NuGet - Make artifacts available to guest account

Hi,

I'm setting up TeamCity to host nuget packages. I have a scenario where my project is locked down to a few users who manage the project but artifacts must be available to any user within the organization. I have enabled the guest account. What's the best way to set that up?

Do I have to create a separate project where guest user has read access and then change the locked-down project to publish artifacts to the second project?

Or is there a different/better way to control security in this case?

Thanks,
Rasitha

3 comments
Comment actions Permalink

Hello,

Please sorry for delay.

You may give Guest Account an 'Project Viewer' role. This could be the most easy way to implement it.
Could you please describe what would you like to hide from Guest user in those projects?

The approach you suggeted would work well. All you need is to create another guest-visible project and build configuration that would have .nupkg files in build artifacts.
You may simply use artifact dependencies to transter packages from one build configuration to another.
http://confluence.jetbrains.net/display/TCD7/Artifact+Dependencies

0
Comment actions Permalink

Hi,

Thanks for the information!

Our apps are grouped into teams that maintain them. So we have a separate project for each team and the applications they own are setup as separate build configurations. For some teams we have a requirement that their build artifacts should NOT be visible to rest of the teams (for some security reasons). But the artifacts shouldbe visibile to developers in that team (setup as a group in teamcity) where artifacts can be used by different applications within that team.

So I created a new role for NuGet and assigned Project View permissions to it. And Guest user has that new role. From everything I saw, it's a safe setup. (Maybe you can confirm but I was not able to get to any Build Artifacts or anything that shows has source code while logged in as the Guest user but I was able to see the project).

Now I can assign the Guest user to proejcts that should be available company-wide and teams can use /guestAuth/ url to get to common packages and use /httpAuth/ url to get restricted packages.

So here's what I need to figure out next:

1. Even with NTLM auth enabled, /httpAuth/ url seems to be using basic auth. Can that be changed to use NTLM? That way in Visual Studio, I can setup /httpAuth/ url as a packge source and I don't have to login explictly.

2. How do I publish a package from outside? We want to use NuGet to deploy more than just packages (things like settings, samples, etc). So those won't be in TeamCity. I should be able to use nuget.ext to push and publish packages also. I tried looking at documentation, etc to see if there's a way to do a setApiKey but found nothing.

Please let me know if you have any thoughts on this.

Thanks,
Ras

0
Comment actions Permalink

Hello,

Unfortunaley, we do not have full support of NuGet authentication.

You may make NuGet client use NTLM. For that you need to enable forced NTML authentication
http://confluence.jetbrains.net/display/TCD7/NTLM+HTTP+Authentication

and than use paths without /httpAuth/ infix.

TeamCity does not support packages upload from NuGet. If you like to add more packages to the feed,
you may publish those .nupkg file as build artifacts.

0

Please sign in to leave a comment.