Geek Answers Handbook

AJAX Cross Domain Issue with Visual Studio Team Services REST API

I am trying to write a JavaScript client for the Visual Studio Team Services REST API that send AJAX requests to our own Team Foundation Server 2015 server, but I ran into a cross-domain problem.

The API requires credentials for authentication, but due to security reasons, the browser blocks my requests because the Access-Control-Allow-Origin parameter is set with a wildcard * .

I tried adding this parameter to the HTTP response headers in IIS Manager, as well as to the TFS web.config file (which is actually the same), but I received an error message indicating that this parameter has two different values ​​(for example: * and http://localhost:58785 ) and should only have one. I assume that this value is already defined in the library code, which I cannot get, since the TFS web service is already compiled and running in IIS.

I also tried using the <location allowOverride="false"> markup in web.config to prevent configuration overrides, but in this case TFS will not start.

Someone already asked about this question here , and also sent a ticket to uservoice , but since the API name is really ambiguous (Visual Studio Online REST API), I don’t know if this guy is talking about real Visual Studio online or if his case coincides with mine (hosted TFS server itself).

We have already implemented some functions in C # that work well, but now we really need to implement the JavaScript client. Writing a web service and using it as a proxy for an API request is a real mess for us, and we do not want to do this.

It is so sad that we cannot send AJAX requests to the API due to a configuration that we cannot change.

+5
source share
1 answer

Someone from Microsoft finally gave me a solution, so here it is:

In PowerShell, run the following commands:

 [Reflection.Assembly]::LoadFrom("C:\Program Files\Microsoft Team Foundation Server 14.0\Tools\Microsoft.TeamFoundation.Client.dll") $configServer = new-object Microsoft.TeamFoundation.Client.TfsConfigurationServer "http://localhost:8080/tfs/" $configHive = $configServer.GetService([Microsoft.TeamFoundation.Framework.Client.ITeamFoundationRegistry]) $configHive.SetValue("/Configuration/WebSecurity/AllowedOrigins", "domain1;domain2")

Thus, you can specify multiple domains, and you can also restrict this port and / or scheme as follows:

 $configHive.SetValue("/Configuration/WebSecurity/AllowedOrigins", "localhost,port=58785,scheme=http;")

Here is an old blog post about updating the TF registry using Powershell

Then you can finally send authenticated AJAX requests to the API.

[EDIT]:. In this case, if you run it on Windows, it may work, however it does not use basic authentication.

Two options:

1. It uses Generic Credentials , automatically added to the Credential Manager (Sorry, this is in French)

enter image description here

2. Or it can also use your Windows session credentials .

Therefore, to make it work in a non-Windows environment, you still need a few steps.

On your TFS server, run this PowerShell command to add basic authentication:

 dism /online /enable-feature /featurename:IIS-BasicAuthentication

Then, in IIS Manager, click "Authentication" on your TFS node site. You should now see Basic Authentication, just enable it.

enter image description here

Finally, in your JavaScript code, convert the string

DOMAIN \ username: password

in Base64 and add it to the request header (assuming you are using XMLHttpRequest):

 client.setRequestHeader('Authorization', 'Basic ' + myBase64AuthString);

NOTE. Be careful with the clean Base64 JavaScript converter that you can find on the Internet. The converted string may be incorrect due to encoding. Compare your line with some Base64 online converters.

Hope this helps other people.

+3
source

More articles:


All Articles