TFS REST API授权GET但不授权PATCH
[英]TFS rest api authorizing GET but not PATCH
问题描述
I'm trying to change the status for a work item using the rest API provided by my TFS 2015 Update 3 (on premises). 
我试图使用我的TFS 2015 Update 3(在内部)提供的其余API更改工作项的状态。 When I try to get the list of my items, everything works fine: 当我尝试获取物品清单时,一切正常:
var client = new RestClient(uri);
client.Authenticator = new HttpBasicAuthenticator(this.TFSUsername, this.SecurityToken);
var request = new RestRequest(Method.GET);
request.AddHeader("cache-control", "no-cache");
IRestResponse response = client.Execute(request);
After I get this answer and I have all the information I need, I was going to update the status of one of these work items. 得到这个答案并获得所有需要的信息后,我将更新这些工作项之一的状态。
Using the same approach (and of course, the same credential), I'm getting the 401 status code, as I was trying to do it anonymously . 使用相同的方法(当然,也使用相同的凭据),我将获得401状态代码, 因为我试图匿名进行操作 。
The only difference is that I'm using the verb PATCH (as documentation said I have to) and that I'm passing a body to identify what status I want to edit. 唯一的区别是,我正在使用动词PATCH(如文档所述,我必须这样做),并且我正在传递主体以标识要编辑的状态。
This is the code I'm using for the edit: 这是我用于编辑的代码:
var client = new RestClient(uri);
client.Authenticator = new HttpBasicAuthenticator(this.TFSUsername, this.SecurityToken);
var request = new RestRequest(Method.PATCH);
request.AddHeader("cache-control", "no-cache");
string body = @"
{
'op':'add',
'path':'/fields/System.State',
'value':'Closed'
}";
request.AddJsonBody(body);
IRestResponse response = client.Execute(request);
Any hints on why just changing the HTTP VERB is causing me this authorization issue? 关于为什么仅更改HTTP VERB会引起此授权问题的任何提示?
Trying to do it with Postman is causing me the same issue. 尝试使用Postman进行操作会导致我遇到同样的问题。
UPDATE: 更新:
looking at the response header, I noticed this: 看着响应头,我注意到了这一点:
X-TFS-ProcessId →e2b98235-1d3a-4bb7-868f-0d91805aa307
ActivityId →08909688-ac81-4c37-9cea-b47e84fd3efe
X-TFS-Session →08909688-ac81-4c37-9cea-b47e84fd3efe
X-VSS-E2EID →08909688-ac81-4c37-9cea-b47e84fd3efe
X-FRAME-OPTIONS →SAMEORIGIN
WWW-Authenticate →Basic realm="http://xxxxxxx/tfs"
WWW-Authenticate →Negotiate
WWW-Authenticate →NTLM
X-Powered-By →ASP.NET
P3P →CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
Lfs-Authenticate →NTLM
X-Content-Type-Options →nosniff
Date →Thu, 28 Feb 2019 00:20:57 GMT
Content-Length →0
What caught my attention was: 引起我注意的是:
WWW-Authenticate →Basic realm="http://xxxxxxx/tfs" WWW-Authenticate→基本领域=“ http:// xxxxxxx / tfs”
WWW-Authenticate →Negotiate WWW认证→协商
WWW-Authenticate →NTLM WWW认证→NTLM
So it would support Basic authentication as the Get, but is not working. 因此它将支持基本身份验证作为Get,但不起作用。 Are "Negotiate" and "NTLM" interfere somehow? “谈判”和“ NTLM”是否以某种方式干涉?
Thanks 谢谢
1 个解决方案
解决方案1
0 2019-02-28 15:45:46
After a lot of trying, I found out that the solution is pretty easy. 经过大量尝试,我发现该解决方案非常简单。
To make it work from the Authentication point of view, it's enough to use the NtlmAuthenticator (with Username and password) instead of the HttpBasicAuthenticator (even though is working for the get). 要使它从Authentication的角度起作用,只需使用NtlmAuthenticator (带有用户名和密码)而不是HttpBasicAuthenticator(即使它对于get起作用)就足够了。 I replaced my authenticator with NtlmAuthenticator for both get and patch and now is working fine. 我用NtlmAuthenticator替换了我的身份验证器,同时进行了get和patch操作,现在工作正常。
var client = new RestClient(uri);
client.Authenticator = new NtlmAuthenticator(this.TFSUsername, this.TFSPassword);
The other tricky part that I found out (not precisely linked to the authentication) is that for the PATCH the content type has to be application/json-patch+json 我发现的另一个棘手的部分(与验证不完全相关)是,对于PATCH,内容类型必须为application / json-patch + json
Hope it helps 希望能帮助到你
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.