User gets 500 error if you delete a logged in user

Hey there,

I noticed what looks like an unhandled edge case around deleted users with active sessions.

I started a fresh instance using:

podman run -d --name=proget --restart=unless-stopped -p 80:80 proget.inedo.com/productimages/inedo/proget:latest

Then I:

1. Created a user test:test
2. Logged in as test:test in an incognito browser session
3. Deleted the user from the original admin session
4. Refreshed the page in the incognito session

Instead of being redirected to the login page, I get an HTTP 500 error.

I would have expected the session to be invalidated and the user to be redirected back to the login page since the account no longer exists.

Maybe https://github.com/Inedo/inedox-inedocore/pull/183 fixed your problem too. From what you describe your symptoms were the same as mine :)

Thank you very much for the detailed answer!

Hey there,

i noticed on my instance that the container image size calculation does not always work. I pushed a ~20GB Windows container image and the layer sizes look good. But the size column on the overview (/containers) page just shows 0 bytes.

The problem is also visible on the ProGet 1000 instance. So maybe you can check / debug it there:

inedo/buildmaster:25 => 0 bytes

but on https://proget1000.inedo.com/containers/tags/ProductImages/inedo/buildmaster/25.0.12/layers the sizes look good

Is this intentional? Maybe somehow related to a :25 or :lastest tag which resolved to some other version?

Hi there,

i'm getting a 500 error page when calling the SCA page as anonymous user.

Configuration:

• Web.HideHomePageFromAnonymousUser = true
• Some feeds are intentionally accessible to anonymous users

The home page behaves as expected and redirects anonymous users to the login page.

However, some URLs are still directly accessible anonymously (as expected), for example:

• http://proget-test.some-corp-com/feeds

Accessing the SCA page from there anonymously causes an application error:

• http://proget-test.some-corp-com/sca

An error occurred in the web application: Object reference not set to an instance of an object.

URL: http://proget-test.some-corp-com/sca
Referrer: (not set)
User: (unknown)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 Edg/148.0.0.0
IP Address: XX.XXX.XX.XX
Stack trace:    at Inedo.ProGet.WebApplication.Pages.Sca.ScaOverviewPage.Inedo.ProGet.WebApplication.IPrivilegesValidator.ValidatePrivileges() in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E655333\Src\src\ProGet\WebApplication\Pages\Sca\ScaOverviewPage.cs:line 185
   at Inedo.ProGet.WebApplication.ProGetHttpModule.ValidatePrivileges(AhHttpApplication app, IHttpAsyncHandler handler) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E655333\Src\src\ProGet\WebApplication\ProGetHttpModule.cs:line 434
   at Inedo.ProGet.WebApplication.ProGetHttpModule.PostMapRequestHandlerAsync(AhHttpApplication app) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E655333\Src\src\ProGet\WebApplication\ProGetHttpModule.cs:line 406
   at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)

::Web Error on 06/01/2026 15:51:49::

Version info:

Connection String: 
Web UI Version: 2026.2 (Build 16)
Database Schema Version: 26.0.2.16
SQL Server Version: PostgreSQL 17.7 on x86_64-pc-linux-musl, compiled by gcc (Alpine 15.2.0) 15.2.0, 64-bit
db_owner: True
Database Name: proget
Database Collation: C (UTF8)
Database Recovery Model: Default (1)
Database Read Committed Snapshot: True
Database Auto Update Stats: True

Regarding How should ProGet logs be forwarded to Grafana/Loki? one way would be to forward the docker logs to Loki. But the layout of the log lines is not consistent. It looks like there are different loggers writing the stdout in different formats.

Hi there,

I followed the documentation here:

https://docs.inedo.com/docs/installation/security-ldap-active-directory/various-ldap-openldap

Unfortunately, I have not been able to get the connection working so far.

The LDAP test dialog looks like this:

From what I can tell, it seems to fail somewhere around this code path:

https://github.com/Inedo/inedox-inedocore/blob/master/InedoCore/InedoExtension/UserDirectories/Clients/NovellLdapClient.cs#L33

The container logs only show the following:

2026-05-18T14:20:14.414550674Z Begin LDAP Get Search Results
2026-05-18T14:20:14.448461026Z LdapReferralException
2026-05-18T14:20:14.448488541Z LdapReferralException
2026-05-18T14:20:14.448603052Z LdapReferralException
2026-05-18T14:20:14.448612606Z End LDAP Get Search Results

The main problem is that the logs do not contain the actual exception message or stack trace. They only show LdapReferralException, so it is difficult to understand what exactly is going wrong or how to fix the LDAP configuration.

I have a few questions:

1. Where should ProGet container logs be written?
   The container has a mounted volume at:

/var/proget/logs

However, this directory is empty. Is this expected behavior for the container image, or should ProGet write log files there?

2. How can I increase the log level?
   I found this forum thread:

   https://forums.inedo.com/topic/3060/defining-log-level/4?_=1779106499495

   But I was not able to get more detailed LDAP error output.

3. Why is the Administration Logs page empty?
   I also checked:

https://some-proget-url/administration/logs

but that page is empty as well. Should LDAP test errors appear there, or are they only written to container stdout/stderr?

4. How can I troubleshoot the LDAP/AD connection further?
   Since the current output only shows LdapReferralException, I’m not sure whether this is caused by:

   • LDAP referrals not being followed,
   • an incorrect base DN,
   • domain controller behavior,
   • missing bind permissions,
   • TLS/LDAPS issues,
   • or something else.

   Is there a recommended way to get the full LDAP exception message and stack trace from ProGet?

5. How should ProGet logs be forwarded to Grafana/Loki?
   Since ProGet would be a central part of our infrastructure, we would like to monitor it properly, including:

   • application errors,
   • authentication/authorization failures,
   • LDAP/AD issues,
   • package publishing/deletion events,
   • audit-relevant events,
   • alerting on failures.

   What is the recommended approach for forwarding ProGet logs from the container to a central logging system such as Grafana Loki? Should this be done via container stdout, mounted log files, a logging driver, or another supported mechanism?

Thanks in advance for any help or pointers.

I love the idea here

Here is another handy way which reuses the existing pgutil / Inedo.ProGet tooling:

Program.cs:

#!/usr/bin/dotnet run

#:sdk Microsoft.NET.Sdk

#:package Inedo.ProGet@2.1.3

#:property JsonSerializerIsReflectionEnabledByDefault=true

using Inedo.ProGet;

Console.WriteLine($"Starting ProGet bootstrap");

var client = new ProGetClient("http://localhost:8090", "test123");

var groups = client.ListUserGroups();
foreach (var group in DesiredState.Groups)
{
    if (await groups.AllAsync(g => g.Name.Equals(group.Name)) != null)
    {
        await client.UpdateUserGroupAsync(group);
    }
    else
    {
        await client.CreateUserGroupAsync(group);
    }
}

var users = client.ListUsersAsync();
foreach (var user in DesiredState.Users)
{
    if (await users.FirstOrDefaultAsync(u => u.Name.Equals(user.Name)) != null)
    {
        await client.UpdateUserAsync(user);
    }
    else
    {
        await client.CreateUserAsync(user);
    }
}

var connectors = client.ListConnectorsAsync();
foreach (var connector in DesiredState.Connectors)
{
    if (await connectors.FirstOrDefaultAsync(c => c.Name.Equals(connector.Name)) != null)
    {
        await client.UpdateConnectorAsync(connector.Name, connector);
    }
    else
    {
        await client.CreateConnectorAsync(connector);
    }
}

var feeds = client.ListFeedsAsync();
foreach (var feed in DesiredState.Feeds)
{
    if (await feeds.FirstOrDefaultAsync(f => f.Name!.Equals(feed.Name)))
    {
        await client.UpdateFeedAsync(feed.Name!, feed);
    }
    else
    {
        await client.CreateFeedAsync(feed.Name!, feed.FeedType!);
        await client.UpdateFeedAsync(feed.Name!, feed);
    }
}

var settings = client.ListSettingsAsync();
foreach (var setting in DesiredState.Settings)
{
    await client.SetSettingAsync(setting.Name, setting.Value);
}

Console.WriteLine("ProGet bootstrap completed successfully.");

public static class DesiredState
{
    public static IReadOnlyList<SecurityUser> Users { get; } =
    [
        new SecurityUser {
            Name = "svc-ci",
            DisplayName = "CI Service Account",
            Email = "svc-ci@example.com",
            Password = "svc-ci",
            Groups = ["proget-admins"],
        },
    ];

    public static IReadOnlyList<SecurityGroup> Groups { get; } =
    [
        new SecurityGroup {
            Name = "proget-admins",
        },
    ];

    public static IReadOnlyList<ProGetConnector> Connectors { get; } =
    [
        new ProGetConnector {
            Name = "nuget-org",
            FeedType = "nuget",
            Url = "https://api.nuget.org/v3/index.json",
            Timeout = 30,
            MetadataCacheEnabled = true,
        },
    ];

    public static IReadOnlyList<ProGetFeed> Feeds { get; } =
    [
        new ProGetFeed {
            Name = "nuget-internal",
            FeedType = "NuGet",
            Description = "Internal NuGet packages with nuget.org connector",
            Active = true,
            UseApiV3 = true,
            Connectors = ["nuget-org"],
            RetentionRulesEnabled = true,
            VulnerabilitiesEnabled = true,
            PackageStatisticsEnabled = true,
        },
    ];

    public static IReadOnlyList<SettingsInfo> Settings { get; } =
    [
        new SettingsInfo {
            Name = "Web.BaseUrl",
            Value = "http://localhost:8090",
            Description = "Full root URL for this installation of ProGet. This should start with http:// or https://",
            ValueType = SettingsInfoValueType.Text,
        },
    ];
}

You can run it with dotnet run Program.cs or Visual Studio Code. It is easy to debug and extend.

I checked the /var/log/postgresql/postgresql-17-main.log file but it is empty.

On my test instance i ran the "maven.org Full Maven Connector Index Job" manually but it seems to have crashed. Now ProGet does not start anymore because it can't reach the database. I already restarted the docker container but that didn't fix the issue.

How to get the logs from the built in database to check what's wrong?

I already checked https://docs.inedo.com/docs/installation/postgresql but the troubleshooting info did not help:

root@dc6f66f82da3:/usr/local/proget/service# ./proget query --file=-
unexpected argument: query
unexpected argument: --file=-

Description:
  Hosts the ProGet service and performs various operations.

Usage:
  proget [command] [options]

Commands:
  run                 Runs the ProGet service.
  resetadminpassword  Switches to the built-in user directory and changes the Admin account password to "Admin".
  upgradedb           Upgrades the database schema version to this version of ProGet.
  database            Commands for performing database maintenance operations

Thank you for the detailed response! I see your points. I will check the links :)

Hi there,

I’m currently evaluating ProGet as an alternative to Sonatype Nexus, and I have to say the product looks very promising so far—great work

I have a couple of questions:

1. Authentication exclusions

In our previous Nexus setup, we had certain endpoints excluded from authentication due to compatibility issues with other tools. I attempted to recreate this behavior in ProGet.

With the current configuration, accessing https://proget-test.some-company.net/nuget/internal-nuget/v3/index.json still requires authentication. Am I misunderstanding the configuration? Do these rules need to be inverted?

My goal is to have security enabled by default, with explicit exceptions for certain paths.

2. Vulnerability analysis updates

On the vulnerability search page https://security.inedo.com/vulnerability/search?showOnlyInedoAnalysis=True the most recent entry appears to be from January 16, 2026. Is there a reason there haven’t been newer analyses published since then?

3. Prometheus / OpenTelemetry integration

The documentation mentions that “by integrating Prometheus with Inedo products, users can gain real-time visibility into metrics, detect anomalies, and address issues” (see: https://docs.inedo.com/docs/installation/logging/installation-prometheus), which I completely agree with. However, from what I can tell, ProGet itself does not currently expose any Prometheus-compatible metrics. Is that correct? Are there any plans to add native Prometheus and/or OpenTelemetry support to ProGet? From an operations and observability perspective, I think this would be an excellent fit.

Thanks in advance for your help — I appreciate it.

4. Roadmap

https://inedo.com/products/roadmap looks outdated

Best regards,
K