Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Requiring authentication for Symbols/source feed without Integrated Windows Auth (IWA)?



  • In our trial of ProGet, we've determined that the URLs exposed by the built-in Symbols server (e.g., https://{server}/source-files/{feed}/{package}/{version}/SomeSource.cs) are exposed anonymously without any form of authentication. By contrast, MyGet offers the option of a pre-authenticated URL with an authorization token built-in (see https://docs.myget.org/docs/reference/symbols).

    The only way we've found to properly secure this Symbols feed is by enabling Integrated Windows Authentication in IIS, which then applies to the entire site. Most problematically, this means it applies to the npm feed, which doesn't work properly with IWA at all (requiring kludgy solutions like CNTLM).

    Has anyone else found a way to require authentication for the Symbols URLs without enabling IWA site-wide?

    Product: ProGet
    Version: 5.1.0


  • inedo-engineer

    This will be fixed in PG-1273 for the next maintenance release.



Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation