Why can I programmatically connect to my Visual Studio Online Project without Credentials?
Question
I have a ASP.NET application and wanted to display the last few changesets on a Page. With this Code I get the latest Changesets:
TfsTeamProjectCollection projectCollection
= TfsTeamProjectCollectionFactory.GetTeamProjectCollection(
new Uri("https://my.visualstudio.com/DefaultCollection"));
var versionControl = projectCollection.GetService<VersionControlServer>();
var history = versionControl.QueryHistory(
path: "$/project",
version: VersionSpec.Latest,
deletionId: 0,
recursion: RecursionType.Full,
user: String.Empty,
versionFrom: null,
versionTo: VersionSpec.Latest,
maxCount: 5,
includeChanges: false,
slotMode: true);
foreach (Changeset change in history)
{
[...]
}
I didn't expect it to work at first, but then it worked like a charm, without Credentials. This makes me slightly nervous as I didn't change any Permissions on the project let alone make it "public" (if this is even possible). If I browse to the Project anonymously in a Browser I have to Login with my Live-ID.
So can anyone access my data if he has the adress? And how can I disable this?
1 answers
solution1
3 ACCPTED 2014-09-27 11:28:44
You have a cookie authenticating you to VSOnline. Try logging out in your browser and you'll note that you cannot authenticate with your code.
You need to set up alternate credentials in order to authenticate programmatically: http://www.visualstudio.com/integrate/get-started/get-started-auth-introduction-vsi
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.