如何从本地 TFS2015 获取 PAT
How to get PAT from on-premise TFS2015
我们希望将我们的自定义步骤从 XAML 构建迁移到 TFS2015 内部部署中的新构建任务。我安装了 NodeJS 和 tfx-cli,但是当 tfx-cli 想要连接到 TFS 时,我需要提供 pat(个人访问令牌),但我找不到在哪里可以获得它。所有示例均适用于 VSO,但不适用于本地 TFS2015。是否可以从本地 TFS2015 获取 PAT?
tfx-cli 连接到TFS 实例还有一个选项,它是基本身份验证。只需使用以下格式:
tfx login --auth-type basic --username myuser --password mypassword --service-url http://tfscollectionurl
引用自Github:
You can alternatively use basic auth by passing --auth-type basic
(read Configuring Basic Auth). NTLM will come soon.
Note: Using this feature will store your login credentials on disk in
plain text.
TFS 2015 不支持个人访问令牌,此功能是在 TFS 2017 中引入的。同时,您需要配置基本身份验证并使用它(如果您的 TFS 服务器是 运行 通过 SSL),或者使用下面的技巧来欺骗命令留置权工具通过让 NTLM 代理(如 Fiddler)为您处理身份验证来进行身份验证。
如果您不想在您的 TFS 服务器上配置基本身份验证(许多人出于安全考虑不希望这样做),那么您可以使用一个巧妙的技巧让 Fiddler 处理您的身份验证:
然后输入:
C:\>set http_proxy=http://localhost:8888
C:\>tfx login --auth-type basic --service-url http://jessehouwing:8080/tfs/DefaultCollection
系统会提示您输入用户名和密码,输入什么并不重要,fiddler 会在后台为您处理身份验证:
More detailed steps outlined on my blog.
如果您正在与自签名证书作斗争,这也是对本地 TFS 服务器使用 tfx 时的常见问题,请确保您使用的是足够新的 Node 版本,并将其指向一个额外的使用环境变量的证书存储:
As of Node.js 7.3.0 (and the LTS versions 6.10.0 and 4.8.0) it is now possible to add extra well-known certificates to Node.js with an environment variable. This can be useful in cloud or other deployment environments to add trusted certificates as a matter of policy (as opposed to explicit coding), or on personal machines, for example, to add the CAs for proxy servers.
See the CLI documentation for more information on using NODE_EXTRA_CA_CERTS, as well as the original pull-request.
NODE_EXTRA_CA_CERTS=file#
Added in: v7.3.0
When set, the well known "root" CAs (like VeriSign) will be extended with the extra certificates in file. The file should consist of one or more trusted certificates in PEM format. A message will be emitted (once) with process.emitWarning() if the file is missing or malformed, but any errors are otherwise ignored.
Note that neither the well known nor extra certificates are used when the ca options property is explicitly specified for a TLS or HTTPS client or server.
我们希望将我们的自定义步骤从 XAML 构建迁移到 TFS2015 内部部署中的新构建任务。我安装了 NodeJS 和 tfx-cli,但是当 tfx-cli 想要连接到 TFS 时,我需要提供 pat(个人访问令牌),但我找不到在哪里可以获得它。所有示例均适用于 VSO,但不适用于本地 TFS2015。是否可以从本地 TFS2015 获取 PAT?
tfx-cli 连接到TFS 实例还有一个选项,它是基本身份验证。只需使用以下格式:
tfx login --auth-type basic --username myuser --password mypassword --service-url http://tfscollectionurl
引用自Github:
You can alternatively use basic auth by passing --auth-type basic (read Configuring Basic Auth). NTLM will come soon.
Note: Using this feature will store your login credentials on disk in plain text.
TFS 2015 不支持个人访问令牌,此功能是在 TFS 2017 中引入的。同时,您需要配置基本身份验证并使用它(如果您的 TFS 服务器是 运行 通过 SSL),或者使用下面的技巧来欺骗命令留置权工具通过让 NTLM 代理(如 Fiddler)为您处理身份验证来进行身份验证。
如果您不想在您的 TFS 服务器上配置基本身份验证(许多人出于安全考虑不希望这样做),那么您可以使用一个巧妙的技巧让 Fiddler 处理您的身份验证:
然后输入:
C:\>set http_proxy=http://localhost:8888
C:\>tfx login --auth-type basic --service-url http://jessehouwing:8080/tfs/DefaultCollection
系统会提示您输入用户名和密码,输入什么并不重要,fiddler 会在后台为您处理身份验证:
More detailed steps outlined on my blog.
如果您正在与自签名证书作斗争,这也是对本地 TFS 服务器使用 tfx 时的常见问题,请确保您使用的是足够新的 Node 版本,并将其指向一个额外的使用环境变量的证书存储:
As of Node.js 7.3.0 (and the LTS versions 6.10.0 and 4.8.0) it is now possible to add extra well-known certificates to Node.js with an environment variable. This can be useful in cloud or other deployment environments to add trusted certificates as a matter of policy (as opposed to explicit coding), or on personal machines, for example, to add the CAs for proxy servers. See the CLI documentation for more information on using NODE_EXTRA_CA_CERTS, as well as the original pull-request.
NODE_EXTRA_CA_CERTS=file#
Added in: v7.3.0
When set, the well known "root" CAs (like VeriSign) will be extended with the extra certificates in file. The file should consist of one or more trusted certificates in PEM format. A message will be emitted (once) with
process.emitWarning()if the file is missing or malformed, but any errors are otherwise ignored.Note that neither the well known nor extra certificates are used when the ca options property is explicitly specified for a TLS or HTTPS client or server.