I have an ASP.NET MVC app that uses the TFS client libraries to access an on-premises TFS server. The app uses Windows authentication on a Windows domain and the default credentials are used in the connection to TFS.
I need to extend the app to also access an Azure DevOps organization. I tried creating a VSSConnecton object and using a personal access token (PAT) like this:
VssConnection connection = new VssConnection(accountUri, new VssBasicCredential(string.Empty, personalAccessToken));
WorkItemTrackingHttpClient witClient = connection.GetClient<WorkItemTrackingHttpClient>();
The PAT is not used though. The user's Windows credentials are passed thru regardless of which overload I use in the VssBasicCredential method.
Even though the Azure AD is being sync'd from the Windows AD domain, the user is seen as a different object and doesn't have access to Azure DevOps. Because the Azure AD user and the local Windows user have the same username ([email protected]) I also can't add the local Windows user as an external user in Azure.
Is there a way to authenticate to Azure DevOps using a PAT (or other alternative credentials) from an ASP.NET app using Windows authentication?
