Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

NuGet Gallery should support LDAP for on-premise deployments #554

matthewskelton opened this Issue Jul 25, 2012 · 32 comments


None yet

For those who use NuGet Gallery on-premise (rather than just nuget.org), it'd be a big win for the Gallery to support LDAP for authentication rather than (or in addition to) the NuGet Gallery database authentication store.

Depending on how much interest there is, I might be able to contribute this change.


anurse commented Jul 25, 2012

I've often wanted OAuth login support as well, and we've done some work with Active Directory Federation inside Microsoft. Might be time to start planning a more robust, pluggable, authentication system.

Excellent - OAuth + LDAP + native DB would cover most bases I think.


pranavkm commented Jul 25, 2012

We'd be happy to take a pull request. As @anurse pointed out, it would be really nice to have OAuth on the gallery.


grenade commented Aug 8, 2012

I have written an implementation that enables LDAP authentication.
The pull request is here: #562
The fork is here: https://github.com/grenade/NuGetGallery-LdapAuth

@ghost ghost assigned pranavkm Sep 5, 2012

What if the status of this pull request? Seems to have quieted down over the last few months.


jeffhandley commented Oct 5, 2012

We'll try to take a look soon. Since the fork is available, and LDAP wasn't needed for nuget.org, we hadn't gotten to this yet.

Sorry, I don't know the best place to ask this question as there is no issues tab on the fork. I've tried running the fork on top of an existing installation of the project, and got an error that DbMigrations could not be applied because it would remove data. What can be done to massage the migrations through?


jeffhandley commented Oct 8, 2012

Not terribly long ago, we added some migrations that shrank some text fields from nvarchar(MAX) down to have logical lengths. I'm guessing you have data in your database that would get truncated.

The changes were made in commit e1f2302.

We're also looking to host an internal gallery... this would be huge! I was going to try and see if I could get the fork running on my machine. Seems like there would be a ton of merging to do since this was last updated.


anurse commented Mar 1, 2013

We're working on some other Auth stuff as well and hopefully LDAP will be able to be a more modular plugin to that model. I don't think we'd take LDAP auth in the main code at first, but hopefully it would be easier to maintain a clean fork that just adds that component.

+1 For LDAP Auth. We want this for our Enterprise gallery. Is there any talk of symbol server support as well or can I just add use this in my NuGet Gallery installation?

+100 for LDAP
Now we have to use fork by grenade and I really can't imagine how to merge it with actual code.
We are also looking for some other solution for enterprise nuget repo, but unfortunately with no results.

@maslakov We eventually went with Artifactory Pro, which has built-in NuGet support, including LDAP auth.

MattLud commented Sep 5, 2013

I've started a port of @grenade work with LDAP into a current version of the gallery. If there is any guidance in cleaning up the auth process, I'm all for incorporating it as part or a separate issue.


l3m commented Sep 17, 2013

Any news on the integration? LDAP for NuGet Gallery sounds really promising. We are currently using ProGet and it just causes so many problems, needs to be restarted all the time etc.


anurse commented Oct 3, 2013

We still don't have direct plans for LDAP as our primary audience is the nuget.org site (we definitely want to make it as easy as possible to host private galleries, but we're a very limited team :)).

We do have very concrete plans for pluggable auth in the near future (specifically focusing on OAuth right now). With that model, it would be quite straightforward to maintain an LDAP authentication component that could easily be integrated into the Gallery. It wouldn't be as simple as just editing config, but it should be a very light fork that just adds a few classes.


fabiostawinski commented Nov 12, 2013

Also I'm looking foward this implementation 👍


grenade commented Nov 18, 2013

If there is an issue or fork related to the pluggable auth mentioned earlier, I am happy to work with other contributors for implementing the LDAP module. I am now working with a third enterprise client who require this and it always feels sloppy to make them use my fork rather than the main gallery code.


anurse commented Nov 19, 2013

#253 is the closest to discussion on that topic. We're working on a few elements to make "shallow-forking" (i.e. forking the gallery to make minor additions/rebranding) easier and Authentication is one of them. There's now a PR out to add support for these pluggable authenticators, and while they may not be perfect for LDAP yet, we're certainly willing to take infrastructure changes to make them more pluggable (though we are less confident about taking a full LDAP feature :))

@rismoney rismoney referenced this issue in chocolatey/chocolatey.org Jan 3, 2014


Directory integration #63

I want to use an OpenID. I don't want to create account to contribute.

If you add barriers to people who want to help, you are going to get less help.

MattLud commented Feb 18, 2014

@anurse I'm starting work on this with the newer code and looking over the new credentials code - It doesn't look too easy to drop an assembly in but rather that it requires integration with the NuGet Gallery code.

Does that sound right?


anurse commented Feb 19, 2014

Yes, some integration with the gallery is still required, though it's much less invasive than it would have been prior to the new credentials code. Happy to help out if you have specific questions about the integration :).

Is there any progress on this? Any plugin available for LDAP auth?


MattLud commented Mar 5, 2014

Working on it right now.

LDAP support is a bit of an oddball area here - I'm betting no one wants to setup a separate LDAP application in which the sole purpose is to have a username & password screen that then sends them back to nuget gallery when the gallery is on the same network as the LDAP. It would ideally reuse the existing username/password boxes that'd also support autoenroll as @grenade did.

I'm also trying to figure out the best way to fit it without being invasive to the existing local usercode as a result.

Well it would ideally use integrated authentication to avoid username/password boxes, but at least allowing AD login is a good MVP.

Yes it would, I still have 4 servers down including ATHERLITH due to misidentifications and getting the wrong builds, if u look, i have'nt been there in awhile. My enterprise id crashed

Date: Thu, 6 Mar 2014 05:07:51 -0800
From: notifications@github.com
To: NuGetGallery@noreply.github.com
Subject: Re: [NuGetGallery] NuGet Gallery should support LDAP for on-premise deployments (#554)

Well it would ideally use integrated authentication to avoid username/password boxes, but at least allowing AD login is a good MVP.

Reply to this email directly or view it on GitHub.


CumpsD commented May 16, 2014

I can only add another 👍 +1 from my side to get Integrated Auth


anurse commented May 21, 2014

This just isn't something we're able to prioritize in the core Gallery. We'd be happy to accept PRs which improve the extensibility of the authentication model so that this can be easily integrated into custom Gallery deployments.

@anurse anurse closed this May 21, 2014


ggrnd0 commented Jun 8, 2014

is it actual?

+1 for windows auth

  • for LDAP/Active Directory ntlm authentication...Hosting a private gallery, chances are you’re on an Active Directory and don't want to have users login 2 times to get to NuGet Gallery. You want to add them in a AD group which will give them access.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment