1. Home
  2. Categories
  3. Support
  4. Access Proget Feed under system (computer) account

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Access Proget Feed under system (computer) account

  • I

    Hi,

    is it possible to access Proget Feed under system account when Windows Integrated Authentication is enabled on Proget ? I've tried to add Domain Computers with View & Download packages permissions but this didn't work. We need to be able to access Proget Feed (which is configured as a source in choco config) under system account because DSC is running under system. When I've added Anonymous to View & Download packages it works but this is not really the preferred and manageable way.
    Thank you for your answer.

    Kind regards
    Ivan

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    Hi @ivan-magdolen_6846,

    If you're using Windows Integrated Authentication, then all requests will be already authenticated against the domain before reaching ProGet. So in this context, "Anonymous" really means "all domain users".

    If you want to restrict only certain domain users, then you should create an active directory group. I believe the group "Domain Computers" is a special group (i.e. not a security group), and it's not returned in ordinary LDAP queries that ProGet makes.

    Best,
    Alana

    0
  • I

    Hello @atripp,
    I am able to add "Domain Computers" so group is returned by LDAP query, but it doesn't work. Same when I've created security group and add computer account to members. Still I am not able to reach Proget Feed under system account. I got following message: Invalid credentials specified.
    f689fac5-837b-491d-beae-429872fac35e-Error1.PNG
    But when I add to Feed "Anonymous" - View & Download Packages I am able to reach the feed.

    When I've tried to reach Feed under computer account on Proget server I got following message. Then I've added anonymous
    See picture below
    fa840e5d-b2ab-499d-a015-5ad4ba1ca2db-Error.PNG

    Kind regards
    Ivan

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    Hi @ivan-magdolen_6846,

    An "Invalid credentials specified" basically translates to "invalid username/password". In this case, it doesn't matter that the user has permissions or not (authorization) -- they simply can't login (authentication).

    I would try this without chocolatey; you can simply visit the API urls in an "incognito" browser directly, and enter the username/password prompts from the browser. This should be a browser-prompt, and not the ProGet log-in page.

    Once you can access the API urls, that will give you an idea of whether the LDAP is workikng or not.

    Cheers,
    Alana

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation