[英]Is it possible to authenticate to a remote Git repository using the default windows credentials non interactively?
My remote Git repository is hosted by the on premises TFS server. 我的远程Git存储库由内部TFS服务器托管。 There are two ways to access its content:
有两种方法可以访问其内容:
git clone
command git clone
命令 To use the Restful API one can use the powershell Invoke-RestMethod
command with the -UseDefaultCredentials
and it works fine, no questions asked. 要使用Restful API,可以使用powershell
Invoke-RestMethod
命令和-UseDefaultCredentials
,它可以正常工作,没有问题。
With git clone
, however, I have no idea how to use the default credentials. 但是,使用
git clone
,我不知道如何使用默认凭据。 The manager credential helper does not use them. 经理凭证助手不使用它们。 When used for the first time it asks for the credentials.
首次使用时,它会要求提供凭据。
So, the options I see are: 所以,我看到的选项是:
The problem is that I could not find anything on the web that implements any of these options. 问题是我在网上找不到任何实现这些选项的东西。
The approach suggested in https://github.com/git-for-windows/git/wiki/FAQ#how-do-i-access-a-repository-hosted-on-a-microsoft-team-foundation-server-inside-a-windows-domain does not seem to work. 在https://github.com/git-for-windows/git/wiki/FAQ#how-do-i-access-a-repository-hosted-on-a-microsoft-team-foundation-server-中建议的方法inside-a-windows-domain似乎不起作用。 Please, observe:
请观察:
C:\xyz\DevOps> $GitApiUrl
http://tfsserver:8080/tfs/DefaultCollection/code/_apis/git/repositories/MyConfigData
C:\xyz\DevOps> $ProjectName
dev_smoketest56oc
C:\xyz\DevOps> Test-Path .\params.json
False
C:\xyz\DevOps> Invoke-RestMethod -Uri "$GitApiUrl/items?path=$ProjectName.json&api-version=4.1" -UseDefaultCredentials -OutFile params.json
C:\xyz\DevOps> Test-Path .\params.json
True
As you can see the Restful API works without asking for credentials. 正如您所看到的,Restful API可以在不需要凭据的情况下工作。 Now let us try git clone:
现在让我们尝试git clone:
C:\xyz\DevOps> $env:GIT_TRACE=1
C:\xyz\DevOps> git clone http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp a
09:13:21.405748 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
09:13:21.406249 git.c:415 trace: built-in: git clone http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp a
Cloning into 'a'...
09:13:21.430369 run-command.c:637 trace: run_command: git remote-http origin http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp
09:13:21.459149 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
09:13:21.460654 git.c:654 trace: exec: git-remote-http origin http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp
09:13:21.460654 run-command.c:637 trace: run_command: git-remote-http origin http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp
09:13:21.481711 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
09:13:21.539575 run-command.c:637 trace: run_command: 'git credential-manager erase'
09:13:21.642660 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
09:13:21.644162 git.c:654 trace: exec: git-credential-manager erase
09:13:21.644162 run-command.c:637 trace: run_command: git-credential-manager erase
fatal: Authentication failed for 'http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp/'
C:\xyz\DevOps> $env:GIT_TRACE=0
C:\xyz\DevOps>
Authentication failed. 验证失败。
On the bash console: 在bash控制台上:
$ GIT_CURL_VERBOSE=1
$ curl -v --ntlm -u : http://tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp -o 1.html 2> out.txt
$ curl -v --ntlm -u : http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp -o 2.html 2> out2.txt
The files 1.html and 2.html seem to represent the web page of the repository as in the browser, so both curl commands are successful. 文件1.html和2.html似乎代表了浏览器中的存储库的网页,因此两个curl命令都是成功的。
The output files out.txt and out2.txt are very similar, the differences are in timestamps, guids and crypto strings. 输出文件out.txt和out2.txt非常相似,区别在于时间戳,guids和加密字符串。 So, here is out.txt (I took the liberty to remove empty lines and scrub a few strings):
所以,这里是out.txt(我冒昧地删除空行并擦洗几个字符串):
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 192.168.17.155...* TCP_NODELAY set* Connected to tfsserver (192.168.17.155) port 8080 (#0)* Server auth using NTLM with user ''> GET /tfs/DefaultCollection/code/_git/MyApp HTTP/1.1
> Host: tfsserver:8080
> Authorization: NTLM ***SCRUBBED***
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< WWW-Authenticate: NTLM ***SCRUBBED***
< Date: Thu, 15 Nov 2018 23:07:58 GMT
< Content-Length: 341
<
* Ignoring the response-body{ [341 bytes data]
100 341 100 341 0 0 642 0 --:--:-- --:--:-- --:--:-- 642* Connection #0 to host tfsserver left intact* Issue another request to this URL: 'http://tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp'* Found bundle for host tfsserver: 0x4116f20 [can pipeline]* Re-using existing connection! (#0) with host tfsserver* Connected to tfsserver (192.168.17.155) port 8080 (#0)* Server auth using NTLM with user ''> GET /tfs/DefaultCollection/code/_git/MyApp HTTP/1.1
> Host: tfsserver:8080
> Authorization: NTLM ***SCRUBBED***
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Expires: -1
< Server: Microsoft-IIS/8.5
< X-TFS-ProcessId: e5b67424-832f-468b-8787-c7c05aef5396
< ActivityId: 50f62941-8163-4ee9-9c2b-81359ca72838
< X-TFS-Session: 50f62941-8163-4ee9-9c2b-81359ca72838
< X-VSS-E2EID: 50f62941-8163-4ee9-9c2b-81359ca72838
< X-FRAME-OPTIONS: SAMEORIGIN
< X-VSS-UserData: 34be4ed8-c4fd-4e9f-bdae-d1843df36b0f:mkharitonov
< X-AspNetMvc-Version: 4.0
< X-AspNet-Version: 4.0.30319
< Set-Cookie: __RequestVerificationToken_L3Rmcw2=***SCRUBBED***; path=/; HttpOnly
< Set-Cookie: __RequestVerificationToken27563503a-8c73-4ee0-8930-e1f466b255f5=***SCRUBBED***; path=/; HttpOnly
< Persistent-Auth: true
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Thu, 15 Nov 2018 23:07:58 GMT
< Content-Length: 120608
<
{ [183 bytes data]
100 117k 100 117k 0 0 167k 0 --:--:-- --:--:-- --:--:-- 167k* Connection #0 to host tfsserver left intact
I cannot verify it to the end, but probably you should set http.emptyAuth
to true
in config (command git config --global http.emptyAuth true
). 我不能确认到底,但可能你应该设置
http.emptyAuth
到true
的配置(命令git config --global http.emptyAuth true
)。 At least after setting it my git 2.19.1.windows.1 has sent a Authorization: Negotiate ...
header to a server which advertises this protocol. 至少在设置它之后我的git 2.19.1.windows.1已向发布此协议的服务器发送了
Authorization: Negotiate ...
标头。
Bottom line: 底线:
git config --global http.emptyAuth true
Does it if LFS is not in the picture. 是否LFS不在图片中。 If LFS is involved, then prepend the host name with
:@
, eg 如果涉及LFS,则在主机名前加上
:@
,例如
http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.