Disabled allowAnonymousPackageChanges in web.config, but cannot login with username/Api Key.

[djl2]

Klondike version 1.4.1-1.5.2

I recently set "NuGet.Lucene.Web:allowAnonymousPackageChanges" in web.config to False, but I cannot sign in from the Klondike login page as expected.

I've tried using the built-in user accounts (LocalAdministrator, AnonymousPackageManager) with API Key as the password, but get the message "Authentication failed." Note I've already run the "nuget setApiKey" command for both users. I've also tried creating a new user account and it fails as well.

What am I missing here?

Thanks in advance.

[chriseldredge]

Perhaps it isn't clear from the documentation, but the login screen in the web UI only works when you have external authentication configured, such as Windows authentication. Klondike treats API keys differently than login passwords.

I've only enabled and tested logging in with username and password when the IIS site is configured to use Windows authentication.

You can still use the api keys by passing the X-NuGet-ApiKey request header, as the nuget command line client does.

[djl2]

Thanks for the clarification.