Publish Build Tasks to TFS 2015 without configuring Basic Auth on the server


When you want to publish build tasks to a TFS 2015 server, you need a Basic Authentication enabled endpoint. Unless your server is configured with SSL, this is a major security concern. Until now the guidance I received was to setup a second Application Tier, configure it with Basic Auth and configure it to only accept traffic from localhost. The sole purpose of that machine is then to upload build tasks and later probably extensions to a TFS 2015 server.

Today I found a neat little trick that removes this need. Fiddler to the rescue!

Start Fiddler and enable it's option to auto-authenticate:

Now open the command prompt and configure the proxy using an environment variable to instruct Node.js to use Fiddler as a proxy server, the default is port 8888:

C:\>set http_proxy=http://localhost:8888

Then configure your account in tfx and force it to use basic auth:

C:\>tfx login --auth-type basic --service-url http://jessehouwing:8080/tfs/DefaultCollection

You'll be prompted for a username and a password, it doesn't really matter what you enter, fiddler will handle the authentication for you in the background:

As long as Fiddler is running and configured to handle auth, you can use tfx against your TFS 2015 server.

Most Reading