Skip to content

Configuring MSA AAD for your on prem gallery instance

Jump to bottom
Shishir H edited this page Oct 2, 2019 · 4 revisions

NuGet Gallery uses AzureActiveDirectoryV2 common endpoint for authentication.

  1. Register an app for authenticating with your AAD
  2. Goto App registrations Portal tab
  3. Click on + New registration button.
  4. Give a name.
  5. Select Accounts in any organizational directory(any AAD - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
  6. Under Redirect URIs Web option: https://<Yourdomain>/users/account/authenticate/return (NOTE: this is a must format otherwise it will give error, also note the 'https')
  7. Note down ApplicationId
  8. Go to Certificates & Secrets tab, create a + New client secret. Note this down as the Application secret.
  9. In your local nuget gallery instance, set the values copied in step 9 in web.config for Keys:
Auth.AzureActiveDirectoryV2.ClientId = <ApplicationId>
Auth.AzureActiveDirectoryV2.ClientSecret = <Application Secret>
Auth.AzureActiveDirectoryV2.Enabled = true
  1. Note: This authenticates the gallery with the v2 common workflow, it means any AAD/personal MSA account will be able to create an account and publish packages to your on-prem gallery. If you want to authenticate with only specific AAD, for now, you will need to make a code change. Update the AzureActiveDirectoryV2AuthenticatorConfiguration. Set the authority tenant ID to your AAD Tenant ID:
openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, AzureActiveDirectoryV2Authenticator.Authority, "<Your AAD Tenant ID>");
  1. This should get your gallery up and running integrated with your specific AAD Account.
Clone this wiki locally