Configuring MSA AAD for your on prem gallery instance

NuGet Gallery uses AzureActiveDirectoryV2 common endpoint for authentication.

1. Register an app for authenticating with your AAD
   • Sign in with your work/personal account on https://apps.dev.microsoft.com
2. Goto Application Registration Portal tab
3. Under "Converged Applications" click "Add an app"
4. Give a name.
5. Under platforms section, create a web platform if one doesn't exist
6. Check Allow implicit flow and Restrict token issuing to this app
7. Under target domain add: <Your domain> eg: nuget.org
8. Under Redirect URIs: https://<Yourdomain>/users/account/authenticate/return (NOTE: this is a must format otherwise it will give error, also note the 'https')
9. Note down ApplicationId and Application secret.
10. In your local nuget gallery instance, set the values copied in step 9 in web.config for Keys:

Auth.AzureActiveDirectoryV2.ClientId = <ApplicationId>
Auth.AzureActiveDirectoryV2.ClientSecret = <Application Secret>
Auth.AzureActiveDirectoryV2.Enabled = true

11. Note: This authenticates the gallery with the v2 common workflow, it means any AAD/personal MSA account will be able to create an account and publish packages to your on-prem gallery. If you want to authenticate with only specific AAD, for now, you will need to make a code change. Update the AzureActiveDirectoryV2AuthenticatorConfiguration. Set the authority tenant ID to your AAD Tenant ID:

openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, AzureActiveDirectoryV2Authenticator.Authority, "<Your AAD Tenant ID>");	

12. This should get your gallery up and running integrated with your specific AAD Account.