Git Credential Manager and ContentUrl with port

[peeveen]

Hi,

As is well documented in this issue, internal GitLab repositories don't play nice with SourceLink, but there is a workaround of using a proxy to retrieve the source via the GitLab API, by specifying the proxy URL via the ContentUrl property:

<SourceLinkGitLabHost Include="gitlab.myinternal.com" ContentUrl="https://blah:1234/" />

I've been putting a proxy together, and it all seems to work well, but I've noticed an oddity with how the credentials are retrieved from Git Credential Manager.

If I run my proxy on a URL with a port (e.g. https://blah:1234), and register credentials with GCM:

> git credential-manager-core store
protocol=https
host=blah:1234
username=myusername
password=mypassword
^Z

... when the time comes to fetch some code, Source Link gives an error:

Source Link Error:
git-credential-manager-core.exe: Could not obtain credentials. Process failed with exit code -1.
ERROR: The request failed with code 401 : "Unauthorized".

HOWEVER, if I use the same git credential-manager-core store command but omit the port:

> git credential-manager-core store
protocol=https
host=blah
username=myusername
password=mypassword
^Z

... then Source Link is happy, and all goes well.

So I don't know if this is a Source Link or Visual Studio thing, but it looks like the port gets stripped when asking for credentials from GCM, which I don't think is right.

This has another knock-on effect ... if the credentials are not pre-registered in GCM, a git credential-manager-core get command will usually launch a credentials login dialog if it detects a service at the specified host, and that does not happen from VS when the URL has a port, so a user is forced to add credentials manually.

EDIT: a bit more evidence ... here's me requesting GCM credentials for my proxy running on localhost:5042:

As you can see, GCM prompts for credentials, as it has detected the service at the given location.
And now here's me requesting the credentials, but omitting the port:

So it looks like GCM does want the full host (name and port), but I'm pretty sure that VisualStudio/SourceLink is only requesting credentials for the host name (without the port).

[tmat]

@chuckries

[peeveen]

I've since tried this with JetBrains Rider, and that IDE picks up the correct GCM credentials (those registered against the hostname WITH port) ... though it has several other issues afterwards (seems to be requesting files from the obj/Release path?!?) ... so at the moment I'm leaning towards this being more of a Visual Studio bug ... also, I don't see any code in this project that talks to GCM, so I'm guessing there's not much anyone here can do.

I'll submit it as a VS bug also, and reference this page.

[peeveen]

Visual Studio bug report: https://developercommunity.visualstudio.com/t/Visual-Studio-strips-port-from-URL-when-/10183823

[chuckries]

@peeveen thanks for reporting this, I am trying to investigate. You are correct that VS does not include the port number today in our requests to GCM-core. This is easy enough to fix, but I am trying to determine if git.exe includes the port number in its request to credential providers.

That is to say, if you attempt to clone a git repo from a URL with a port number, will the port number be included when git.exe invokes gcm-core.exe.

[chuckries]

From some testing, it looks like git.exe will provide the port number in the "host" field of the request to a credential manager. I will fix VS to do the same.

[peeveen]

This all sounds very promising. Thanks very much for this. I expect I will eventually be running the proxy again a "proper" hostname (without a port), but I thought I'd better bring this to your attention, as it looked like a defect.

[peeveen]

@chuckries I got an email telling me that this was fixed in VS 17.5 Preview 1, so I gave it a try, and it seems to be working.
I'll close this. Thanks for your help.