配置NuGet服务器以使用身份验证 [英] Configuring NuGet server to use Authentication

问题描述

NuGet 1.5州的发行说明

The release notes for NuGet 1.5 state

NuGet now supports connecting to private repositories that require basic 
or NTLM authentication.

但是，其中包含的链接只会导致托管您自己的nuget供稿页面，不再提及如何设置身份验证。

However, the link contained in there simply leads to the hosting your own nuget feeds page, without any further mention of how to set up authentication.

我想建立一个可通过互联网https访问的NuGet服务器，但只允许能够成功通过身份验证的人查看或下载服务器上的软件包。

I would like to set up a NuGet server that is accessible via https from the internet, but only allows people who can successfully authenticate to view or download the packages on the server.

我确实创建了一个没有auth的应用程序，如创建远程源部分所述。 nuget.org/docs/creating-packages/hosting-your-own-nuget-feeds\">文档，它在Intranet上运行良好。如何在此repo上启用身份验证？

I did create an application without auth as described in the Creating Remote Feeds section in the documentation, and it works nicely on the intranet. What do I have to do to enable authentication on this repo?

另一个要求是解决方案不应该花费数百美元（前两个答案会推广可能解决问题的产品但成本很高）。

An additional requirement would be that solution should not cost hundreds of dollars (the first two answers promote products that might solve the problem but cost a lot).

推荐答案

这可以通过在网站上启用Windows身份验证并通过Sources 命令行选项，默认情况下，使用限制在当前计算机上当前用户的DPAPI密钥存储凭据（因此，对于构建服务器，您需要在服务帐户下登录时添加凭据。）

This can be done by enabling Windows Authentication on the Web Site and adding credentials on the build server via the Sources command-line option, by default the credentials are stored using a DPAPI key restricted to the current user on the current machine (thus, for a build server, you would need to add credentials while logged in under the service account.)

对于Developer工作站，您只需要在NuGet Package中添加feed刷新源时管理器然后输入/存储凭据（应该提示您。）

For Developer workstations you only need to add the feed in NuGet Package Manager and then input/store credentials when refreshing the feed (you should be prompted.)

步骤1 - 要求在NuGet服务器上进行身份验证（IIS配置）

您需要确保为IIS安装了您要使用的身份验证模块，对于NTLM身份验证，您将需要Windows身份验证模块。安装完成后，您可以打开IIS管理器并深入查看您的网站，打开身份验证设置并启用Windows身份验证，确保禁用您不想支持的任何身份验证模块（例如匿名，基本等）。

You need to make sure the authentication module you wish to use is installed for IIS, for NTLM auth you will need the Windows Authentication module. Once installed you can open IIS Manager and drill down to your website, open the Authentication settings and Enable Windows Authentication, be sure to disable any authentication modules you do not want to support (such as Anonymous, Basic, etc.)

要确保使用用户凭据，请右键单击站点并选择高级设置，然后单击物理路径凭据按钮。在对话框中确保选择应用程序用户（传递身份验证）。

To ensure that user credentials are used, right-click on the Site and select "Advanced Settings", then click on the button for "Physical Path Credentials". In the dialog ensure that "Application User (pass-through authentication)" is selected.

可以找到有关Windows身份验证的标准IIS配置的更多详细信息 TechNet ，包括从命令行进行配置并启用协商（如果是你的目标。）

More detailed information about standard IIS configuration for Windows Authentication can be found on TechNet including configuring from a command-line and enabling Negotiate (if that was your goal.)

第2步 - 向NuGet配置添加资源（构建服务器，发布者）

nuget.exe sources add -Name "Fabrikam Feed" -Source "https://nuget.fabrikam.com:443/nuget/"
nuget.exe sources add -Name "Fabirkam Publish" -Source "https://nuget.fabirkam.com:443/"

这里我们添加两个条目，一个将用作正常的，经过身份验证的Feed URL（用于从服务器获取包）。第二个将用于发布到服务器（添加或更新nupkg文件。）

Here we are adding two entries, one which will be used as the normal, authenticated Feed URL (for fetching packages from the server.) The second will be used for publishing to the server (adding or updating nupkg files.)

第3步 - 更新C.已添加来源的续订（构建服务器，发布者）

nuget.exe sources update -Name "Fabrikam Feed" -Source "https://nuget.fabrikam.com:443/nuget/" -UserName "Developer" -Password "g0d"
nuget.exe sources update -Name "Fabrikam Publish" -Source "https://nuget.fabrikam.com:443/" -UserName "Developer" -Password "g0d"

我们这里有添加了配置凭据，如果您查看％APPDATA％\NuGet \NuGet.config ，您应该会看到已添加的订阅源以及加密凭据。

Here we have added credentials to the config, if you view %APPDATA%\NuGet\NuGet.config you should see the feeds you have added as well as encrypted credentials.

如果您无法以服务器身份登录，则可以使用 StorePasswordInClearText 选项，但不建议在共享环境中使用。

If you do not have the ability to log in as the server it is possible to store credentials in clear text by utilizing the StorePasswordInClearText option, but this is not advised in a shared environment.

步骤4 - （可选）禁用Visual Studio中的发布URL（开发人员）

打开Visual Studio并导航到NuGet包管理器设置对话框，取消勾选Fabrikam PublishFeed。这不会影响您的发布能力，但是，如果您不禁用此Feed，则在尝试刷新所有来源的包时会收到错误（因为它是发布网址，而不是Feed网址。）

Open Visual Studio and navigate to the NuGet Package Manager Settings Dialog, untick the "Fabrikam Publish" feed. This will not affect your ability to publish, however, if you do not disable this feed you will receive errors when you try and refresh packages for "All" sources (as it is a publish URL, not a feed URL.)

步骤5 - （可选）在Visual Studio（开发人员）中存储Windows凭据

打开Visual Studio并导航到NuGet包管理器，单击Fabrikam Feed。系统会提示您输入凭据。您可以在此输入凭据并勾选保存/记住选项。这可确保尝试在Visual Studio中刷新源不会经常请求凭据。在最新版本的NuGet Package Manager中，使用标准HTTP请求获取源，并且不使用存储到nuget.config的凭据。

Open Visual Studio and navigate to the NuGet Package Manager, click on "Fabrikam Feed". You should be prompted for credentials. You can enter credentials here and tick the save/remember options. This ensures that attempting to refresh the feed in Visual Studio doesn't constantly ask for credentials. In the latest releases of NuGet Package Manager the feed is fetched using a standard HTTP request and the credentials you've stored to nuget.config are NOT used.

注意：

1. 你不需要第三方解决方案来托管私有的安全源。 NuGet服务器是免费提供的，IIS和NuGet工具都支持NTLM / AD / Windows安全性。

1. You do not need a third party solution to host private, secure feeds. NuGet server is freely available and NTLM/AD/Windows security is supported by both IIS and NuGet tooling.

不需要发布到Feed的开发人员不需要在其配置中存储凭据。他们也不需要配置发布Feed。这仅适用于构建服务器或其他发布者（re：步骤2和3）。

Developers who do not need to publish to the feed do not need to store credentials in their config. They also do not need a 'Publish' feed configured. This is only necessary for build servers or other publishers (re: Steps 2 and 3.)

所有使用程序包提要的开发人员都会对Step感兴趣5，这应该是大多数开发人员所需要的全部内容。他们只需在Visual Studio中添加提要，然后在提示时输入他们的凭据。

All developers who will use the package feed will be interested in Step 5, this should be all that is required for most developers. They can simply add the feed from within Visual Studio, then enter their credentials when prompted.

如果凭据更改，您可以导航到开始 - >管理Windows凭据和删除VSCredentials_nuget.fabrikam.com。

If credentials change you can navigate to Start -> Manage Windows Credentials and delete "VSCredentials_nuget.fabrikam.com".

步骤2可以在visual studio中执行，但为了清楚起见，我在这里给出了命令行。但是，步骤3必须通过命令行（或使用NuGet API）执行。

Step 2 can be performed in visual studio, but for clarity I've given the command-line here. Step 3, however, must be performed via command-line (or using the NuGet APIs.)

在NuGet的未来版本中，传闻可以是凭证信息存储在解决方案或项目级别（详细信息不清楚），这可能只对多租户构建环境中无法访问构建服务器的人员感兴趣。

In a future release of NuGet rumor is credential information can be stored at the solution or project level (details are unclear), this is likely only of interest to people in a multi-tenant build environment where they do not have access to the build server.

希望这可以帮助其他人！

Hope this helps someone else out there!

这篇关于配置NuGet服务器以使用身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！