I am using TFS/DevOps .Net client library (soap based) to interact with DevOps.
However I am having problems to impersonate as another user, and DevOps always return me an error:
UserX needs the following permission(s) to perform this action: Make requests on behalf of others
This is despite I have assigned this permission to the user in one of the collection groups under organization settings in DevOps. I have even added this user as a member of the Project Collections Administrator.
Is there any other permissions I need to grant or is there a specific collection group where I need to assign this permission?
Edit to add codes. Below are the codes I am using. Additional note, the code is working fine with on-prem TFS and I am using PAT to authenticate. The user we are trying to impersonate is a user in our Azure AD.
It just wouldn't work when we try with DevOps. The code will fail at the second EnsureAuthenticated() call:
var configurationServer = new TfsConfigurationServer(new Uri("https://xxxx"),
new VssCredentials(new VssBasicCredential(
string.Empty,
"xxxxxx"
)));
configurationServer.EnsureAuthenticated();
var identityService = configurationServer.GetService<IIdentityManagementService>();
// Look up the user that we want to impersonate
TeamFoundationIdentity identity = identityService.ReadIdentity(
IdentitySearchFactor.AccountName, "xx@xx.xxx", MembershipQuery.None, ReadIdentityOptions.None);
var impersonatedconfigurationServer = new TfsConfigurationServer(new Uri("https://xxxx"),
new VssCredentials(new VssBasicCredential(
string.Empty,
"xxxxxx"
)), identity.Descriptor);
impersonatedconfigurationServer.EnsureAuthenticated();
Thanks.
