验证到 Azure Devops Git repo
[英]Authenticating to Azure Devops Git repo
问题描述
We are working on a system to automatically commit generated projects into Git repositories located in Azure Devops.
我们正在开发一个系统,以自动将生成的项目提交到位于 Azure Devops 的 Git 存储库中。 We want to use libgit2sharp for this.我们想为此使用 libgit2sharp。 We want the user to authenticate using their Microsoft account, grab the Access Token(jwt) from the authentication request and use that as means of authentication.我们希望用户使用他们的 Microsoft 帐户进行身份验证,从身份验证请求中获取访问令牌 (jwt) 并将其用作身份验证手段。 But we cannot seem to get this working.但我们似乎无法让它发挥作用。
In another post I read 2 other authentication methods: 1. Alternative accounts.在另一篇文章中,我阅读了另外两种身份验证方法: 1. 替代帐户。 2. Personal Access Tokens, PAT. 2. 个人访问令牌,PAT。 Both made in the profile sections of your devops account.两者都在您的 devops 帐户的配置文件部分中制作。
I can get Alternative accounts to work perfectly but this is not our preferred route as it will require extra actions from the user.我可以让替代帐户完美运行,但这不是我们的首选路线,因为它需要用户采取额外的行动。 The PAT does not seem to work for me and throws me an error that there were "too many redirects or authentication replays". PAT 似乎对我不起作用,并向我抛出一个错误,即“重定向或身份验证重放次数过多”。 I figured this is because of the two factor authentication that is enabled on the Microsoft account.我认为这是因为在 Microsoft 帐户上启用了两因素身份验证。
Is it even supported to use an Access Token(jwt) in LibGit2Sharp with 2FA enabled?是否支持在启用 2FA 的 LibGit2Sharp 中使用访问令牌(jwt)?
using (var repo = new Repository({repo location}))
{
foreach (var file in file)
{
repo.Index.Add(file.Path);
repo.Index.Write();
}
var author = new Signature("{name}", "{name}", DateTime.Now);
var committer = author;
repo.Commit("Here's a commit i made!", author, committer);
var options = new PushOptions();
options.CredentialsProvider = (url, user, cred) => new UsernamePasswordCredentials() { Username = "{username}", Password = "{password}" };
repo.Network.Push(repo.Branches["master"], options);
}
1 个解决方案
解决方案1
0 2020-05-04 16:40:20
Personal Access Tokens (PAT) do bypass MFA so that is probably not the error you're getting.个人访问令牌 (PAT)确实绕过了 MFA,因此这可能不是您遇到的错误。 A PAT is your best option, at the moment of the push you need the remote-url of your local Git repo to be as follows: PAT 是您的最佳选择,在推送时,您需要本地 Git 存储库的remote-url如下:
https://pat:{PAT_HERE}@dev.azure.com/...
eg例如
https://pat:gaakbfootuial7ksj4uv55o52335tyhhaasbqdvbg5xgyy33t754@dev.azure.com/auroraloop/devenv/_git/devenv
Tips:提示:
- The PAT will take the permissions of the Azure DevOps user that generated it so the user must have contribute permissions to the repo. PAT 将获取生成它的 Azure DevOps 用户的权限,因此该用户必须具有对 repo 的贡献权限。
- You cannot automate PAT creation , you must have it upfront stored somewhere, if you don't want to hardcode this (you shouldn't) consider using an Azure Key Vault to store and retrieve the value I'm sure they have c# libraries.您无法自动创建 PAT ,您必须将其预先存储在某处,如果您不想硬编码(您不应该)考虑使用 Azure Key Vault 来存储和检索值,我确信他们有 c# 库。
The options.CredentialsProvider part of your code is probably doing exactly what I mentioned about the remote-url try setting it as follows:您的代码的options.CredentialsProvider部分可能完全按照我提到的remote-url尝试设置如下:
options.CredentialsProvider = (url, user, cred) => new UsernamePasswordCredentials() { Username = "pat", Password = "{PAT_HERE}" };
Hardcode the PAT for testing and if successful take a look at the Azure Key Vault approach.对 PAT 进行硬编码以进行测试,如果成功,请查看 Azure Key Vault 方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.