IIS Basic Authentication invalidates personal access tokens
Azure DevOps Services
Caution
We recommend that you keep IIS Basic Authentication turned off always. Only if necessary should you enable IIS Basic Authentication. When IIS Basic Authentication is enabled on your windows machine, it prevents you from using personal access tokens (PATs) as an authentication mechanism.
For example, if you use a PAT to allow a third-party app to retrieve bug information, and then send an email with the info to the bug assignee (with IIS Basic Authentication enabled), the app fails authentication. The app can't retrieve bug info.
Git with IIS Basic Authentication enabled
Warning
If you use Git with IIS Basic Authentication, Git breaks because it requires PATs for user authentication. Although we don't recommend you use IIS Basic Authentication, by adding an extra header to Git requests, you can use Git with IIS Basic Authentication.
The extra header must be used for all Azure DevOps Server installations, as Windows Auth also prevents using PATs.
The extra header must include a base 64 encoding of "user:PAT." See the following format and example.
Format
git -c http.extraheader='Authorization: Basic [base 64 encoding of "user:password"]' ls-remote http://tfsserver:8080/tfs/DefaultCollection/_git/projectName
Example
git -c http.extraheader='Authorization: Basic a2FzYW50aGE6bzN3cDVndmw2YXRkajJkam83Znd4N2k3NDdhbGxjNXp4bnc3b3o0dGQycmd3d2M1eTdjYQ==' ls-remote http://tfsserver:8080/tfs/DefaultCollection/_git/projectName
Related articles
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for