-
Notifications
You must be signed in to change notification settings - Fork 644
Configuring MSA AAD for your on prem gallery instance
Shishir H edited this page Oct 1, 2019
·
4 revisions
NuGet Gallery uses AzureActiveDirectoryV2 common endpoint for authentication.
- Register an app for authenticating with your AAD
- Sign in with your work/personal account on https://aka.ms/AppRegistrations
- Goto Application Registration Portal tab
- Under "Converged Applications" click "Add an app"
- Give a name.
- Under platforms section, create a web platform if one doesn't exist
- Check
Allow implicit flow
andRestrict token issuing to this app
- Under target domain add:
<Your domain>
eg:nuget.org
- Under Redirect URIs:
https://<Yourdomain>/users/account/authenticate/return
(NOTE: this is a must format otherwise it will give error, also note the 'https') - Note down
ApplicationId
andApplication secret
. - In your local nuget gallery instance, set the values copied in step 9 in
web.config
for Keys:
Auth.AzureActiveDirectoryV2.ClientId = <ApplicationId>
Auth.AzureActiveDirectoryV2.ClientSecret = <Application Secret>
Auth.AzureActiveDirectoryV2.Enabled = true
- Note: This authenticates the gallery with the v2 common workflow, it means any AAD/personal MSA account will be able to create an account and publish packages to your on-prem gallery. If you want to authenticate with only specific AAD, for now, you will need to make a code change. Update the AzureActiveDirectoryV2AuthenticatorConfiguration. Set the authority tenant ID to your AAD Tenant ID:
openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, AzureActiveDirectoryV2Authenticator.Authority, "<Your AAD Tenant ID>");
- This should get your gallery up and running integrated with your specific AAD Account.