是否可以使用非交互式的默认Windows凭据对远程Git存储库进行身份验证?
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了是否可以使用非交互式的默认Windows凭据对远程Git存储库进行身份验证?相关的知识,希望对你有一定的参考价值。
我的远程Git存储库由内部TFS服务器托管。有两种方法可以访问其内容:
- 使用TFS Restful API - https://docs.microsoft.com/en-us/rest/api/vsts/git/items/get?view=vsts-rest-4.1
- 使用本机git客户端,例如
git clone
命令
要使用Restful API,可以使用powershell Invoke-RestMethod
命令和-UseDefaultCredentials
,它可以正常工作,没有问题。
但是,使用git clone
,我不知道如何使用默认凭据。 manager credential helper不使用它们。首次使用时,它会要求提供凭据。
所以,我看到的选项是:
- 有一个替代的git客户端,可能具有有限的功能,但足以运行可以使用默认Windows凭据的克隆。
- 有一个可以使用默认Windows凭据的Windows凭据帮助程序。
- 有一个可以使用默认Windows凭据的Windows的askpass实现。
问题是我在网上找不到任何实现这些选项的东西。
编辑1
C:xyzDevOps> $GitApiUrl
http://tfsserver:8080/tfs/DefaultCollection/code/_apis/git/repositories/MyConfigData
C:xyzDevOps> $ProjectName
dev_smoketest56oc
C:xyzDevOps> Test-Path .params.json
False
C:xyzDevOps> Invoke-RestMethod -Uri "$GitApiUrl/items?path=$ProjectName.json&api-version=4.1" -UseDefaultCredentials -OutFile params.json
C:xyzDevOps> Test-Path .params.json
True
正如您所看到的,Restful API可以在不需要凭据的情况下工作。现在让我们尝试git clone:
C:xyzDevOps> $env:GIT_TRACE=1
C:xyzDevOps> git clone http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp a
09:13:21.405748 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
09:13:21.406249 git.c:415 trace: built-in: git clone http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp a
Cloning into 'a'...
09:13:21.430369 run-command.c:637 trace: run_command: git remote-http origin http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp
09:13:21.459149 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
09:13:21.460654 git.c:654 trace: exec: git-remote-http origin http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp
09:13:21.460654 run-command.c:637 trace: run_command: git-remote-http origin http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp
09:13:21.481711 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
09:13:21.539575 run-command.c:637 trace: run_command: 'git credential-manager erase'
09:13:21.642660 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
09:13:21.644162 git.c:654 trace: exec: git-credential-manager erase
09:13:21.644162 run-command.c:637 trace: run_command: git-credential-manager erase
fatal: Authentication failed for 'http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp/'
C:xyzDevOps> $env:GIT_TRACE=0
C:xyzDevOps>
验证失败。
编辑2
在bash控制台上:
$ GIT_CURL_VERBOSE=1
$ curl -v --ntlm -u : http://tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp -o 1.html 2> out.txt
$ curl -v --ntlm -u : http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp -o 2.html 2> out2.txt
文件1.html和2.html似乎代表了浏览器中的存储库的网页,因此两个curl命令都是成功的。
输出文件out.txt和out2.txt非常相似,区别在于时间戳,guids和加密字符串。所以,这里是out.txt(我冒昧地删除空行并擦洗几个字符串):
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 192.168.17.155...* TCP_NODELAY set* Connected to tfsserver (192.168.17.155) port 8080 (#0)* Server auth using NTLM with user ''> GET /tfs/DefaultCollection/code/_git/MyApp HTTP/1.1
> Host: tfsserver:8080
> Authorization: NTLM ***SCRUBBED***
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< WWW-Authenticate: NTLM ***SCRUBBED***
< Date: Thu, 15 Nov 2018 23:07:58 GMT
< Content-Length: 341
<
* Ignoring the response-body{ [341 bytes data]
100 341 100 341 0 0 642 0 --:--:-- --:--:-- --:--:-- 642* Connection #0 to host tfsserver left intact* Issue another request to this URL: 'http://tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp'* Found bundle for host tfsserver: 0x4116f20 [can pipeline]* Re-using existing connection! (#0) with host tfsserver* Connected to tfsserver (192.168.17.155) port 8080 (#0)* Server auth using NTLM with user ''> GET /tfs/DefaultCollection/code/_git/MyApp HTTP/1.1
> Host: tfsserver:8080
> Authorization: NTLM ***SCRUBBED***
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Expires: -1
< Server: Microsoft-IIS/8.5
< X-TFS-ProcessId: e5b67424-832f-468b-8787-c7c05aef5396
< ActivityId: 50f62941-8163-4ee9-9c2b-81359ca72838
< X-TFS-Session: 50f62941-8163-4ee9-9c2b-81359ca72838
< X-VSS-E2EID: 50f62941-8163-4ee9-9c2b-81359ca72838
< X-FRAME-OPTIONS: SAMEORIGIN
< X-VSS-UserData: 34be4ed8-c4fd-4e9f-bdae-d1843df36b0f:mkharitonov
< X-AspNetMvc-Version: 4.0
< X-AspNet-Version: 4.0.30319
< Set-Cookie: __RequestVerificationToken_L3Rmcw2=***SCRUBBED***; path=/; HttpOnly
< Set-Cookie: __RequestVerificationToken27563503a-8c73-4ee0-8930-e1f466b255f5=***SCRUBBED***; path=/; HttpOnly
< Persistent-Auth: true
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Thu, 15 Nov 2018 23:07:58 GMT
< Content-Length: 120608
<
{ [183 bytes data]
100 117k 100 117k 0 0 167k 0 --:--:-- --:--:-- --:--:-- 167k* Connection #0 to host tfsserver left intact
我无法验证它到底,但可能你应该在config(命令http.emptyAuth
)中将true
设置为git config --global http.emptyAuth true
。至少在设置它之后我的git 2.19.1.windows.1已经向服务器发送了一个Authorization: Negotiate ...
标头,该服务器通告了这个协议。
底线:
git config --global http.emptyAuth true
是否LFS不在图片中。如果涉及LFS,则在:@
前加上主机名,例如:
http://:@tfsserver:8080/tfs/DefaultCollection/code/_git/MyApp
以上是关于是否可以使用非交互式的默认Windows凭据对远程Git存储库进行身份验证?的主要内容,如果未能解决你的问题,请参考以下文章
是否可以使用 Pymssql 通过域(Windows)用户帐户远程访问 SQL Server 2012
远程桌面连接输入用户名和密码以后提示“您的凭据不工作”无法登陆