8

I'm considering setting up Intranet-level Nuget feed(bunch of teams in my company are supposed to use it).
I've looked briefly through some tutorials + appropriate chapters in Pro Nuget book, however I still do have some question left so far:

  1. How to make windows integrated security working on private feed smoothly and customize access rights for private Nuget feed(for instance, grant everyone to get packages but grant pushing only to several domain users/groups);
  2. How to allow developers to push packages to private feed without having api key?
  3. How to save developers from making such silly mistake as pushing package to public feed? Is that enough to not configure api key for public feed as default?

Has anyone faced with one of these cases?

TylerH
  • 20,799
  • 66
  • 75
  • 101
alex.b
  • 4,547
  • 1
  • 31
  • 52
  • 1
    The reasons you've listed here are some of the inspiration for why we built [ProGet](http://inedo.com/proget/download) - so if you're willing to spend a little money you can do all of the things you listed quite easily in the Enterprise version. – John Rasch Aug 02 '12 at 15:52
  • 1
    You may be interested in this fork and pull request on the NuGetGallery project to add support for this. https://github.com/NuGet/NuGetGallery/pull/562 – Mark Melville Oct 04 '12 at 19:11
  • @MarkMelville: I've forked it already. Seems like so far NuGet Gallery allows out of the box(+ some configuration on IIS7) everything what I need. I case of any code is written I certainly will try to share it. – alex.b Oct 05 '12 at 10:48

1 Answers1

4

I did not try this so far, but following those instructions : http://docs.nuget.org/docs/creating-packages/hosting-your-own-nuget-feeds

I would just create a network share on the server hosting the feed, with write access to specific AD group of developers.

This way your repository is public, and only some persons can add packages to it.

Even after, if you have a continuous integration server, you could allow access to the file share (or API key) only to the account building packages. This way packages are published automatically after having passed automated tests.

mathieu
  • 30,974
  • 4
  • 64
  • 90
  • Network share looks promising to be the best option to choose in my case. Most likely my team will follow it. – alex.b Sep 04 '12 at 09:51
  • 1
    Putting little update here. After setting up file share we've set up private nuget feed hosted in IIS(which is extremely easy to do - [steps here](http://docs.nuget.org/docs/creating-packages/hosting-your-own-nuget-feeds)) and managing nuget access rights is done via IIS. – alex.b Feb 28 '13 at 13:37
  • The best options is to publish to NuGet feed via nuget push and utilize IIS auth and pass-through credentials to manage security. You can still administer security at the FileSystem level this way, but do not have to open a share and do not have to deal with indexing problems when dropping packages via a share. – Shaun Wilson Dec 19 '13 at 01:07