I'm running Mercurial's hgwebdir.cgi on WinXP over IIS as a central repo for sharing code with my team. I'd like to use ActiveDirectory to authenticate to the server when pushing/pulling through TortoiseHg and/or the command-line hg client. Has anyone done this or seen instructions on how to do this?
hgwebdir.cgi doesn't really authentication, although it can do authorization. You probably want to take care of authentication in the IIS config. (I don't have any experience with IIS, but that's how it works with Apache, at least.)
Authentication is done by IIS. In IIS Manager, allow Basic Authentication on the directory containing hgwebdir.cgi script. Then edit the Basic Authentication settings and set default domain and realm to your domain name.
In hgweb.config add
allow_push = <username>
replacing with your username(s) for people who will be able to perform push. This worked for me.
Cheers
I know this has already got an accepted answer, but I did a four part blog post for set up of Mercurial on IIS with Active Directory authentication and using hgwebdir.cgi for push authorization. It goes over the whole process of:
- Setting up Mercurial's hg web interface on IIS.
- Setting up the IIS authentication for Mercurial so that only users authorized by the active directory (i.e. security groups/users) can view/access the repositories either via the hg web interface or through the file system.
- Configuring Active Directory authentication for Mercurial users, so only authorized users can see/access the repositories they have access to.
- Configuring hgwebdir.cgi via hgweb.config to set push authorization for specified users to repositories.
- Hiding hgwebdir.cgi using Helicon's ISAPI Rewrite in your repository's URL.
- Customizing the style/feel of the hg web user interface to your own taste.
http://www.endswithsaurus.com/2010/05/setting-up-and-configuring-mercurial-in.html
I hope it's useful to people...