stackoom
  简体   繁体   中英

Azure Pipeline "Forgets" Authentication When Using TF.exe

 原文  2020-12-30 21:12:33       powershell/ azure-devops/ azure-pipelines

Question

  • Using an on-premises build server with Azure DevOps Services
  • Build agent configured to use an AD account with administrative privileges on the build server
  • Pipeline executes a Powershell script which, in turn, executes the tf.exe utility
  • Specific command is tf.exe vc workspaces /collection:[Azure collection address]
  • Command fails with F30063: You are not authorized to access [Azure collection address]
  • Thought the problem could be resolved by providing the build agent's user/pass with the /login switch. But this seems to make no difference to the workspaces command

This problem can be temporarily resolved by:

  • Log onto build server using the same account that is used by the build agent
  • Open a Visual studio command prompt
  • Run the command: tf.exe vc workspaces /collection:[Azure collection address]
  • At this point, the Microsoft login screen is displayed eg
  • Provide the login with the build agent's credentials
  • Command runs successfully
  • If the pipeline is run again after this, it will run successfully as well
  • But after an seemingly variable period of time (sometimes days), this authentication appears to expire and the pipeline begins throwing the "unauthorized access" error again
  • Then the "fix" with the command line needs to be repeated

What needs to be done to persist the authentication within the pipeline (or Powershell script) so the account information does not need to be manually reentered?

2 answers

solution1
 0  2020-12-31 08:06:42

By default the Visual Studio will cache the credentials automatically. And if we want to change the login credentials information, we need to clear the caches and re-enter the new credentials.

  1. Open Command Prompt window and navigate to Visual Studio installation path: cd Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE
  2. Start your Visual Studio use runas command: runas .netonly /user:TFSCredentialUser devenv.exe
  3. Now it will prompt you type the password of the user. Please type your new password to open your Visual Studio. If you type the wrong password, it will prompt you type the password again after Visual Studio starting.

You could also refer to this ticket to clean the credentials

solution2
 0  2021-01-05 07:36:08

You can have a try using the System.accesstoken to login in the build pipeline by specifying the /loginType:OAuth . See below example:

tf.exe workspaces /collection:https://collection.visualstudio.com/ /loginType:OAuth /login:.,$(System.AccessToken) /noprompt

In order to access the System.accesstoken in your pipeline. You need to edit your pipeline and click on the agent job node where the command line task will be running under then select ”Allow scripts to access the OAuth token”. See here for more information.

Please also check out this similar thread.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question TF.exe Git Permission Authentication Issue TF.exe and TfSecurity.exe authentication on AzureDevOps OAuth usage in tf.exe Using tf.exe in Powershell says All files are up to date Check if credentials are cached for tf.exe Powershell and TFS: tf.exe versus Power tools TFS cmdlets? Calling TF.exe from PowerShell script in TeamCity Only return Label property from TF.exe in Powershell How to handle tf.exe errors in PowerShell script Expand output of TF.exe results from PowerShell
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM