Unable to view the contents of the Documents Tab in TSWA

Question

Is there a way to configure TSWA to point to the appropriate SharePoint server? We have a TFS 2008 instance which was initially using WSS for its Team Project site. Subsequently, we migrated to MOSS on a different server. All works well...we created several Team Projects since then and everything is still nice and tidy. However, it seems like the migration to the new server was not reflected for the TSWA component. Users are unable to access the content in the Document tab. They are not explicitly denied in TSWA. They all have access to the MOSS Team Project Site and are able to view documents from there. Our suspicion is the TSWA component is still pointing to the WSS server for the document content.

Answer 1

There might be a double hop issue if you use Windows Integrated Authentication. Can you try to access Documents in TSWA after explicitly specifying your credentials on login page? (You need to logout to access login page)

Regards,

Serkan Inci - MSFT

Answer 2

Hello,

You can run the following command on the TFS server and validate all the settings for the SharePoint links are correct:

C:\Program Files\Microsoft Visual Studio 2008 Team Foundation Server\Tools>TfsAdminUtil.exe configureconnections /view

Thanks,
Alin,
PRAKTIK Consulting
TFS Hosting and TFS Consulting Services.

Answer 3

Yes, we have run that command to see what TFS is using for the SharePoint URI. That is pointing to the correct server. From a TFS perspective, it seems to create the team project site on the correct server. A valid user could see access all the reports, access the team project site, and the TFS artifacts. However, a valid user is not able to see the documents tab in Team System Web Access. Also note, the user could see the documents from Team Explorer.

Answer 4

Let me check that, I think they are using Forms Authentication. I will verify it and check the web.config. But is there a setting that could set in the config file that may help with this issue?

Answer 5

Are you asking how to change authentication method in web.config?

If yes, two elements in web.config should be like the following (for Forms Authentication):

<authentication mode="None" />
<identity impersonate="false" />

In addition to these, anonymous access should be selected in IIS for the TSWA site (Windows Integrated Authentication should be disabled).

Please let me know if this works or not.

Regards,

Serkan Inci - MSFT

Answer 6

Sort of strange...some users are prompted for credentials and others are not. Below is the setting in the web.config. However, all users are unable to see the artifacts displayed in the Document tab. I had one user try to log off and log in using the log in screen and still no effect at least from the Documents tab perspective.

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

 

  <configSections>

    <section name="webAccessSettings" type="Microsoft.TeamFoundation.WebAccess.Common.WebAccessSettings" />

  </configSections>

 

  <webAccessSettings>

    <!-- Specifies whether the login form is enabled. If disabled, only

    Integrated Windows Authentication is allowed. -->

    <formsAuthentication enabled="true" />

 

    <!-- Specifies whether advanced Integrated Windows Authentication options

    are enabled. -->

    <delegatedAuthentication enabled="false" />

 

    <!-- Specifies whether compression for dynamic content is enabled. -->

    <outputCompression enabled="true" />

 

    <!-- Keeps the connection to TFS alive to avoid session timeouts. -->

    <tfsKeepAlive enabled="true" />

 

    <!-- Specifies the default Team Foundation Server to initially connect

    when Integrated Windows Authentication is enabled. When more than 

    one server is specified, these servers are displayed as a selection on 

    the login form. -->

    <tfServers>

      <add name="http://<servername>:8080" />

    </tfServers>

 

    <!-- Specifies maximum number of workitems when query results are being sent as an email or viewed as a report.-->

    <maxWorkitemsInReportList count="100" />

 

    <!-- 

    Specifies whether sending query results and work items as email is enabled.

    Make sure to enable/disable mailSettings section in <system.net> below for the sender username and password

    -->

    <emailSettings sendingEmailEnabled="true" enableSsl="false" />

 

    <jscriptConfig>

      <add name="showBrowserToolbar" value="true"/>

    </jscriptConfig>

 

    

  </webAccessSettings>

 

  <runtime>

    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

      <dependentAssembly>

        <assemblyIdentity name="Microsoft.TeamFoundation.WebAccess.WorkItemTracking"

                          publicKeyToken="31bf3856ad364e35"

                          culture="neutral" />

        <bindingRedirect  oldVersion="9.0.0.0-9.0.65535.65535"

                          newVersion="9.0.3000.0" />

      </dependentAssembly>

    </assemblyBinding>

  </runtime>

 

  <!-- ** Email Settings ** -->

  <system.net>

    <mailSettings>

      <smtp deliveryMethod="network" from="tfs@someone.com">

 

        <!-- Use default credentials -->

        <network host="mail.organization.com" port="25" defaultCredentials="true" />

        

        <!-- To specify a username and password, comment out the <network> section 

        above, and uncomment the one below -->

        <!--<network host="mail.example.com" port="25" defaultCredentials="false" userName="username" password="password" />-->

      

      </smtp>

    </mailSettings>

  </system.net>

 

  <appSettings>

    <!-- Directory path where cache is stored. -->

    <add key="WorkItemTrackingCacheRoot" value="C:\Program Files\Microsoft Visual Studio 2008 Team System Web Access\Cache\Tswa"/>

    <add key="TfcBin" value="C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies" />

  </appSettings>

 

  <system.web>

 

    <urlMappings enabled="true">

      <add url="~/home.aspx" mappedUrl="~/Index.aspx" />

      <add url="~/home" mappedUrl="~/Index.aspx" />

 

      <add url="~/allq.aspx" mappedUrl="~/UI/Pages/WorkItems/AllQueries.aspx" />

      <add url="~/qx.aspx" mappedUrl="~/UI/Pages/WorkItems/QueryExplorer.aspx" />

      <add url="~/wi.aspx" mappedUrl="~/UI/Pages/WorkItems/WorkItemEdit.aspx" />

      <add url="~/qe.aspx" mappedUrl="~/UI/Pages/WorkItems/EditQuery.aspx" />

      <add url="~/q.aspx" mappedUrl="~/UI/Pages/WorkItems/QueryResult.aspx" />

      <add url="~/qr.aspx" mappedUrl="~/UI/Pages/WorkItems/QueryResultNW.aspx" />

 

      <add url="~/cs.aspx" mappedUrl="~/UI/Pages/Scc/ViewChangeset.aspx" />

      <add url="~/history.aspx" mappedUrl="~/UI/Pages/Scc/History.aspx" />

      <add url="~/diff.aspx" mappedUrl="~/UI/Pages/Scc/Difference.aspx" />

      <add url="~/view.aspx" mappedUrl="~/UI/Pages/Scc/ViewSource.aspx" />

      <add url="~/ann.aspx" mappedUrl="~/UI/Pages/Scc/Annotate.aspx" />

      <add url="~/scc.aspx" mappedUrl="~/UI/Pages/Scc/Explorer.aspx" />

      <add url="~/ss.aspx" mappedUrl="~/UI/Pages/Scc/ViewShelveset.aspx" />

 

      <add url="~/report.aspx" mappedUrl="~/UI/Pages/Reports/Report.aspx" />

      <add url="~/reports.aspx" mappedUrl="~/UI/Pages/Reports/Explorer.aspx" />

 

      <add url="~/docs.aspx" mappedUrl="~/UI/Pages/Documents/Explorer.aspx" />

 

      <add url="~/builds.aspx" mappedUrl="~/UI/Pages/Builds/Explorer.aspx" />

    </urlMappings>

 

    <globalization culture="auto" uiCulture="auto"/>

 

    <!-- For Integrated Windows Authentication, set Authentication Mode to "Windows"

    For Forms authentication, set it to None -->

    <authentication mode="Windows"/>

    <!-- For Integrated Windows Authentication, enable Identity Impersonation -->

    <identity impersonate="true"/>

    

    <httpRuntime executionTimeout="300"/>

    <pages validateRequest="false" enableEventValidation="false"/>

    <customErrors mode="Off"/>

    <sessionState mode="InProc" cookieless="false" timeout="30"/>

    <trace enabled="false" pageOutput="false" requestLimit="40" localOnly="false"/>

 

    <httpModules>

      <add name="CompressionModule" type="Microsoft.TeamFoundation.WebAccess.CompressionModule"/>

      <add name="ReportWrapperModule" type="Microsoft.TeamFoundation.WebAccess.ReportWrapperModule"/>

    </httpModules>

 

    <httpHandlers>

      <add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false"/>

      <remove verb="*" path="*.asmx"/>

      <add path="CachedResource.axd" verb="*" type="Microsoft.TeamFoundation.WebAccess.Controls.CachedResourceHandler" validate="false"/>

      <add path="StateDiagram.axd" verb="*" type="Microsoft.TeamFoundation.WebAccess.StateDiagramHandler" validate="false"/>

      <add path="SccDownload.axd" verb="*" type="Microsoft.TeamFoundation.WebAccess.SourceDownloadHandler" validate="false"/>

      <add path="SccFolderDownload.axd" verb="*" type="Microsoft.TeamFoundation.WebAccess.SccFolderDownloadHandler" validate="false" />

    </httpHandlers>

 

    <compilation debug="false" batch="false" />

 

  </system.web>

 

  <!--<system.diagnostics>

    <trace autoflush="true">

      <listeners>

        <add name="TeamPlainTracer" type="System.Diagnostics.TextWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"

          initializeData="C:\Program Files\Microsoft Visual Studio 2008 Team System Web Access\Cache\Tswa\TswaLog.txt"/>

        <remove name="Default"/>

      </listeners>

    </trace>

 

 

    <switches>

      <add name="TSWA.General" value="Verbose"/>

      <add name="TSWA.Application" value="Verbose"/>

      <add name="TSWA.TeamFoundationServer" value="Verbose"/>

      <add name="TSWA.UserControl" value="Verbose"/>

      <add name="TSWA.Configuration" value="Verbose"/>

      <add name="TSWA.Security" value="Verbose"/>

      <add name="TSWA.API" value="Verbose"/>

    </switches>

  </system.diagnostics>-->

 

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs" compilerOptions="/d:TRACE" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.3500.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="1"/>

      <compiler language="VB" extension=".vb" compilerOptions="/d:Trace=true" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

    </compilers>

  </system.codedom>

  

</configuration>

Answer 7

You are using Windows Integrated Authentication. Please refer to my previous post to see how to switch to Forms Authentication, .

Regards,
Serkan Inci - MSFT

Answer 8

Turning on Forms Authentication worked...I am still not clear what the issue was, however. Will we be able to switch back to Windows Integrated Authentication, or does this have to be permanently in place? Thanks you for your help so far.

Answer 9

The issue is, the web server (TSWA) cannot move the user credentials to any other server (SharePoint) in Integrated Windows Authentication by its nature. You can either continue with Forms Authentication or configure trusted delegation between two servers (TSWA and SharePoint).

Please refer to the following post for more details:
http://blogs.msdn.com/nunos/archive/2004/03/12/88468.aspx

Regards,
Serkan Inci - MSFT