Skip to content
This repository has been archived by the owner on Feb 12, 2023. It is now read-only.

Support private repositories with authentication #37

Closed
GeertvanHorrik opened this issue Sep 2, 2014 · 15 comments
Closed

Support private repositories with authentication #37

GeertvanHorrik opened this issue Sep 2, 2014 · 15 comments
Assignees
Milestone

Comments

@GeertvanHorrik
Copy link
Contributor

Support private repositories.

@GeertvanHorrik GeertvanHorrik self-assigned this Sep 2, 2014
@GeertvanHorrik GeertvanHorrik added this to the 2.1 milestone Sep 2, 2014
@maartenba
Copy link

Would love to see this!

@GeertvanHorrik
Copy link
Contributor Author

We could do this because we can inject custom commands into the pdb files. However currently I am a bit overloaded with work, but I hope this will change in the near future so I can implement this.

@GeertvanHorrik GeertvanHorrik modified the milestones: 2.2.0, 2.1.0 Dec 19, 2014
@GeertvanHorrik GeertvanHorrik modified the milestones: 2.2.0, 2.3.0 Jan 7, 2015
@GeertvanHorrik
Copy link
Contributor Author

I am still considering this, but we should never store the username / password in the pdb files, so we need something to work around this (ask for credentials on the client machine).

@AArnott
Copy link
Contributor

AArnott commented Mar 13, 2015

Thanks for being security conscious, @GeertvanHorrik.

Check out this guide for using the Windows Credential store to store the account information.

@GeertvanHorrik
Copy link
Contributor Author

I'll look into it. See http://www.codeproject.com/Articles/245824/Sourcepack-indexing-PDB-files-with-source-archive, it shows how to run custom commands. We should focus on SRCSRVCMD. It might be a custom app we will ship next to the pdb files (but is that something we really want to do?).

@AArnott
Copy link
Contributor

AArnott commented Mar 13, 2015

Good point. Probably not, although an exe could be shipped in the NuGet package's tools folder so at least it doesn't tend to result in the consumer shipping the .exe with their app.

@AArnott
Copy link
Contributor

AArnott commented Mar 13, 2015

Maybe you can write a small powershell script that does the WinCred interaction and your SRCSRVCMD can invoke powershell with the script carried as an argument?

@GeertvanHorrik
Copy link
Contributor Author

Yep, good idea. Will look into it as soon as I have time (a few deadlines coming up soon, and today everything I touch breaks, so not a good day).

@GeertvanHorrik
Copy link
Contributor Author

We implemented native credential prompters in another lib. Maybe we can re-use part of that code so we can safely store the credentials inside the windows vault instead of inside the pdb files.

@ctaggart
Copy link

ctaggart commented Jul 6, 2015

Visual Studio will prompt for a username and password if the source server responds with a HTTP 401. Unauthorized. In order to make GitHub private repositories compatible, I created a basic http proxy. This solution should work with GitLink users as well. Details here:
http://blog.ctaggart.com/2015/07/sourcelink-10-with-private-github.html

@marcind
Copy link
Contributor

marcind commented Nov 7, 2015

Hi all,
will you guys be able to make any progress on this soon? I'm really interested in getting this working. @ctaggart 's proxy service is good enough for my needs, however it doesn't work with GitLink because the github provider strictly matches the URL points at github.com (which is different for the proxy service). Looks like I could achieve what I want by writing my own provider, but that extensibility doesn't seem to be there either (per #36).

In general I agree that using something like the windows credential store would be the best, but until then I'd like to get a workaround going. Before I create a private build, I wanted to see if there's anything I could contribute to the project to enable this scenario.

Thanks

@ctaggart
Copy link

ctaggart commented Nov 7, 2015

@marcind, have you tried using SourceLink.exe instead? It doesn't limit the URL. http://ctaggart.github.io/SourceLink/

@GeertvanHorrik
Copy link
Contributor Author

@marcind, thanks for contacting. Would the ability to specify a custom url be sufficient? That is just a few changes:

  1. Introduce parameter in context and parser
  2. Override url and use custom provider

I am currently on holiday, but if you want you can try a PR if you are interested. If not, I will look into it next friday or so.

@marcind
Copy link
Contributor

marcind commented Nov 9, 2015

I've prepared a PR that with a fairly small change handles a bunch of open issues. See the PR for details.

I'm not sure how much my approach matches with what you were suggesting, but it felt like the simplest way to achieve the goal without having to modify any of the binary contracts (in case you guys subscribe to semver). Let me know what you think.

GeertvanHorrik added a commit that referenced this issue Nov 12, 2015
(#37) Add CustomRawUrlProvider to enable arbitrary content URLs
@GeertvanHorrik
Copy link
Contributor Author

Still needs a proxy, but I will leave it to the end-users if they want to go that route (the proxy will need credentials, so might be a possible security issue if not done / hosted correctly). But custom urls are supported thanks to @marcind so this is supported.

Closing the issue, feel free to re-open if you feel this is incorrect.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants