I want to connect to my TFS from a non-domain-joined machine (Azure role), so that machine must somehow authenticate to my TFS. I know how to do it with username+password, but I'd rather not save that on the machine.
So, I want to Configure my TFS for client certificate authentication, issue a client certificate for a domain user, install it on the Azure role, and use it to connect.
The article above says to use tfpt tweakui (which may actually be tfpt connections), but that doesn't have any UI for it.
But either way, I want to connect using TFS API. But, I don't know how:
// ------- I know username+password... -------------------
var NetCreds = new System.Net.NetworkCredential("username", "password"); // No certificate here
var collection2 = new TfsTeamProjectCollection(new Uri("myuri"), new TfsClientCredentials(new WindowsCredential(NetCreds)));
// ------- And I know how to get a certificate... --------
var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, "Thumbprint-that-I'll-provide", validOnly: true);
X509Certificate2 cert = certCollection.OfType<X509Certificate2>().Single();
// -------- But how to connect with it? ------------------
var TfsCreds = new TfsClientCredentials(cert); // Nope, no such method...
var collection = new TfsTeamProjectCollection("myuri", TfsCreds);
So, how can I connecto to TFS using client certificate authentication?
That page needs to be updated. There's an important comment at the end that says the following. You will need to use these newer commands.
One thing that has changed for TFS 2010 is that the older tfsadminutil configureconnections command on the server side has been replaced with tfsconfig certificates (http://msdn.microsoft.com/en-us/library/ee349260.aspx). On the client side the tf certificates command replaces tfpt tweakui.