I am looking forward to setup a Service Principal in the main Devops of my company to use as Token access to update or create work items with the Devops Api inside an application in C#...
We are already using the api but with personal tokens, as we know this is not the best practice, because in case any person goes off work their personal access tokens will expires...
So, in order with that I followed this guide: https://cann0nf0dder.wordpress.com/2020/09/27/programmatically-connecting-to-azure-devops-with-a-service-principal-subscription/
Then I added the service principal into the azure active directory group that has all of our users ( the ppl who access into devops )
public void UpdateAzureDevopsPullReviewed(List<int> user_story_numbers, string assigned_to)
{
#region Azure DevOps data connection
Uri orgUrl = new Uri("https://dev.azure.com/nfpnso/");
String tokenWrite = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
//create a connection
VssConnection connection = new VssConnection(orgUrl, new VssBasicCredential(string.Empty, tokenWrite));
#endregion
PullReviewedWorkItem(connection, user_story_numbers, assigned_to).Wait();
}
What I did in Azure was create a new APP registration, in Active Directory, there I got Application (client) ID, Directory (tenant) ID, Object ID and then I created a new secret, this means the ID and the Value ... probe with all these strings and the connection is not executed, it tells me that I am not authorized to access the devops .
I don't think you can use a service principal to call the Azure DevOps API.
Please see Choosing the right authentication mechanism.
Pay attention to the Note tip:
The Azure DevOps API doesn't support non-interactive service access via service principals.
The only Non-interactive client-side type is Device Profile Authentication mechanism.
That could be the explanation of why I didn't find any guide or help in the internet .//.././