You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi
i'm working on a token based Authentication for a NuGet Server (BaGet)
I know all the concepts of CredentialProviders and i have up and running VS+Debugger for Nuget.exe and "artifacts-credprovider" (the Azure Artifact Credential Provider)
Basically Nuget Authentication is implemented here
basically the following 2 lines are doing the work:
that means the entire process of building and appending a AUTH-Header is delegated to the corefx implementation of HTTPClientHandler (also debugged for this investigations)
basically HTTPClienHandler has no implementation for a AuthType like "Bearer".
It has implementations for "Basic", "NTLM" "Negotiate" and "Digest"..
Reading the sourcecode of artifacts-credprovider, (the NuGet CredentialProvider for Azure Artifacts) i find out, that they are using/implementing Token based security (vsts services) BUT
the used Authenticationtype is "Basic" (see VstsBuildTaskCredentialProvider)
credential.username is ignored/random/virtual
credential.password contains the token.
It make sense to do the same if we implement token based security in our own NuGet Server ?
what is the plan for the future here ?
I see that the current CredentialProvider interface does not allows the transfer of information about the authtype...(or i overlooked something) ?
Summary:
For Token based NuGet Authentication
implement "Basic" Authentication on the server side and assume that the password contains the token
use Config/CredentialProvider Settings on the client side that sends the token as ICredential.Password
TRUE ?
i must assume that Azure Artifacts and others does exactly this "hack" at the moment....
regards
Werner
The text was updated successfully, but these errors were encountered:
Hi
i'm working on a token based Authentication for a NuGet Server (BaGet)
I know all the concepts of CredentialProviders and i have up and running VS+Debugger for Nuget.exe and "artifacts-credprovider" (the Azure Artifact Credential Provider)
Basically Nuget Authentication is implemented here
basically the following 2 lines are doing the work:
that means the entire process of building and appending a AUTH-Header is delegated to the corefx implementation of HTTPClientHandler (also debugged for this investigations)
basically HTTPClienHandler has no implementation for a AuthType like "Bearer".
It has implementations for "Basic", "NTLM" "Negotiate" and "Digest"..
Reading the sourcecode of artifacts-credprovider, (the NuGet CredentialProvider for Azure Artifacts) i find out, that they are using/implementing Token based security (vsts services) BUT
It make sense to do the same if we implement token based security in our own NuGet Server ?
what is the plan for the future here ?
I see that the current CredentialProvider interface does not allows the transfer of information about the authtype...(or i overlooked something) ?
Summary:
For Token based NuGet Authentication
TRUE ?
i must assume that Azure Artifacts and others does exactly this "hack" at the moment....
regards
Werner
The text was updated successfully, but these errors were encountered: