0

I've been writing a custom TFS 2013 server plugin for my company that automatically creates tasks whenever a new bug or product backlog item is created. While debugging I can see it detecting the new work item, but when it tries connect to the TfsTeamProjectCollection it throws TF30063 exception saying I'm not allowed to access the server. What baffles me is, in an attempt to see if the code after that worked, I made a simple client-side form application with the exact same code to connect to the server and it worked flawlessly.

The code I'm using to connect with is:

    string tfsUri = string.Empty;
    tfsUri = @"http://companytfsserver:8080/tfs/defaultcollection";
    TfsTeamProjectCollection tfs = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri(tfsUri));
    tfs.EnsureAuthenticated();

I've also tried manually setting the credentials, but no luck. Also, if it helps, I used this as my guide: http://geekswithblogs.net/BobHardister/archive/2012/10/08/automatically-create-bug-resolution-task-using-the-tfs-2010-api.aspx

I read through a ton of documentation of people getting the same exception, but none of what I found seemed relevant to this particular situation, so any help would be greatly appreciated!

*Update: After more digging and testing, it's possible it may have something to do with our application tier. I'll have to wait for the IT guy that's familiar with that particular system to get back from a conference (Monday, I think), but I'll update once I find out for sure.

**Update: I finally figured it out and I can't believe how simple it was. It turns out the URI that's used to connect via client app does not work when it's used in an app tier server plugin. Instead, it has to be localhost:8080/tfs/defaultcollection. Makes perfect sense to me now, but it never even crossed my mind before.

Josh Sherman
  • 1
  • 1
  • The server will connect back with the TFS Service account, You may need to give the account explicit permissions on the Prioject(collection). PS why not use the TFS Aggregator? we've worked through most of these issues for you. https://github.com/tfsaggregator/tfsaggregator/releases – jessehouwing Jun 22 '16 at 20:49
  • Check our troubleshooting wiki entry for tips as well: https://github.com/tfsaggregator/tfsaggregator/wiki/Troubleshooting – jessehouwing Jun 22 '16 at 20:50
  • Thanks for the input. This is something I've briefly looked into and may end up using if I can't get my plugin working. – Josh Sherman Jun 23 '16 at 12:42
  • You may want to check the security configuration of the server. Is it using NTLM, Basic Auth, Kerberos? Is the server SSL secured and is the certificate trusted? These things can cause your direct API calls to fail with security errors and may cause the API to connect as an anonymous user. – jessehouwing Jun 23 '16 at 13:29

1 Answers1

0

Just as jessehouwing says, since you are using collection uri "http://companytfsserver:8080/tfs/defaultcollection" You must have permissions on the Prioject(collection) with your account and TFS service account.

// Connect to TFS Work Item Store
ICredentials networkCredential = new NetworkCredential(tfsUsername, tfsPassword, domain);
Uri tfsUri = new Uri(@"http://my-server:8080/tfs/DefaultCollection");
TfsTeamProjectCollection tfs = new TfsTeamProjectCollection(tfsUri, networkCredential);
WorkItemStore witStore = new WorkItemStore(tfs);
PatrickLu-MSFT
  • 49,478
  • 5
  • 35
  • 62
  • I appreciate the response. That was actually the very first thing the lead engineer checked for me. While I have no reason to doubt him, I will definitely have him double check it. I'm only an intern and very much a novice at this so forgive me if this is a dumb question, but if I'm able to authenticate with the server through a test client app I wrote using the exact same code to connect, would that mean that the permissions are set properly? Thanks again. – Josh Sherman Jun 23 '16 at 12:40
  • If you can connect to TFS with a test client app,Did this error occurs with the connection to work item. Could you give a try with the code above ? – PatrickLu-MSFT Jun 23 '16 at 13:35
  • The error occurs the moment the TfsTeamProjectCollection gets assigned. I've tried using the above code with the server plugin to no avail, but out of curiosity I tried it in my working client app with the TFSSERVICE credentials and that also threw the exception. I took it a step further and started Visual Studio as a different user with the TFSSERVICE logon and same thing. This certainly makes it seem that the TFSSERVICE account is lacking permissions, but when we look at it, it has all the permissions allowed. Very curious. – Josh Sherman Jun 23 '16 at 18:47