-
Notifications
You must be signed in to change notification settings - Fork 641
Configuring MSA AAD for your on prem gallery instance
Shishir H edited this page Oct 2, 2019
·
4 revisions
NuGet Gallery uses AzureActiveDirectoryV2 common endpoint for authentication.
- Register an app for authenticating with your AAD
- Sign in with your work/personal account on https://aka.ms/AppRegistrations
- Goto App registrations Portal tab
- Click on
+ New registration
button. - Give a name.
- Select
Accounts in any organizational directory(any AAD - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
- Under Redirect URIs
Web
option:https://<Yourdomain>/users/account/authenticate/return
(NOTE: this is a must format otherwise it will give error, also note the 'https') - Note down
ApplicationId
- Go to
Certificates & Secrets
tab, create a+ New client secret
. Note this down as theApplication secret
. - In your local nuget gallery instance, set the values copied in step 9 in
web.config
for Keys:
Auth.AzureActiveDirectoryV2.ClientId = <ApplicationId>
Auth.AzureActiveDirectoryV2.ClientSecret = <Application Secret>
Auth.AzureActiveDirectoryV2.Enabled = true
- Note: This authenticates the gallery with the v2 common workflow, it means any AAD/personal MSA account will be able to create an account and publish packages to your on-prem gallery. If you want to authenticate with only specific AAD, for now, you will need to make a code change. Update the AzureActiveDirectoryV2AuthenticatorConfiguration. Set the authority tenant ID to your AAD Tenant ID:
openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, AzureActiveDirectoryV2Authenticator.Authority, "<Your AAD Tenant ID>");
- This should get your gallery up and running integrated with your specific AAD Account.