ADFS / token restriction / Credential Provider workflow support
I'm hoping that a more secure ADFS experience/workflow can be created. I would like to see a situation where an administrator can restrict token-based authentication for feed consumers and the consumers can use some sort of Nuget ADFS CredentialProvider to authenticate against the feed. (Perhaps with single-use, short-lived tokens generated by the provider?) That way when an AD account is disabled there is no need to secondarily disable a myget account.
Have you tried our new MyGet Credential Provider for Visual Studio 2017 yet? http://docs.myget.org/docs/reference/credential-provider-for-visual-studio
We are working on improving that very experience, so we’re very eager to hear your feedback on this.
Interesting. In essence, are you suggesting MyGet Enterprise administrators should have the ability to restrict token creation to certain specific users, and disable by default for any other user (including those who still need to create their account on your tenant)? Those users essentially become read-only users in that case.
David K. commented
Yes. That's what got me thinking about the workflow I mentioned above. If we could restrict/remove API keys for consumers then VS credential provider would (mostly) work for end-users and we could restrict access to the API keys for our build servers. It'd be a good MVP.