Hello, I think what you are trying to do can be accomplished by adding a restriction for "View & Download Packages" to "any" feed for "Authenticated" users. Then add whatever permission to the API user. Use the Test Privileges button to verify. Thanks Jason

I had a problem like this (for a different extension tho) and I just restarted the ProGet service, then it worked.

Thanks Alana, we will update our the inedo Core when the new version will be available.

This is a feature of the paid edition of ProGet; once you have that, you can scope security tasks to specific feeds. Otherwise, everything is global.

It's possible it may work (I can't verify) if you specify the port in the domain controller host value under advanced settings (i.e. enter your-dc-server:636 as the value). See the LDAP Advanced Settings documentation for info on how to find that page to configure that value. If that doesn't work, I suspect a code change is needed - it is not clear via the Microsoft documentation what the default AuthenticationType is for this call: https://github.com/Inedo/inedox-inedocore/blob/master/InedoCore/InedoExtension/UserDirectories/ADUserDirectory.cs#L268

We added basic support for this in BM-3197, though anything more complicated needs to be handled with a custom event listener. If you want to create a custom extension for this (and are an enterprise customer) you already have access to the source code at https://my.inedo.com, or you can request direct source access to our GitLab repository as well, just send a note via the contact form.

Found the follow-up issue as a user error. After upgrading to 6.0.x the feature worked as expected.

Haha, I missed it by one minor verison. :-D Sounds good. Thanks for the quick response. Means I get to test my scripted upgrade process. :-D Have a good one.

Yes. Just remove the "Anonymous" user from any tasks you've given it to permission to; Admin > Security > Tasks.

I think I got it working. The documentation is really lacking and hard to find. After hours of searching I found https://inedo.com/support/kb/1112/api-keys-in-proget page. First I had to drop anon permissions to "Publish Packages" (I think it may have been off by default). Add a new task (e.g. "Publish to feed") and select the following operations: Add package Overwrite package View feed Grant anon user permissions to the new task Set an API key for the target feed and use the key in my CI/CD pipeline

Hello Alana, That does take you out of the flow a bit, as I assume that this would give them access to edit the "Manage Licences" page? I think is a step in the right direction, but I would still think using the Manage Feed flag and adding that as a role to that which allows Assign Licence is a good option as well. Thanks, Luke

I see, so the actual problem is that you don't have the ability to create or manage AD Groups? Yes, that is certainly annoying... You will probably be better off working within your organization to change this policy. It's awfully silly, and totally defeats the purpose of using AD to begin with. That said, we will consider adding a "teams" feature for a future version.

This is a false positive; unfortunately we seem to be the target of many of them :( See http://inedo.com/support/kb/1113/anti-malware-false-positives-code-signing-and-safety-of-inedo-products Please report the false positive, because some of the virus total companies will not let us do it, only their customers.

Wonderful! Worked just as you said it would. Thank you very much Alana.

This particular issue just means that the web server and service cannot communicate; doesn't have much to do with VOR SECURITY, and you can simply resolve it by restarting the web/service.

The release/deploy API is secured by API keys, not by username/password. When you configure an API key, you can determine which access that API key has. Treat those API keys like passwords, and share them only with people you trust.

If you've removed the "Anonymous" pseudo-user from the privileges for the current user directory, then you will see "You are browsing as the anonymous user, therefore certain functionality may be missing. Click the User Icon in the top right to log in.". note that, if you've enabled Windows Integrated Authentication, you will always be logged in as yourself, so you will not be able to go "anonymous".

Hello Mario, I've added resetadminpassword to ProGet.Service.exe for the next minor release (4.7.10) - PG-1009 For now, you can reset the password in the database to Admin by setting the Salt_Bytes and Password_Bytes to 0x26CF0B87A338C08CA30F and 0x5868049613BC1ED1E4E3C2E404D8B85684B53263 respectively.

A vulnerability version range can be: the literal string (any) empty string (equivalent to (any)) single single, single single, single, single single, single, single, single etc. A single vulnerability version range can be: version >version >=version <version <=version >version <version >=version <version >version <=version >=version <=version The format of version is defined by the feed type.

The admin tool does not currently add the user back; but you can do so directly in the database; the tables are fairly straightforward. To reinstall, make sure to drop the database after install well. It does not get removed by default.