You can configure the NuGetGallery to use Azure Active Directory to manage your accounts.
- On the portal, open the "App registrations" blade.
- Select "New registration".
- For "Supported account types", select "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".
⚠ NOTE: This allows any Azure Active Directory or personal account to create an account and publish packages to your on-prem gallery. If you'd like to authenticate with a specific directory (the "Single tenant" option), you will need to make a code change later.
- For "Redirect URI", select "Web" with the value
https://<Your domain>/users/account/authenticate/return. - Press "Register" to create the application.
You will need to configure the Azure Active Directory application before it can be used by the NuGetGallery:
- On the "Overview" pane, note down the "Application (client) ID".
- Navigate to the "Authentication" pane. Under the "Implicit grant" section, enable "ID tokens" and press "Save".
- Navigate to "Certificates & secrets" pane and create a new client secret. Note the value of your client secret.
Now that the Azure Active Directory application is ready, let's configure the NuGetGallery to use your new app:
- Open the NuGetGallery solution using Visual Studio.
- Modify the "Web.config" file in the NuGetGallery project.
- Modify the
Auth.AzureActiveDirectoryV2.Enabledsetting totrue. - Modify the
Auth.AzureActiveDirectoryV2.ClientIdsetting to the application ID you copied earlier. - Modify the
Auth.AzureActiveDirectoryV2.ClientSecretsetting to the client secret you copied earlier.
If you selected the "Single tenant" option when you created your Azure Active Directory app registration, update AzureActiveDirectoryV2AuthenticatorConfiguration to set the authority tenant ID to your AAD Tenant ID:
openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, AzureActiveDirectoryV2Authenticator.Authority, "<Your AAD Tenant ID>");