ferventcoder
commented
4 years ago @kev494 this is a good request! I've updated it a bit for our purposes and have marked it as up for grabs for anyone that might want to take a stab at it.
I'm wondering if it is required to add something on the server side as well once it is turned on on the client side. I know with Chocolatey Server, we specifically had to allow pushes to go through without hitting basic/cert auth as the API should be all that is necessary there as credentials.
Are you using Chocolatey.Server and hitting this or something else?
kev494
JPRuskin
I would like to restrict the choco sources with some sort of authentication. I have the ability to add user and password or a certificate when adding e chocolatey source on the client. This means for me I can define basic oder certificate-based authentication in the IIS settings. Then, I would disable anonymous access. This works fine and packages from this source can only be installed with username and password (when setup basic auth). However, I'm now not able to choco push to this source anymore. I will get an unauthorized exception.
I asked for help on gitter and get some interesting insights that this could be avoided with using nuget.exe. Like it is done here https://blog.pauby.com/post/chocolatey-repository-using-azure-devops-artifacts-feed/. Not sure if it will work for IIS based Webserver as well. But, I will find out.
My questions from all of this is, if it would be possible to add the same authentication methods for choco push as they exist for choco source? So this can be achieved with chocolatey commands.
If I'm missing something, I'm happy to hear if there are better options. Thanks in Advance for your help.