Enhanced Security Error while Visual Studio Team Services Rest API

Question

I'm currently trying to use the Rest APIs exposed by Visual Studio Team Services (was Visual Studio Online) to obtain work item information. I seem to be able to connect however when I look at the response to my query its a html page with a Enhanced Security Error message. I believe that this is due to the Enhanced Security option in IE but I'm calling this from my client machine and I can only see options on how to turn this off on a server.

this is the call i'm making

using (var client = new HttpClient())
        {
            var token =     "xxxxxxxxxxxx";
            var apiVersion = "1.0";

            var account = "xxxxxxxx";
            var query = "Select [System.Id] From WorkItems Where[System.WorkItemType] = 'WorkItem' order by [System.CreatedDate] desc";

            var url = "https://" + account + ".visualstudio.com/Core/_apis/wit/";

            // Execute a query that returns work item IDs matching the specified criteria
            using (var request = new HttpRequestMessage(HttpMethod.Post, url + "wiql"))
            {
                request.Headers.Add("Authorization", "Bearer " + token);
                request.Headers.Add("Accept", "application/json;api-version=" + apiVersion);

                Dictionary<string, string> body = new Dictionary<string, string>
            {
                {
                    "query", query
                    }
            };

                request.Content = new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json");

                using (var response = await client.SendAsync(request))
                {
                    var content = await response.Content.ReadAsStringAsync();
                    var workItems = JObject.Parse(content)["workItems"] as JArray;

                    string[] ids = workItems.Select<JToken, string>(w => (w["id"] + "")).Take(10).ToArray<string>();
                    string idsString = String.Join(",", ids);

                    // Get details for the last 10
                    using (var detailsRequest = new HttpRequestMessage(HttpMethod.Get, url + "workitems?ids=" + idsString + "&fields=System.Id,System.Title"))
                    {
                        detailsRequest.Headers.Add("Authorization", "Bearer " + token);
                        detailsRequest.Headers.Add("Accept", "application/json;api-version=" + apiVersion);

                        using (var detailsResponse = await client.SendAsync(detailsRequest))
                        {
                            var detailsContent = await detailsResponse.Content.ReadAsStringAsync();
                            var detailsWorkItems = JObject.Parse(detailsContent)["value"] as JArray;

                            foreach (dynamic workItem in detailsWorkItems)
                            {
                                Console.WriteLine("Work item: {0} ({1})",
                                    workItem.fields["System.Id"],
                                    workItem.fields["System.Title"]
                                );
                            }
                        }
                    }
                }
            }
        }

any help with this would be appreciated,

thanks

Chris

The response when I call the sendasync method is simply a html page. On inspection it gives the endhanded security message — chrisblue13, Sep 24 '16 at 22:11
Does it work if disable Internet Explorer Enhanced Security Configuration? — Eddie Chen - MSFT, Sep 26 '16 at 03:30

starian chen-MSFT · Answer 1 · 2016-09-27T11:28:46.970

1

You can add related sites to trusted sites (for example: https://app.vssps.visualstudio.com, https://login.live.com etc…).

Internet option=>Security
Select Trusted sites
Click sites
Type website address and click add

The simple way to know which URLs need to be added, you could send a simple Get Rest request (e.g. get work item REST API), it will pop up a window that contains site URL (will pop up many times for different URL), add these URL to trusted sites list.

Update:

Based on the response result, it isn’t related to enhanced security, the result means it isn’t authenticated. So the token is invalid, it is access token of OAuth, you need to get access token after register your app to VSTS.

More information, you can refer to this article.

There is a OAuth sample that you can refer. After you get access token, add it to request header and retrieve data from VSTS.

If you want to access VSTS through personal access token, the code like this: (check this article)

try
    {
        var username = "username";
        var password = "password";

        using (HttpClient client = new HttpClient())
        {
            client.DefaultRequestHeaders.Accept.Add(
                new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));

            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",
                Convert.ToBase64String(
                    System.Text.ASCIIEncoding.ASCII.GetBytes(
                        string.Format("{0}:{1}", username, password))));

            using (HttpResponseMessage response = client.GetAsync(
                        "https://{account}.visualstudio.com/DefaultCollection/_apis/build/builds").Result)
            {
                response.EnsureSuccessStatusCode();
                string responseBody = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseBody);
            }
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.ToString());
    }

edited Sep 27 '16 at 11:28

answered Sep 23 '16 at 08:53

starian chen-MSFT

33,174
2
29
53

thanks for your help. I have add the relevant urls to trusted sites but it still does not work. – chrisblue13 Sep 24 '16 at 21:25
@chrisblue13 What's the result if you send a REST request through internet explorer? (https://www.visualstudio.com/en-us/docs/integrate/api/wit/work-items#by-ids) – starian chen-MSFT Sep 26 '16 at 01:29
works fine through the browser. Just not through visual studio. – chrisblue13 Sep 26 '16 at 10:55
@chrisblue13 What's your operation system and internet explorer? Disable Enhanced Security (client machine): 1. Open IE 2. Tools=>Internet option=>Advanced 3. In security section, there is Enhanced Security Protected Mode – starian chen-MSFT Sep 26 '16 at 11:07
@chrisblue13 Your Query statement is incorrect: Where [System.WorkItemType] (add whitespace after where) – starian chen-MSFT Sep 26 '16 at 12:14
Enhanced security is turned off in ie already. One thing I've noticed is that when I'm in visual studio and click on the url inside my code snippet it redirects and logs me into my vsts instance. There is a message displayed that says I'm using an incompatible browser. When I click on the link it takes me to a page saying that ie 10 is not supported. It's strange because I have ie 11 installed – chrisblue13 Sep 26 '16 at 20:18
@chrisblue13 The issue of incompatible browser isn't related to your issue (I have same issue in VS 2015). I need to check detail response result, you can share it on the OneDrive. – starian chen-MSFT Sep 27 '16 at 03:06
Hi starain I have ammended the query but still getting the same message – chrisblue13 Sep 27 '16 at 08:37
@chrisblue13 You can share response details on the OneDrive. – starian chen-MSFT Sep 27 '16 at 08:39
@chrisblue13 I can't access it. About sharing file: https://support.office.com/en-us/article/Share-OneDrive-files-and-folders-9fcc2f7d-de0c-4cec-93b0-a82024800c07?ui=en-US&rs=en-US&ad=US – starian chen-MSFT Sep 27 '16 at 09:16
1

@chrisblue13 Based on the response result, it isn't related to enhanced security, I updated my answer, you can check it. – starian chen-MSFT Sep 27 '16 at 11:29
1

@chrisblue13 Do you success getting data from VSTS with my solution? – starian chen-MSFT Sep 29 '16 at 01:51

Enhanced Security Error while Visual Studio Team Services Rest API

1 Answers1

Linked