So for years I've been logging into my PC using a basic Windows Live account and then using RUNAS.exe to use my AD account when launching Visual Studio and SSMS and everything worked ok. I decided to move to an AD login on my laptop so that I don't need to do the RUNAS.exe for anything I want to use my AD credentials.
Got my user setup fine, and SSMS works without a hitch. The problem is TFS and the Security Device Credential PIN. My org has it set that I have to set a Windows Hello PIN when setting up. If I login to my laptop using that option, I basically can't connect to TFS. If I use my password, I have better luck.
If I use Edge to browse to my TFS server, I'm prompted for a login and by default it asks for my Security Device Credential (PIN). It accepts it, but Edge cannot connect to the site. If I launch and using 'Other Options' and retype my account and password, it works no problem.
This is crazy. Any ideas why this would be this way? I've looked and cannot find any answers on this.
I appreciate any help!
Related
I'm trying to migrate from local NLTM authentication to Azure AD login for an on premise app. I have set up the connected service, but everytime the SignIn method is called:
The request is already authenticated and it's using my local PC name, so the O365 log in is never triggered. Debugging doesn't help as the User info and Request don't seem to exist outside of the AccountController. Does anyone know what is going on and how I can get it to load up the login instead?
If anyone else finds this, check and triple check your web config and project files for any lingering windows authentication variables. Failing that try creating a new project with authentication and then copy the content of the old project across bit by bit. It turned out for me to be something dodgy in the project, but even using a comparison tool afterwards showed no discernible differences.
Only thing I can think of is that the Authentication with Azure Active Directory Connected Services made changes that broke something, but using the auth option during project creation did it properly.
So we currently have a TFS 2015 server on premise installation.
All users are registered using Active Directory account.
PC connecting to the web portal that are using AD accounts are automatically logged in since it detects the current logged in user.
My problem is we have devices that are not in AD. E.G. personal laptops that sometimes view the portal to check work items and such.
You can type in your uname and password to log in but the problem is TFS keeps asking for the uname and password every 2 minutes or so making it tedious to do anything.
Do you have any solution to this problem?
On Windows, you simply add the user and password to the Credential Manager (Control Panel\All Control Panel Items\Credential Manager) in the Windows Credential tab.
Make sure you use a recent version of Git for Windows which includes the proper Git credential manager.
I am using azure AD authentication to authenticate a user in my MVC
application.And I published my application on azure and it is
working fine.
But, when I run my application locally then it Microsoft's login
page comes up and when I enter credentials and click on SignIn
button then it is giving "Sorry, but we’re having trouble signing
you in.We received a bad request."
But the same application is on azure and if I access it from there then it allow me to login.
To create this apllication I follwed link to add azure AD authentication
If you notice the error message, it clearly indicates that you have not configured https://localhost:44320 as one of the reply addresses.
Please go back to application configuration screen in your Azure AD and add https://localhost:44320 as additional reply address. That should take care of this problem.
Add the below to your Web.config. It must be the same port which you have added at the time of Application registration.
<add key="RedirectUri" value="https://localhost:44320/" />
I hit this, it has cost me a lot of time.
I would check firstly that you have the ability in Azure to access third party applications.
In Azure > Users & Groups > User Settings:
You see the first item (Users can allow apps to access their data) - without this checked I believe it wont work.
As you are running your application locally it is not published to Azure, this means that although it may be within the realms of your organisations network, Azure still views it as a third party application.
Be wary setting this to 'Yes'. I understand that there are ways to then create applications that allow you to behave as an Azure super user....
In case anyone else comes across this, here is what happened to me. I had been switching back and forth between environments within Visual Studio (Project >> Properties >> Debug >> Environment Variables). Well, the last time I switched it, I wrote "Develop" instead of "Development" to switch back. This caused .NET Core to grab the wrong appsettings which connected to the wrong AD which did not have my localhost setup on it. It took me an hour to catch what I had done wrong.
This may not be exactly what has happened to you, but do check to make sure you are picking up the Azure AD settings you are expecting if they are in your appsettings. It could be a good point to start at.
We need to access the intranet site called as "http://mysite/myapp".
And with using IE, every domain users can access the site without any prompt.
But, if the user try it with Chrome, the logon prompt shows at first. After entering credential just once, the prompt doesn't appear anymore for the access.
I'm just wondering any way to avoid the first-time logon prompt on Chrome.
And we don't want any chrome browser setting or shortcut for white listing per user. Because we can't handle many users Chrome one by one.
Any help will be appreciated.
Thanks.
Check the details of the Integration Authentication in this Chromium documentation:
http://www.chromium.org/developers/design-documents/http-authentication
With Integrated Authentication, Chrome can authenticate the user to an
Intranet server or proxy without prompting the user for a username or
password. It does this by using cached credentials which are
established when the user initially logs in to the machine that the
Chrome browser is running on. Integrated Authentication is supported
for Negotiate and NTLM challenges only.
Basically, execute Chrome with these switches to specify the auth schemes:
Chrome.exe --auth-server-whitelist="MYIISSERVER.DOMAIN.COM" --auth-negotiate-delegatewhitelist="MYIISSERVER.DOMAIN.COM" --auth-schemes="digest,ntlm,negotiate"
I tried running the command line but it wasn't working. I had to configure the same settings via the Windows Registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"AuthSchemes"="basic,digest,ntlm,negotiate"
"AuthServerWhitelist"="*domain"
"AuthNegotiateDelegateWhitelist"="domain,server.domain.com"
Then I Killed Chrome (cmd line: TaskKill /im chrome.exe) and restarted chrome and tried again and voila. Everything worked as expected.
I would try my best to explain.
I have configured team foundation server on my server machine, and on client i can check in my projects on server and on other clients i can get final version. It is working correctly.
Now i have two questions.
1- From client pc, when i connect to team foundation, it asks for username and password, and on team foundation server the password configured there is the same password of server windows admin credentials. I try to create any other user on it but i think so i must have to create a server admin account for this. But i dont wana give my server credentials to clients. It seems to me quite dangerous. See the image.
2- If i do some changes and i do check in, it works good. And changes are loaded there. On other client, if i do check out, it did not get the latest different changes, it does nothing. But when i do get latest version then it works fine but bring all latest changes and merge. Why check out does not get only "different" statement changes among them?
I am newbie TFS, so kindly forgive me if i am asking something fool.
I have found the way to resolve this.
Just create a new account on your active directory.
And use it for login. Provide that account here
Now i can provide this username and password which i created as a user account on active directory.