Inedo Community Forums Forums
    • Recent
    • Tags
    • Popular
    • Login

    Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

    If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

    Access control by ingress

    Scheduled Pinned Locked Moved Support
    3 Posts 2 Posters 18 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mharen
      last edited by

      I'm interested to know if anyone has set up Proget with access control varying by ingress. Here's what I'm after:

      1. Devs on the local network (i.e. in the office or on VPN) can anonymously pull packages for restores, and authenticate to push packages
      2. CI systems not on the network must authenticate to pull packages for restores, and for pushing packages

      It's ok if I need separate host names for each of the above cases, but ideally all the interesting auth parts would happen inside Proget.

      How do people secure their Proget servers for package restores?

      atrippA 1 Reply Last reply Reply Quote 0
      • atrippA Offline
        atripp inedo-engineer @mharen
        last edited by

        Hi @mharen,

        You can try to enable Windows Integrated Authentication in ProGet, and then use two sites in IIS (once with WIA, one without), but that will only work for NuGet packages. Other client (npm, docker) do not support WIA.

        Otherwise, you can take a "DMZ" approach, and configure two instances of ProGet - one for Devs, one for CI systems - then use a connector. The two-instance approach also has the benefit of reducing load, though not quite as much as a load balancing configurating.

        Cheers,
        Alana

        1 Reply Last reply Reply Quote 1
        • M Offline
          mharen
          last edited by

          Thank you for your help! I am hoping that this is enough to lock down nuget restores:

          API Keys for Pulling/Listing Packages
          Most clients will not send the API key for operations like listing or pulling packages. In this case, ProGet will issue an authentication challenge, and the client will respond by prompting for a username and password. In this case, you can supply api for the username, and your API key for the password.

          I'll test that.

          1 Reply Last reply Reply Quote 0

          Hello! It looks like you're interested in this conversation, but you don't have an account yet.

          Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

          With your input, this post could be even better 💗

          Register Login
          • 1 / 1
          • First post
            Last post
          Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation