1. Home
  2. Categories
  3. Support
  4. Requiring authentication for Symbols/source feed without Integrated Windows Auth (IWA)?

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Requiring authentication for Symbols/source feed without Integrated Windows Auth (IWA)?

  • ?

    In our trial of ProGet, we've determined that the URLs exposed by the built-in Symbols server (e.g., https://{server}/source-files/{feed}/{package}/{version}/SomeSource.cs) are exposed anonymously without any form of authentication. By contrast, MyGet offers the option of a pre-authenticated URL with an authorization token built-in (see https://docs.myget.org/docs/reference/symbols).

    The only way we've found to properly secure this Symbols feed is by enabling Integrated Windows Authentication in IIS, which then applies to the entire site. Most problematically, this means it applies to the npm feed, which doesn't work properly with IWA at all (requiring kludgy solutions like CNTLM).

    Has anyone else found a way to require authentication for the Symbols URLs without enabling IWA site-wide?

    Product: ProGet
    Version: 5.1.0

    0
  • jrasch
    inedo-engineer

    This will be fixed in PG-1273 for the next maintenance release.

    0
proget 1568 npm 84 symbols 65 authentication 62
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation