06 February 2015

As described in my book NuGet 2 Essentials, setting up a NuGet Server is pretty straight forward. In book I’ve described how simple NuGet Server is set-up and how to set-up the NugetGallery. Using both approaches we get a nice public NuGet feed for our packages.

What happens if we do not want our packages to be publicly available to everyone, let us say we want to protect company’s know-how, maybe we’re packing sensitive data or something similar? There are some obvious solutions, we can set-up Windows authentication in IIS, allow only certain IPs with ACL, … however none of those methods is as straight forward as simply typing username and password.

So let us create a new Web project with an Empty Web Application template in Visual Studio, add a reference to System.Data.Service and then add NuGet reference NuGet.Server. This package sets up the whole NuGet feed for us - but again, it is public.

For authentication we shall use NuGet package SimpleBasicAuthenticationModule, which is a really nice package that does its job in our case.

After successful installation UserCredentials.xml file appears in App_Data folder where we can find the list of users for our nuget feed, lets delete all of them and create just one. UserCredentials.xml should look like:

<ArrayOfstring xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">

In case you are wondering, values are username;password;rolename.

So when we hit F5, username and password dialog prompt is shown, authenticating via http://nuget:passw0rd1@localhost:8080 also works (port number may be different depending on your environment).

Now we have to add our new source to nuget configuration. We can do that easily by using the following command:

NuGet.exe sources add -Name AuthFeed -source http://localhost:8080/nuget -username nuget -password passw0rd1 -StorePasswordInClearText

NuGet.exe should return similar output:

Package Source with Name: AuthFeed added successfully.

If we start Visual Studio we should see our newly created feed displayed in Manage NuGet Packages window and without any credentials prompt. We can also manually restore packages with nuget.exe restore Solution.sln without creation which is pretty convenient for build scripts / servers.

Goes without saying for production use you should secure feed with HTTPS, but for sake of simplicity we used http.

blog comments powered by Disqus