We Keep Coding

Cannot access https://dev.azure.com/<myOrg> Using TFS extended client version 15

We are migrating some code that used to run against an on premise TFS server but now needs to run against Azure DevOps (previously Team Services). The credentials I'm using have been validated to successfully authenticate to our DevOps organization instance, but running the following code after referencing the
Microsoft.TeamFoundationServer.ExtendedClient
NuGet package always results in TF30063: You are not authorized to access https://dev.azure.com/<myOrg> The code is posted below for authenticating via non-interactive authentication. Do I need to use a different authentication mechanism or different credentials type to get this working?
System.Net.NetworkCredential networkCredential = new System.Net.NetworkCredential(_userName, DecryptedPassword, _domain);
try
{
// Create TeamFoundationServer object
_teamFoundationCollection = new TfsTeamProjectCollection(_serverUrl, networkCredential);
_teamFoundationCollection.Authenticate();
}
catch (Exception ex)
{
// Not authorized
throw new TeamFoundationServerException(ex.Message, ex.InnerException)
}

Since you want to use .Net Client Libraries, you could refer to the following link:
https://learn.microsoft.com/en-us/azure/devops/integrate/concepts/dotnet-client-libraries?view=azure-devops
Patterns for use:
using Microsoft.VisualStudio.Services.Common;
using Microsoft.VisualStudio.Services.Client;
using Microsoft.TeamFoundation.SourceControl.WebApi;
using Microsoft.VisualStudio.Services.WebApi;
const String c_collectionUri = "https://dev.azure.com/fabrikam";
const String c_projectName = "MyGreatProject";
const String c_repoName = "MyRepo";
// Interactively ask the user for credentials, caching them so the user isn't constantly prompted
VssCredentials creds = new VssClientCredentials();
creds.Storage = new VssClientCredentialStorage();
// Connect to Azure DevOps Services
VssConnection connection = new VssConnection(new Uri(c_collectionUri), creds);
// Get a GitHttpClient to talk to the Git endpoints
GitHttpClient gitClient = connection.GetClient<GitHttpClient>();
// Get data about a specific repository
var repo = gitClient.GetRepositoryAsync(c_projectName, c_repoName).Result;

ning.http.client Kerberos Example

How can I support Kerberos based authentication with the ning http client?
I am extending existing code which has support for NTLMAuth and I want to be able to include support for Kerberos, which is used on some of the websites that I need to test.
I want to be able to put in the user and password programmatically, I do not want to use a keyTab, or setup krb5 configuration on the system where this is running.
I have the following code block;
import com.ning.http.client.RequestBuilder;
import com.ning.http.client.Realm.RealmBuilder;
....
RealmBuilder myRealmBuilder = new RealmBuilder()
.setScheme(AuthScheme.KERBEROS)
.setUsePreemptiveAuth(true)
.setNtlmDomain(getDomain())
.setNtlmHost(getHost())
.setPrincipal(getUsername())
.setPassword(getUserPassword()));
RequestBuilder rb = new RequestBuilder()
.setMethod(site.getMethod())
.setUrl(site.getUrl())
.setFollowRedirects(site.isFollowRedirects())
.setRealm(myRealmBuilder),
site)
´´´
Currently I get the error response:
FAILED: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
Does anyone have an good example of how to do this correctly?

"Connect time out" error for jClouds via proxy

I am trying to run a simple program of jcloud. The program is as follows:
String provider = "openstack-nova";
String identity = "Tenant:usename"; // tenantName:userName
String credential = "pass";
novaApi = ContextBuilder.newBuilder(provider).endpoint("http://openstack.infosys.tuwien.ac.at/identity/v2.0")
.credentials(identity, credential).modules(modules).buildApi(NovaApi.class);
regions = novaApi.getConfiguredRegions();
The openstack.infosys is connect via SOCKS proxy on port 7777. I have also enlisted the same on eclipse(Window->Preferences->General->Network Config->SOCKS(Manual)) . However, everytime I run the code I get the following error:
ERROR o.j.h.i.JavaUrlHttpCommandExecutorService - Command not considered safe to retry because request method is POST:
Which is then caused by
Caused by: java.net.SocketTimeoutException: connect timed out
I am able to access the horizon web interface of the same without any issues.
Can someone please help me in understanding what is the possible problem.

You need to tell Apache jclouds about your proxy configuration when creating the context. Have a look at these properties, and pass the ones you need to the overrides method of the ContextBuilder:
Proxy type
Proxy host
Proxy port
Proxy user
Proxy password

How can I send email with Amazon SES on Zend Framework - 2.2.1

I'm using Zend Framework - 2.2.1, and would like to use Amazon SES. For this, I have installed two modules "aws/aws-sdk-php-zf2" and "slm/mail". I have included these two modules in my application.config.php and put aws.local.php in my config/autoload folder and change the Access Key, Secret Key and region in this file.
In the controller file, I created an instance of Mail message class as below:-
$objMessage = new \Zend\Mail\Message();
$transport = $this->getServiceLocator()->get('SlmMail\Mail\Transport\SesTransport');
$transport->send($objMessage);
Its giving me the error "Amazon SES requires exactly one from sender".
Can anyone please suggest on this?

Try to set sender of your Message instance:
$objMessage = new \Zend\Mail\Message();
$objMessage->setFrom('foo#bar.com')
->setTo('bar#baz.com')
->setSubject('Mail subject');
$transport = $this->getServiceLocator()->get('SlmMail\Mail\Transport\SesTransport');
$transport->send($objMessage);

How do I get a token needed for DFS Kerberos authentication?

I'm trying to write a client for consuming DFS (Documentum Foundation Services) and trying to use Kerberos for single sign-on. Both Java and C# sample code (productivity layer) in the documentation gives the following line which gets the Kerberos binary token:
byte[] ticket = ...
I'm not sure how to actually get the binary token, and the "..." doesn't help me. Does anyone know how to get an actual ticket (Kerberos token) using either Java or C#?
Here are the examples given for both Java and C#:
Java: Invoking a service with Kerberos authentication
KerberosTokenHandler handler = new KerberosTokenHandler();
IObjectService service = ServiceFactory
.getInstance().getRemoteService(..., contextRoot, Arrays.asList((Handler) handler));
byte[] ticket = ...;
handler.setBinarySecurityToken(
new KerberosBinarySecurityToken(ticket, KerberosValueType.KERBEROSV5_AP_REQ));
service.create(...)
C#: Invoking a service with Kerberos authentication
KerberosTokenHandler handler = new KerberosTokenHandler();
List<IEndpointBehavior> handlers = new List<IEndpointBehavior>();
handlers.Add(handler);
IObjectService service = ServiceFactory
.Instance.GetRemoteService<IObjectService>(..., contextRoot, handlers);
byte[] ticket = ...;
handler.SetBinarySecurityToken(
new KerberosBinarySecurityToken(ticket, KerberosValueType.GSS_KERBEROSV5_AP_REQ));
service.create(...);

I just figured this out for .NET and would like to share for those who maybe interested. What's needed is WSE3 library. Make sure to configure your DFS service account for Kerberos delegation.
So what need to do is set your KerberosTokenHandler with the Kerberos token. The KerberosBinarySecurityToken comes from WSE3. The code would look something like this:
KerberosTokenHandler kerberosTokenHandler = new KerberosTokenHandler();
String servicePrincipalName = “DFS/example66”; // this is the service principal name for your DFS service account in Active Directory.
using (KerberosClientContext kerberosClientContext = new KerberosClientContext(servicePrincipalName, true, ImpersonationLevel.Delegation))
{
KerberosBinarySecurityToken token = new KerberosBinarySecurityToken(kerberosClientContext.InitializeContext(), KerberosValueType.KERBEROSV5_AP_REQ);
kerberosTokenHandlerandler.SetBinarySecurityToken(token);
}