fix: Auth header when downloading images from tfs (#2877)

MrHinsh · web-flow · commit 0ea619995711 · 2025-07-09T10:04:51.000+01:00
Updated the logic for setting the `Authorization` header in `HttpClient`
to improve security and flexibility. The code now checks if the
`sourcePersonalAccessToken` is not empty and if the `matchedSourceUri`
contains "tfs/DefaultCollection". If both conditions are met, the token
is encoded in Base64 with an empty username; otherwise, the token is set
directly if it's not empty.
diff --git a/src/MigrationTools.Clients.TfsObjectModel/Tools/TfsEmbededImagesTool.cs b/src/MigrationTools.Clients.TfsObjectModel/Tools/TfsEmbededImagesTool.cs
@@ -132,8 +132,18 @@ private string UploadedAndRetrieveAttachmentLinkUrl(string matchedSourceUri, str
                 {
                     if (!string.IsNullOrEmpty(sourcePersonalAccessToken))
                     {
-                        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", sourcePersonalAccessToken);
+                        var host = new Uri(matchedSourceUri).Host.ToLowerInvariant();
+                        if (host.Contains("dev.azure.com") || host.Contains("visualstudio.com"))
+                        {
+                            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", sourcePersonalAccessToken);
+                        }
+                        else
+                        {
+                            string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(string.Format("{0}:{1}", "", sourcePersonalAccessToken)));
+                            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", credentials);
+                        }
                     }
+
                     var result = DownloadFile(httpClient, matchedSourceUri, fullImageFilePath);
                     if (!result.IsSuccessStatusCode)
                     {

Original file line number	Diff line number	Diff line change
`@@ -132,8 +132,18 @@ private string UploadedAndRetrieveAttachmentLinkUrl(string matchedSourceUri, str`
`132`	`132`	`{`
`133`	`133`	`if (!string.IsNullOrEmpty(sourcePersonalAccessToken))`
`134`	`134`	`{`
`135`		`- httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", sourcePersonalAccessToken);`
	`135`	`+ var host = new Uri(matchedSourceUri).Host.ToLowerInvariant();`
	`136`	`+ if (host.Contains("dev.azure.com") \|\| host.Contains("visualstudio.com"))`
	`137`	`+ {`
	`138`	`+ httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", sourcePersonalAccessToken);`
	`139`	`+ }`
	`140`	`+ else`
	`141`	`+ {`
	`142`	`+ string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(string.Format("{0}:{1}", "", sourcePersonalAccessToken)));`
	`143`	`+ httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", credentials);`
	`144`	`+ }`
`136`	`145`	`}`
	`146`	`+`
`137`	`147`	`var result = DownloadFile(httpClient, matchedSourceUri, fullImageFilePath);`
`138`	`148`	`if (!result.IsSuccessStatusCode)`
`139`	`149`	`{`