1

The situation: In a standard scenario, it is easy to add a connection to a TFS 2013 server inside Visual Studio to TFS. The dialog box "Add team foundation server" is pretty simple, and this work fine when you and the TFS server are in the same domain. And when you open VS again, the connection is made up automatically again.

Now we want to connect developers from outside to our TFS behind our firewall.

The problem:

Short version: I need a mechanism to enter a userid and a passphrase BEFORE connecting to the TFS via AD credentials (which occurs automatically vie NTML).

Long version: We want to use the mechanism of a 'Reverse Proxy', used in combination with a RSA SecurID hardware key. This works fine, when a developer browses the Web Portal of a team project in a browser. The only thing which is different than in the standard scenario: There is a web form, which shows up, and you have to enter your UserId and - no, not the AD password - the passphrase of the SecurID, 6 digits, which gets updated every minute on the SecurID token. This is 2-factor-authentication to get through the reverse proxy.

This works fine in a browser, but not in Visual Studio (developer tasks you can only do in VS, like check-out, check-in a.s.o). so there has to be a dialog, where you can enter the userid AND the passphrase BEFORE Visual Studio attempts to connect to the inside TFS. But this is not implemented out-of-the-box, just an error message occurs, with a 500 HTTP status. Of course, the reverse proxy mechanism needs this userid and passphrase from the SecurId Key, and you have to type in manually.

The question: Is there a way to change or implement a custom add-in or whatever, that a dialog box appears, where we can enter the userid and passphrase?

This has to happen in 2 scenarios: First, when you want to ADD an new TFS to your TFS list via the dialog box "Add team foundation server". Second, when you open Visual Studio and it wants to connect to this already added TFS again.

The code to connect itself I have already in a simple console app, first send the POST with userid and passphrase to the TFS (in reality to the Reverse Proxy authentication). A cookie comes back, and with this cookie I can access any web service of the TFS, and VS also uses this web services only. So I also have to add this cookie to the calls to the TFS web services, this means there has to be a way to tell the Visual Studio TFS "interface" to use this cookie with every web service call.

I searched some hours for a hint if and how this is possible, so I hope it is permitted to ask this question here. I checked, if a custom source control plug-in would be such a hook into, but I believe all action in such a custom plug-in happens AFTER the connection. I tried a basic source control plug-in (from the VS SDK), it works, I tried to catch the method where the connection is made, this is not inside this framework/interface.

Additional note: I already opened a Premier ticket at Microsoft, no answer til now. I think this is very special, and I'm not sure if they can even find the specialist who could answer this question ;-)

Manuel Berger
  • 95
  • 6

1 Answers1

0

It seems you want to use the Visual Studio 2013 behind a proxy server. The proxy address must be entered manually in an XML-file:

1.Find devenv.exe.config (the devenv.exe configuration file) in: %ProgramFiles%\Microsoft Visual Studio 12.0\Common7\IDE (or %ProgramFiles(x86)%\Microsoft Visual Studio 12.0\Common7\IDE).

2.In the configuration file, find the <system.net> block, and add this code:

 <defaultProxy enabled="true" useDefaultCredentials="true">
     <proxy bypassonlocal="True" proxyaddress="http://<yourproxy:port#>"/>
 </defaultProxy>
Cece Dong - MSFT
  • 29,631
  • 1
  • 24
  • 39
  • Thank you for this tip. I tried this with every combination, and it does not work. The main reason is: A Reverse Proxy does not work like an internal web proxy. The Reverse Proxy (Forefront TMG) always show a form, where you have to enter userid and a passphrase, and send it via POST. And Visual Studio is not able to pop up in this scenario. The funny thing is, if you connect to VS online, then a dialog is shown to enter userid/pw. Just try to connect to https://dummy.visualstudio.com at "add TFS" and you will get this dialog. But I cant find out if and how I can use this functionality. – Manuel Berger Mar 23 '16 at 16:10
  • If you remove all credentials stored on your PC, and remove the TFS server, you'll also get a login windows, do you want this? – Cece Dong - MSFT Mar 25 '16 at 09:09
  • @"Cece - MSTF" Now I found out what is the problem, and I'm working for a solution on it: Visual Studio contacts "Visual Studio Team Services" (formerly Visual Studio Online) via OAuth. Our Reverse Proxy uses Microsoft Forefront Unified Access Gateway (UAG), and OAuth is not used or activated. So I will try this. When I'm successful, I will post the steps to implement/configure this as answer. MS Forefront mainstream support ended on Nov 2012, extended supported will end 2020. This means in the long run we have to use another product (may Sophos) – Manuel Berger Mar 30 '16 at 12:14