Terje Sandstrom

------ Visual Studio ALM MVP ----- (also see new blog at http://hermit.no)

  Home  |   Contact  |   Syndication    |   Login
  64 Posts | 1 Stories | 116 Comments | 0 Trackbacks

News

Subscribe

Delicious Save this on Delicious Visual Studio Feeds

¨

Tag Cloud


Archives

Company stuff

Interesting bloggers

Interesting companies

Microsoft

Microsoft Norge

Microsoft Regional Directors

Microsoft Test

MSFT Blogs

MVP

NNUG

Other interesting stuff

TFS

Visual Studio

Forms authentication is not what “they” normally recommend from a  security point of view, but in some cases it solves access problems. Particularly for companies which doesnt allow the Windows authentication protocol to pass, and those companies do exist.  To enable it in TFS 2010 is a bit more than a oneliner.  The recipe below shows you how to enable it. 

One has to change the web.config file for the Web Access. There are instructions within the file, but those instructions are incorrect and don’t work as intended.  This is probably leftovers from the 2008 version.

A bit down in the file it says:

<!-- For Integrated Windows Authentication, set Authentication Mode to "Windows"

    For Forms authentication, set it to None -->

    <authentication mode="None"/>

This is incorrect.  Change it and add the following instead :

<authentication mode="Forms"> 

        <forms loginUrl="UI/Pages/Login.aspx"

           protection="All"

           timeout="30"

           name=".ASPXAUTH"

           path="/"

           requireSSL="false"

           slidingExpiration="true"

           defaultUrl="default.aspx"

           cookieless="UseDeviceProfile"

           enableCrossAppRedirects="false" />

    </authentication>

 

Also note that the setting at the top of the file:

<webAccessSettings>

    <!-- Specifies whether the login form is enabled. If disabled, only

    Integrated Windows Authentication is allowed. -->

    <formsAuthentication enabled="true" />  

 

has no effect at all.   It can safely be ignored.

posted on Wednesday, March 3, 2010 12:40 PM

Feedback

# re: How to enable Forms authentication in Team Foundation Server 2010 Web Access 10/3/2010 9:14 AM fat
Yes! code copied and has been tried. works like charm thanks to you. :D

# re: How to enable Forms authentication in Team Foundation Server 2010 Web Access 10/25/2012 9:07 AM Otto
Hej Terje,

do I have to do anything more than this? I made this change, but still get a windows login popup. And if I enable anonymous (iusr) access and disable the 'integrated windows auth' for the web vdir in IIS I get: "You are not authorized to access this page. Please contact your project administrator." when I try to access tfs/web. I expected to get a login form. Any ideas what I'm doing wrong?

Post A Comment
Title:
Name:
Email:
Comment:
Verification: