Merge pull request #8163 from NuGet/dev

Merge branch dev into master
Related to NuGet/Engineering#3328

Author: joelverhagen

NuGetGallery.sln

@@ -50,6 +50,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GitHubVulnerabilities2Db",
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GitHubVulnerabilities2Db.Facts", "tests\GitHubVulnerabilities2Db.Facts\GitHubVulnerabilities2Db.Facts.csproj", "{E50953CB-209A-484E-951D-A68F5CF3C546}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VerifyGitHubVulnerabilities", "src\VerifyGitHubVulnerabilities\VerifyGitHubVulnerabilities.csproj", "{C0B764D2-D376-439E-A5C4-1AC41B11E9DE}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -124,6 +126,10 @@ Global
 		{E50953CB-209A-484E-951D-A68F5CF3C546}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E50953CB-209A-484E-951D-A68F5CF3C546}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{E50953CB-209A-484E-951D-A68F5CF3C546}.Release|Any CPU.Build.0 = Release|Any CPU
+		{C0B764D2-D376-439E-A5C4-1AC41B11E9DE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{C0B764D2-D376-439E-A5C4-1AC41B11E9DE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{C0B764D2-D376-439E-A5C4-1AC41B11E9DE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{C0B764D2-D376-439E-A5C4-1AC41B11E9DE}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -146,6 +152,7 @@ Global
 		{98765110-844D-41BE-8083-22E064136E05} = {39E54EC3-CBAA-453A-BE64-748FE1559A58}
 		{26BB718A-E1C1-4E70-9008-FB8EE7A7F7E5} = {2204C510-A559-4ED7-9590-FDC09093575B}
 		{E50953CB-209A-484E-951D-A68F5CF3C546} = {39E54EC3-CBAA-453A-BE64-748FE1559A58}
+		{C0B764D2-D376-439E-A5C4-1AC41B11E9DE} = {2204C510-A559-4ED7-9590-FDC09093575B}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {064A3BDE-5203-4AD6-A6C9-5CF08301EC8F}

build.ps1

@@ -116,6 +116,7 @@ Invoke-BuildStep 'Creating artifacts' { `
     New-Package (Join-Path $PSScriptRoot "src\AccountDeleter\Gallery.AccountDeleter.nuspec") -Configuration $Configuration -BuildNumber $BuildNumber -Version $SemanticVersion -Branch $Branch -MSBuildVersion "15"
     New-Package (Join-Path $PSScriptRoot "src\GitHubVulnerabilities2Db\GitHubVulnerabilities2Db.nuspec") -Configuration $Configuration -BuildNumber $BuildNumber -Version $SemanticVersion -Branch $Branch -MSBuildVersion "15"
     New-Package (Join-Path $PSScriptRoot "src\GalleryTools\Gallery.GalleryTools.nuspec") -Configuration $Configuration -BuildNumber $BuildNumber -Version $SemanticVersion -Branch $Branch -MSBuildVersion "15"
+    New-Package (Join-Path $PSScriptRoot "src\VerifyGitHubVulnerabilities\VerifyGitHubVulnerabilities.nuspec") -Configuration $Configuration -BuildNumber $BuildNumber -Version $SemanticVersion -Branch $Branch -MSBuildVersion "15"
 
     if (!$VerifyMicrosoftPackageVersion) { $VerifyMicrosoftPackageVersion = $SemanticVersion }
     New-Package (Join-Path $PSScriptRoot "src\VerifyMicrosoftPackage\VerifyMicrosoftPackage.nuspec") -Configuration $Configuration -BuildNumber $BuildNumber -Version $VerifyMicrosoftPackageVersion -Branch $Branch -MSBuildVersion "15"

docs/Deploying/README.md

@@ -8,7 +8,7 @@ To run the NuGet Gallery in Azure you need to provision the following resources:
 
 ## Deploying to Azure
 
-We suggest using Windows Azure for hosting the gallery, as that is the environment used by http://www.nuget.org itself. When doing so, we suggest using Azure SQL Databases for the database and Azure Storage Accounts to store package files.
+We suggest using Azure to host the gallery, as that is the environment used by https://www.nuget.org itself. When doing so, we suggest using Azure SQL Databases for the database and Azure Storage to store packages.
 
 This guide will instruct you on hosting the Gallery to an Azure App Service. We will start with provisiong the supporting resources (Database, Storage, etc.).
 
@@ -18,13 +18,22 @@ This guide will instruct you on hosting the Gallery to an Azure App Service. We
 
 We recommend provisioning a dedicated Azure SQL Databases Server for the Gallery.
 
-Follow the instrctions [here](https://docs.microsoft.com/en-us/azure/sql-database/sql-database-get-started-portal) to create an Azure SQL DB.
+Follow the instructions [here](https://docs.microsoft.com/en-us/azure/sql-database/sql-database-get-started-portal) to create an Azure SQL Database.
+
+After you create your Azure SQL Database, update the server's firewall settings to allow access from other Azure resources:
+
+1. Navigate to the "SQL Servers" blade.
+2. Select your SQL Server.
+3. Under the "Security" section, select "Firewall and and virtual networks".
+4. Make sure that "Allow Azure services and resources to access this server" is set to "Yes".
+
 Copy the connection string from the portal. It should look something like:
+
 ```
 Server=[servername].database.windows.net;Database=NuGetGallery;User ID=[username];Password=[password];Trusted_Connection=False;Encrypt=True
 ```
 
-Now, it's time to update your new DB with the Gallery SQL schema. 
+Now, let's update your new DB with the Gallery SQL schema. 
 
 1. Open the NuGetGallery solution in Visual Studio.
 
@@ -44,18 +53,22 @@ Update-Database -ConfigurationTypeName MigrationsConfiguration
 
 Follow the instruction [here](https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account?tabs=portal) to create an Azure storage account.
 Copy the connection string from the portal. It should like something like:
+
 ```
 DefaultEndpointsProtocol=https;AccountName=[account name];AccountKey=[primary key];
 ```
+
 To configure Gallery to use your new storage account:
+
 1. Open the [web.config](https://github.com/NuGet/NuGetGallery/blob/master/src/NuGetGallery/Web.config#L27)
 2. Set Gallery.StorageType to 'AzureStorage'
 3. Replace all settings starting with 'Gallery.AzureStorage.' with your connection string.
 
 ## Deploying the Frontend/Backend
 
 You are almost done! Here are additional configurations in web.config:
+
 1. Gallery.SiteRoot - set with the URL of your Gallery website. For example: _https://mygallery.azurewebsites.net_
-2. Gallery.SmtpUri (optional)- set SMTP credentials if you would like to receive e-mails from the service.
+1. Gallery.AppInsightsInstrumentationKey - set to the [Application Insights](https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview) instrumentation key to capture telemetry. Useful for debugging!
 
-Now you are ready to publish the Gallery to your own Azure app service. To do this through Visual Studio follow the instructions [here](https://docs.microsoft.com/en-us/visualstudio/deployment/quickstart-deploy-to-azure).
+You are now ready to publish the Gallery to your own Azure App Service. To do this through Visual Studio follow the instructions [here](https://docs.microsoft.com/en-us/visualstudio/deployment/quickstart-deploy-to-azure).

docs/README.md

@@ -1,2 +1,6 @@
 # Documentation
-Documentation for building, deploying, and managing a NuGet Gallery instance
+
+You can find documentation for:
+
+1. [Building, deploying, and managing a NuGet Gallery instance](Deploying/README.md)
+1. [Using Azure Active Directory authentication](Using-AAD.md)

docs/Using-AAD.md

@@ -0,0 +1,36 @@
+# Using Azure Active Directory authentication
+
+You can configure the NuGetGallery to use Azure Active Directory to manage your accounts.
+
+## Create an Azure Active Directory application registration
+
+1. On the portal, open the ["App registrations" blade](https://ms.portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade).
+1. Select "New registration".
+1. For "Supported account types", select "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".
+
+> ⚠ **NOTE**: This allows any Azure Active Directory or personal account to create an account and publish packages to your on-prem gallery. If you'd like to authenticate with a specific directory (the "Single tenant" option), you will need to make a code change later.
+
+1. For "Redirect URI", select "Web" with the value `https://<Your domain>/users/account/authenticate/return`.
+1. Press "Register" to create the application.
+
+You will need to configure the Azure Active Directory application before it can be used by the NuGetGallery:
+
+1. On the "Overview" pane, note down the "Application (client) ID".
+1. Navigate to the "Authentication" pane. Under the "Implicit grant" section, enable "ID tokens" and press "Save".
+1. Navigate to "Certificates & secrets" pane and create a new client secret. Note the value of your client secret.
+
+## Configure the Gallery
+
+Now that the Azure Active Directory application is ready, let's configure the NuGetGallery to use your new app:
+
+1. Open the NuGetGallery solution using Visual Studio.
+1. Modify the "Web.config" file in the NuGetGallery project.
+1. Modify the `Auth.AzureActiveDirectoryV2.Enabled` setting to `true`.
+1. Modify the `Auth.AzureActiveDirectoryV2.ClientId` setting to the application ID you copied earlier.
+1. Modify the `Auth.AzureActiveDirectoryV2.ClientSecret` setting to the client secret you copied earlier.
+
+If you selected the "Single tenant" option when you created your Azure Active Directory app registration, update [`AzureActiveDirectoryV2AuthenticatorConfiguration`](https://github.com/NuGet/NuGetGallery/blob/0659deed143f0b58868fa691ec22f46f1d57cba6/src/NuGetGallery.Services/Authentication/Providers/AzureActiveDirectoryV2/AzureActiveDirectoryV2AuthenticatorConfiguration.cs#L53) to set the authority tenant ID to your AAD Tenant ID:
+
+```csharp
+openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, AzureActiveDirectoryV2Authenticator.Authority, "<Your AAD Tenant ID>");
+```