ARTIFACTORY: How to allow anonymous access to local repositories whilst keeping the authentication for remote repositories

Muhammed Kashif
2021-09-01 20:09

In this article we will understand how to allow anonymous access to all the local repositories whilst keeping the authentication necessary for the remote repositories. 

The use case is to keep the anonymous requests for local repositories and add the authentication layer to the remote repositories so that there will be a track of who are all downloading the artifacts from the remote source. This use case can be achieved by following,
 

 

  • Remove all the permission assigned to the anonymous user.  Check the anonymous user under the Admin →  Security | Users in Artifactory 6.x and Administration → Identity and Access |
    Users in Artifactory 7.x, basically the anonymous user is assigned to Anything and Any Remote permission target by default. Remove the permissions assigned the anonymous user and once removed, the anonymous user page should look like below

User-added image
 

  • Create a "Permission-for-local-repositories" permission target and check "Any local repositories" as below and under the Users, add the anonymous user and give the anonymous user the read permissions so that anonymous requests can read the artifacts in these local repositories and access all the local repositories.

User-added image

  • Create a "Permission-for-remote-repositories" permission target and check "Any remote repositories" as below and under the Users/Groups, add the relevant users/groups, and give them the read, annotate and deploy/cache permissions so that these users or users in these groups have the read access to all the remote repositories, can cache the artifacts under these remote repository caches,

User-added image

  • This way all the anonymous access is preserved for all the local repositories and authentication is needed for remote repositories.
  • Furthermore, for Nuget remote repositories to work with authentication, the "Force Authentication" option should be enabled.