I suggest you ...

ADFS / token restriction / Credential Provider workflow support

I'm hoping that a more secure ADFS experience/workflow can be created. I would like to see a situation where an administrator can restrict token-based authentication for feed consumers and the consumers can use some sort of Nuget ADFS CredentialProvider to authenticate against the feed. (Perhaps with single-use, short-lived tokens generated by the provider?) That way when an AD account is disabled there is no need to secondarily disable a myget account.

https://www.visualstudio.com/en-us/docs/package/nuget/auth

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    David K.David K. shared this idea  ·   ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • MyGetAdminMyGet (Admin, MyGet - Package management made easier) commented  · 

        Interesting. In essence, are you suggesting MyGet Enterprise administrators should have the ability to restrict token creation to certain specific users, and disable by default for any other user (including those who still need to create their account on your tenant)? Those users essentially become read-only users in that case.

      • David K.David K. commented  · 

        Yes. That's what got me thinking about the workflow I mentioned above. If we could restrict/remove API keys for consumers then VS credential provider would (mostly) work for end-users and we could restrict access to the API keys for our build servers. It'd be a good MVP.

      Feedback and Knowledge Base