Rob Caron

Developer-related topics and other stuff.

Accessing Team Foundation Server Remotely

Accessing Team Foundation Server Remotely

  • Comments 39

Team Foundation client applications, such as Team Explorer, access Team Foundation Server functionality through a collection of Web services hosted on Internet Information Services (IIS) 6.0. The initial RTM release of Team Foundation Server only supports Integrated Windows Authentication, which allows clients to use their Windows credentials to access this functionality.


Integrated Windows Authentication is an ideal choice for most deployment scenarios in a corporate environment, but it is not an optimal choice in Internet scenarios due to limitations resulting from proxy servers, firewalls, and trusted connections. For this reason, we originally planned to support Basic and Digest authentication as well. For more information, see Integrated Windows Authentication (IIS 6.0).


Unfortunately, we were not able to complete this implementation in time to ship with the initial RTM release of Team Foundation Server. We are continuing to work on adding this support in the near future, which should be available sometime soon after the release of Team Foundation Server. However, this means that Team Foundation Server does not immediately support some scenarios, such as accessing Team Foundation Server through a proxy that does not maintain a connection between the client and server.


This does not mean that Team Foundation Server is not accessible from across the Internet. You can use a Virtual Private Network (VPN) should your scenario require accessing Team Foundation Server from outside your local intranet. Alternatively, and subject to your own risk analysis, you may opt to expose your Team Foundation Server directly to the Internet and require the use of encrypted connections (e.g., HTTPS using SSL/TLS); however, you may be thwarted by proxies on the client side of the equation, such as those provided by Internet Service Providers (ISPs).

If your intended use of Team Foundation Server requires support for Basic or Digest authentication, we would like to hear your feedback on the importance of these authentication mechanisms in your deployment scenarios.

[Now available as a KB article:] 


  • Hi Jimmi,

    Can u please send that Visio diagram to me at, since i have to make setup of TFS in the same way.

    Appreciate your help.

  • Hi All,

    We are facing the same problem. Can this visio diagram be downloaded somewhere ?

  • Hi,

    Jamie's solution above to the problem of working with Team Server across different domains is very elegant and I hope that someone can post the diagram.  A possible problem is that the TFS proxy server works to make the source code control very efficient, but still does not address the fundamental problem of authorization across two non-trusting domains which immediately happens with reports and the project portal.

    I have a similar situation to Jaime but have a serious issue with the handling of local accounts.  The entire purpose of domains and AD is to handle the administration of accounts and access.  If we have to set up local accounts for all users in both domains then we have defeated the purpose of the AD administration.

    I need to implement a solution whereby development groups in domains X and Y have equal access to a Team Foundation Server located in either domain.  

    - Steve
  • Send me this visio dialgram too
    salos at mail dot ru

  • Jammie
    We are also in the same situation. Can you please share your visio? My email address is

    Have you found any solution?

  • PingBack from

  • TFS를 이전하면서 새로운 사실들을 알게 되는 것들이 꽤 있다. 그 중에서도 Basic 인증을 지원하지 않는 다는 사실은 충격적이었다. Beta 3까지도 정식 버전에서는 지원하겠다는

  • PingBack from,guid,ea1fef1b-0282-49f5-a203-4d774f0e0928.aspx

Page 3 of 3 (39 items) 123
Leave a Comment
  • Please add 5 and 4 and type the answer here:
  • Post