diff --git a/.vscode/tasks.json b/.vscode/tasks.json
index 0a26b7d..7e27148 100644
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -9,7 +9,8 @@
                 "build",
                 "${workspaceFolder}/nuget-host.csproj",
                 "/property:GenerateFullPaths=true",
-                "/consoleloggerparameters:NoSummary"
+                "/consoleloggerparameters:NoSummary",
+                "/restore"
             ],
             "problemMatcher": "$msCompile"
         },
@@ -40,7 +41,8 @@
             "type": "process",
             "args": [
                 "bin/Debug/netcoreapp2.0/nuget-host.dll",
-                "/property:GenerateFullPaths=true"
+                "/property:GenerateFullPaths=true",
+                "/restore"
             ],
             "options": {
                 "env": {
diff --git a/Controllers/PackagesController.cs b/Controllers/PackagesController.cs
index 1a0990b..01586ce 100644
--- a/Controllers/PackagesController.cs
+++ b/Controllers/PackagesController.cs
@@ -3,6 +3,8 @@ using System.Collections.Generic;
 using System.IO;
 using System.IO.Compression;
 using System.Linq;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using NuGet.Packaging;
@@ -12,21 +14,29 @@ namespace nuget_host.Controllers
     public class PackagesController : Controller
     {
         private ILogger<PackagesController> logger;
+        private IDataProtector protector;
 
-        public PackagesController(ILoggerFactory loggerFactory)
+        public PackagesController(ILoggerFactory loggerFactory, IDataProtectionProvider provider)
         {
             logger = loggerFactory.CreateLogger<PackagesController>();
-
+            protector = provider.CreateProtector("Packages.v1");
         }
 
         [HttpPut("packages/{*spec}")]
         public IActionResult Put(string spec)
         {
             string path = null;
+            
             if (string.IsNullOrEmpty(spec))
             {
                 var clientVersionId = Request.Headers["X-NuGet-Client-Version"];
+                var apiKey = Request.Headers["X-NuGet-ApiKey"];
                 ViewData["nuget client "] = "nuget {clientVersionId}";
+                
+                var clearkey = protector.Unprotect(apiKey);
+                if (clearkey!= Startup.RootApiKeySecret)
+                    return Unauthorized();
+
                 foreach (var file in Request.Form.Files)
                 {
                     string initpath = "package.nupkg";
@@ -109,5 +119,12 @@ namespace nuget_host.Controllers
             }
             return Ok(ViewData);
         }
+
+        [Authorize]
+        [HttpGet("api/get-key/{*apikey}")]
+        public IActionResult GetApiKey(string apiKey)
+        {
+            return Ok(protector.Protect(apiKey));
+        }
     }
 }
\ No newline at end of file
diff --git a/Startup.cs b/Startup.cs
index 00a2cfb..6f8713e 100644
--- a/Startup.cs
+++ b/Startup.cs
@@ -2,7 +2,9 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -11,7 +13,7 @@ namespace nuget_host
 {
     public class Startup
     {
-        public Startup(IHostingEnvironment env, IConfiguration config)
+        public Startup(IConfiguration config)
         {
             Configuration = config;
         }
@@ -19,11 +21,26 @@ namespace nuget_host
         public IConfiguration Configuration { get; }
         public static string ExternalUrl { get; private set; }
         public static string SourceDir { get; private set; }
+        public static string RootApiKeySecret { get; private set; }
 
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+            .AddJwtBearer(options =>
+            {
+                // base-address of your identityserver
+                options.Authority = ExternalUrl;
+
+                // if you are using API resources, you can specify the name here
+                options.Audience = "packages";
+                
+            });
+
             services.AddMvc();
+
+            services.AddDataProtection();
+
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -40,6 +57,7 @@ namespace nuget_host
 
             ExternalUrl = Configuration["NuGet:ExternalUrl"];
             SourceDir = Configuration["NuGet:SourceDir"];
+            RootApiKeySecret = Configuration["RootApiKeySecret"];
 
             app.UseStaticFiles();
 
diff --git a/appsettings.Development.json b/appsettings.Development.json
index 2ddd280..552b467 100644
--- a/appsettings.Development.json
+++ b/appsettings.Development.json
@@ -2,5 +2,6 @@
   "NuGet": {
     "ExternalUrl" : "<http://localhost:5000/Packages",
     "SourceDir" : "packages"
-  }
+  },
+  "RootApiKeySecret": "secret-key"
 }
diff --git a/appsettings.json b/appsettings.json
index 177e3cf..53f28ec 100644
--- a/appsettings.json
+++ b/appsettings.json
@@ -1,4 +1,5 @@
 {
+  "RootApiKeySecret": "<your-root-api-clear-key>",
   "NuGet": {
     "ExternalUrl" : "<http://your-external.url",
     "SourceDir" : "<your-Source-dir>"
diff --git a/nuget-host.csproj b/nuget-host.csproj
index 347cd3f..3d00ded 100644
--- a/nuget-host.csproj
+++ b/nuget-host.csproj
@@ -10,7 +10,7 @@
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Common" Version="1.0.0-alpha2-final" />
 
     <PackageReference Include="NuGet.Packaging.Core" Version="5.9.0" />
-    
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="2.2.0" />
   </ItemGroup>
 
   <ItemGroup>