0

I wrote a powershell script for a custom TFS task (Build and Release Task). Now I need to execute some command with specific credentials. For this I create the following statement:

Start-Process powershell -Credential $mycred -Wait -ArgumentList "-file $taskDir\task.ps1" -RedirectStandardOutput C:\Temp\taskOutput.log

If I execute the command in the powershell, everything works correctly. But as soon as the command will be executed from the TFS service, it doesn't work. If I remove the -Credential $mycred parameter, the command also works in context of the TFS execution.

I guess that the problem is, that with the -Credential $mycred a new window was opened. And so it doesn't work within the TFS execution.

Anyone knows a better solution to execute a powershell script with specific credential?

Thanks!!

UPDDATE 1:

For better understanding I upload the full custom task here

Improve this question
4
  • What TFS version are you using? Commented Sep 25, 2017 at 11:51
  • In general I would recommend using a solution already created - github.com/huserben/TfsExtensions/tree/master/BuildTasks. If you want to have custom BuildTasks you can extend the github one. Commented Sep 25, 2017 at 11:56
  • When the build task is executed, it's using TFS build service account? Did you mean you want to run the task with another credential in the build pipeline? Commented Sep 25, 2017 at 12:12
  • 1
    I use TFS 2015 - but in my opinion the link is not relevant for my problem. @Patrick-MSFT Exactly, I need to execute the powerschell script with another user, because the task run an EntityFramework migration with integrated security. I upload the full task, as you can see in the question. Could you understand my problem? Commented Sep 25, 2017 at 12:31

2 Answers 2

Reset to default
1

Using Invoke-Command instead. A related thread: Start-Job with credential in custom task problems.

$mypwd = ConvertTo-SecureString -String "[password, could use variable]" -Force -AsPlainText
$Cred = New-Object System.Management.Automation.PSCredential('[user name]',$mypwd)
$scriptToExecute = 
{
$VerbosePreference='Continue'
Write-Output "$env:UserName"
# Write-Verbose "Verbose" 4>&1
}
$b = Invoke-Command -ComputerName localhost -ScriptBlock $scriptToExecute -Credential $Cre
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

When you queue the build, all build tasks should run under your build service account such as NetworkService. If you run the script a PS window pops up and closes instantly again. It's not able to directly run the script as a different user.

TFS Builds allow you to access PAT token via a settings in build definition. These are on the fly generated PAT tokens, so you won't need to store any secret anywhere.

For running the script at a developer's machine, you can ask a developer to enter PAT or have an if else logic where you can ask him for username password.

More details please refer this link: https://learn.microsoft.com/en-us/vsts/build-release/actions/scripts/powershell#use-the-oauth-token-to-access-the-rest-api

You could also take a look at this similar question: Powershell / VSTS Build - Store Credentials Independent/ Agnostic of User Running Script

Improve this answer

1 Comment

Thanks, but this doesn't solve my problem. My problem is, that if I want execute a script with specific credentials, than the powershell open a new window for the Start-Process command. But by executing this from the tfs build service, the process which is specified in the Start-Process argument will not execute.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.