Search code examples
tfstfvctfs-proxy

TFS 2018 Authentication through TFS-proxy server

We are building a separated network. All VMs are connected only to Each Other and to TFS-Proxy server. No internet or other connection allowed When configuring the TFS proxy on Visual Studio 2015, I have only the following option

Use TFS proxy for file downloads

I don't see an option to pass authentication and on the Team Explorer I get the error

Team Explorer error message

Setting on the TFS-Proxy itself

TFS Proxy configuration

The TFS server is on a domain OnPrem TFS version 2018.1

Solution

  • You can't connect through the TFS proxy, the TFS proxy is used to cache some files locally, but the primary connection is still to the TFS server directly. Its purpose is to download TFVC files and Work Item attachments from the local network without having to fetch them all from a central server. This can speed up your workspace syncs considerably when you have branch offices with slow internet connections that connect to a central TFS server in the HQ.

    You can configure your Windows machine to use an HTTP proxy in the Internet Settings and the connection to TFS will pass through that. You can use the HTTP proxy together with the TFS Proxy.

    You will need to configure Git to connect to the TFS server through the proxy separately.

    git config --global http.proxy http://proxyUsername:proxyPassword@proxy.server.com:port

    In all cases, you need to enter the actual FQDN of the TFS server in Team Explorer, the TFS proxy in the TFVC settings and the HTTP proxy in your Internet Settings for Windows.

    TFS proxy URL entered here:

    TFVC Proxy entered here

    HTTP proxy url entered here:

    HTTP proxy entered here

    TFS Server FQDN entered here:

    enter image description here

    Ideally, all of the proxy servers involves are configured to authenticate using NTLM/kerberos and are using SSL. That should make the client configuration smoothest.

    Direct connection with TFS proxy

    ----------        |     --------------
| CLIENT |------------->| TFS Server |
----------              --------------
     |            |           ^
     V                        |
-------------     |           |
| TFS PROXY |------------------
-------------     
                  |

    Proxied connection with TFS proxy and HTTP proxy

    ----------               |            --------------
| CLIENT |------                  --->| TFS Server |
----------     |  --------------  |   --------------
     |         -->| HTTP PROXY |---  
     V         |  --------------
-------------  |             
| TFS PROXY |---         |
-------------

    Proxied connection with TFS proxy and HTTP proxy on the same machine

    This setup is cost-efficient but enlarges the attack surface on the HTTP proxy.

    ----------               |            --------------
| CLIENT |---                     --->| TFS Server |
----------  |     --------------  |   --------------
     |      ----->| HTTP PROXY |---  
     ------------>| &TFS PROXY |
                  --------------

                         |