Question about authentication through VPN??

Hot Topic

How to Enumerate Area's?
To see what a load test is can I run a load test on my computer alone?
When querying on Work Item Type the list with vaues are missing the new workitems
Extending the Project Creation Wizard without a new UI screenHi
ProfileLevel.Process level not working in profiler
Correct name: TFS Version Control or TFS Source Control
ExceptionException Attribute message argument ignored
Newbie confusion on TFS and VS.NET. Enlightment needed.
getting select data records in a VS 2005 web test data binding scenario
Help me justify TeamSystem to my boss.

VS Team System

View non-checked-in folders/files in Team Explorer
Build server output folder
TF80071 connecting MPP to Team project
Warehouse processing problems
Areas not updating immediately when Adding an Area via Team Explorer
Web Recordings not getting inserted in script
Problems with Branching
Technical Differences btw. VS Load Test and Load Test Agents and Controllers
Seperation of Team Foundation Server and Windows SharePoint Services
Several issues with TeamBuild, July CTP

Question about authentication through VPN??

Hi,
We have some long term contract developers that work for us - we provide them a VPN account to get into our network and I was wondering if that will work the the TFS client   the user logs into their computer using either the domain account or local account (not sure which one) then VPN's to our network - question is, with the TFS integration with AD, does that work through only a VPN connection or does the user "really have to be logged into our domain"

Also with the proxy server addition, if we place a proxy server at their site, does that have to be part of the domain   I would assume that needs a VPN connection too

some clarification on how this works would be helpful.

Thanks
Dave


Answer this question

Question about authentication through VPN??

  • Jason_Bullock

    I doubt that will help you. Mobile Net Switch (according to my quick read) simply re-maps drives, printers, etc. You can "net use" to specify alternate credentials when accesing drives and printers, but that doesn't work with applications like SQL Server Enterprise Manager or VSTS, which grab your currently logged in user. You'll notice that Mobile Net Switch doesn't make mention of changing domain controllers. It would be quite a trick (and security hole) if they could do that.

  • KoMas

    I raised this issue on the Microsoft Product Feedback Center awhile ago and the issue was closed as "By Design". (I would link to the suggestion, but the site is currently having problems. So I can't look it up.) There is no way that you can specify the credentials to use when accessing the team server.* It uses the user's currently logged in credentials. That means that the computer must be a member of your domain. As you probably know, a computer can only be part of one domain at a time. As a consultant myself, this is a major pain. Given that I have confidential files from other clients on my computer, I can't be merrily hopping from client domain to client domain. (Besides the sys admins will probably get tired of having to join my laptop to their domain.)

    Assuming that Microsoft doesn't change its mind before release, you have two options:
    1. Give the contractors workstations that are joined to your domain.
    2. The contractors can run Virtual PC 2004 or VMWare Workstation. Join the virtual machine to your domain and have them log into that.
    In either case, VPN should work just fine.

    * Enterprise Manager for SQL Server 2000 has exactly the same problem. My laptop is in domain CONSULTINGCOMPANY. I'm at a client site that uses Windows Auth only for SQL Server. I cannot access their SQL Servers using Enterprise Manager because there is no way to "runas" on my computer using CLIENTDOMAIN credentials.


  • Nick Hertl

    Unfortunately runas won't work because a computer can only be a member of one domain at a time. You can runas a local user or a domain user (but it must be the same domain as the computer is joined to), but you can't runas a domain user from a foreign domain.

  • Manoj Kumbhar

    Now I see what you're trying to do. Interesting predicament. < xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />



  • ovmidori

    Buck, can you say when the next drop will be   Will it be at the PDC   I'll be there!  Big Smile

  • Flame_Djinn

    While I'm not sure what was closed as "by design," we are working on fixing issues in the code that prevent using VS to connect to the server with different credentials and hope to have the problems resolved by RTM.

    From the command line, you can use h.exe (will be tf.exe in the next drop) with the /login:user,password to log in with different credentials (if you just specify /login:user it will prompt for the password).

    Buck

  • banjo picker

    I wonder if a product like this would help you out.
    http://www.mobilenetswitch.com/

  • sulu

    Interesting.  Well, I would expect that you would be able to do this by RTM.  What should happen is that you fail to authenticate with your default credentials.  You should then be prompted with a login dialog to supply a user name and password.  There are still some problem spots in the code, but we are actively working on addressing this.  As far as h.exe with /login, please try it with whatever release you have installed and let me know what you find.

    Buck

  • Keith Murry

    Have you tried using "Run as"



  • Patrick MCormick

    Here is my suggestion that was closed as "By Design".

    http://lab.msdn.microsoft.com/productfeedback/viewfeedback.aspx feedbackid=1aeee461-26ef-4bd2-a674-11f6887bd786

    Using h.exe or tf.exe, will this allow supplying credentials for a domain, which the current computer is not a member For instance, I'm logged into my laptop, which is part of the Foo domain, as Foo\James. I want to log into a Team Server on a client's domain, Bar, where I have an account Bar\jkovacs. Will this setup work with the next drop

  • Question about authentication through VPN??
Answer this question