhook url is accepting only basic authentication. Our Azure AD is integrated with okta and I am currently blocked with this. Can some one help with this?
Azure DevOps service hook authentication
I am afraid there is no such way to achieve this at this moment.
Just as you know, the webhook URL only accepts basic authentication. I also create a azure function app, I could access it by the basic authentication, but if I enable the AAD authentication on that azure function app, I could not access it and get the 401 unauthorized:
Currently, we could not change the authentication method for the service hook. You could try to change the value to Log in with Microsoft Account instead of Azure Active Directory for the option Action to take when request not authenticated drop down. And you could add your request for this feature on our UserVoice site (https://developercommunity.visualstudio.com/content/idea/post.html?space=21 ), which is our main forum for product suggestions.

Interacting with TFVC API from Build Task

I'm trying to use the TFVC API from a build task without using Personal Access Token.
I've read that if I'll use the Client SDK it should authenticate automatically but I'm failing to get it working.
Another alternative I'm considering is to run tf.exe but it requires authentication as well.
Basically I would like to get the changesets for a certain build using my Build Task with minimum info from the user (hence I don't want Personal Access Token or Username/Password).
Is that doable?
You should be able to authenticate with an OAuth token. It's populated in the build variable $(System.AccessToken) or the environment variable SYSTEM_ACCESSTOKEN.
You provide it to the REST API with the header Authorization set to Bearer [token], where [token] is the OAuth token value.
If you queue a build with TFVC repository and then check the logs for "Get Sources" step, you will find how to use TF.exe to get source during the build.And then you can copy the command and use it in a CommandLine/PowerShell task like following:
Make sure that "Allow Scripts to access token" option is enabled.

NetSuite redirect fails with bad SAML request on Azure

I have setup SSO with Netsuite and Azure using the following instructions:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-netsuite-tutorial/.
The SSO works for users from Office 365 to NetSuite, however if a user clicks on a NetSuite link in an email they receive an invalid SAML protocol message from Azure during authentication.
For example:
Email Link is
"https:\system.netsuite.com/app/accounting/transactions/purchord.nl?id=167770&c={ACCOUNT_ID}"
Get redirected to (by NetSuite)
"https:\login.windows.net/9621cdc8-e1c4-4a3c-849e-35be6db5a45e/saml2"
which then redirects to :
"https:\login.microsoftonline.com/9621cdc8-e1c4-4a3c-849e-35be6db5a45e/saml2?RelayState=https%3A%2F%2Fsystem.netsuite.com%2Fapp%2Faccounting%2Ftransactions%2Fpurchord.nl%3Fid%3D167770%26c%3D{ACCOUNT_ID}"
which generates error:
Sign In
Sorry, but we’re having trouble signing you in.
We received a bad request.
Additional technical information:
Correlation ID: a8ceee9f-8507-4f55-aa56-e65266bf7d92
Timestamp: 2016-04-13 05:18:07Z
AADSTS75005: The request is not a valid Saml2 protocol message.
Does anyone have any ideas how to get further details on the error, or fix it?
I recently came across this issue and found a solution that works for me.
Try using the following format
https://account.activedirectory.windowsazure.com/applications/signin/{AZURE NETSUITE - APPLICATION_ID}?RelayState=https%3A%2F%2F{NetSuite_Account#}.app.netsuite.com%2Fapp%2Faccounting%2Ftransactions%2Fpurchord.nl%3Fid%3D{Purchae_Order_Record_ID}
I hope this helps.
Recently I faced this issue with Azure SSO, link does not work it fails # the SSO provider's(Azure) login URL. Issue is not with the Netsuite it is sending the request for authentication to Azure but Azure could not authenticate the user even though user is logged into the AD. You can resolve this issue by syncing Azure AD and source of authority. Also make sure your Azure SSo is setup correctly -by running zure Active Directory Module for Windows PowerShell as an admin.
Good luck

OneDrive REST API

Please let me know what is the authentication method we should use when working with OneDrive REST APIs.
Is it AZURE AD using the URL https://login.windows.net/common/oauth2/authorize?
Or the https://login.live.com/oauth20_authorize.srf?
I'm trying to make a simple call to the new OneDrive REST API (I'm using Azure AD, but not sure if this is the correct Authentication method).
I'm using Postman rest client to send the request.
I have registered my application in Azure AD and given it full permissions to 'Office 365 SharePoint Online'.
I can successfully get an authorization token using the clientId generated in Azure AD.
However when I attempt to list files using following request using the access token I get the following error.
Could you please let me know what could be the issue?
RESOURCE HTTP GET:
URL: https://-my.sharepoint.com/personal//_api/Files
HEADER: Authorization: Bearer
Response:
3001000;reason="There has been an error authenticating the request.";category="invalid_client"
IF you refer the public free version of OneDrive, then you should take a look at OneDrives API Documentation. Which uses Live SDK.
If you are using the OneDrive for Business, then you should use the SharePoint 2013 APIs. For SharePoint online this Question (its answer) on SharePoint StackExchange might be helpful. OR if you look for the new-and-in-preview Office365, you might find this page interesting.
A blog post with full walkthrough and code how to authenticate to SharePoint Online with Azure ACS.
Check out the [new][1] v1.0 O365 APIs that describe the OneDrive Business and other O365 service APIs, including authentication.