Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Bug in Anonymous Authorization management



  • Hi all,

    I've observed some strange behaviour with our proget instance.

    I've added the Anonymous user to a Developer group, which has the Developer role assigned. This worked until 3.7.5. Anonymous users were able to view the feeds overview and download packages.

    After updating to 3.7.6 anonymous users weren't able to view the feeds or to download packages anymore. I was able to restore the old behaviour by assigning the Anonymous user directly the Developer role. (Before that only the developer group had the role assigned).

    Is this the new intended behavior?

    With kind regards

    Boris Bopp

    Product: ProGet
    Version: 3.8.0



  • Hmm, that should never have worked, actually... Anonymous is a pseudo-user and wasn't designed to be used in groups like that, so if it did work like that, then it was unintentional.

    The current, intended behavior is that you need to explicitly grant Anonymous privileges.



  • Thanks for the clarification.

    But then you should disable the ability to add anonymous as a group member and show a corresponding warning.

    With kind regards

    Boris Bopp


Log in to reply
 

Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation