Home: Cannot use PAT with `dotnet restore` on Linux with packages from authenticated feed

Created on 26 Jul 2017 · 4Comments · Source: NuGet/Home

_From @sbebrone on July 26, 2017 11:45_

Steps to reproduce

NuGet.config configured to use a private package feed hosted on a local TFS 2017 Update 2 server with a PAT authentication:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
    <add key="myfeed" value="[feed url]" />
  </packageSources>
  <packageSourceCredentials>
    <myfeed>
        <add key="Username" value="myuser" />
        <add key="ClearTextPassword" value="[PAT]" />
    </myfeed>
  </packageSourceCredentials>
</configuration>

Expected behavior

Restore should authenticate successfully and restore private packages as written in this article:
https://www.visualstudio.com/en-us/docs/package/nuget/nuget-exe#net-core

Actual behavior

dotnet restore fails with authentication fails (401)

Environment data

.NET Command Line Tools (1.0.4)

Product Information:
Version: 1.0.4
Commit SHA-1 hash: af1e6684fd

Runtime Environment:
OS Name: ubuntu
OS Version: 16.04
OS Platform: Linux
RID: ubuntu.16.04-x64
Base Path: /usr/share/dotnet/sdk/1.0.4

_Copied from original issue: dotnet/cli#7272_

Settings Investigate Bug

Source

livarcocc

👍7

Most helpful comment

Having this issue today using .net core 2.0, is there any chance to get this issue reviewed?

farlop on 28 Mar 2018

👍7

All 4 comments

Having this issue today using .net core 2.0, is there any chance to get this issue reviewed?

farlop on 28 Mar 2018

👍7

Same thing here , except it is VSTS update 3. And calling nuget directly works :

$ mono nuget.exe list MyPrivateComponent
Using Credentials from config. Username: xxx
MyPrivateComponent 0.0.100

whereas it does not when using dotnet restore even if I specify the config file to be sure I use the same pat :

$ dotnet restore --configfile /home/arthis/.config/NuGet/NuGet.Config

Response status code does not indicate success: 401 (Unauthorized)

arthis on 9 May 2018

Same problem here.

If this helps, I also have this (or a similar) problem on Windows, so I've tried to track it down with Fiddler, here's what I've seen:

The initial request for the feed is performed without authentication. The server then responds with 401 Unauthorized, and provides some authentication methods:

WWW-Authenticate: Bearer WWW-Authenticate: Basic realm="https://tfs.ourcompany.com/" WWW-Authenticate: Negotiate WWW-Authenticate: NTLM

The following retry request then uses

Authorization: Negotiate ....

which then results in a 401 again.

Trying the same with actual TFS credentials instead of a PAT works.
Trying to manually get the feed URL via Postman with Basic authentication with the PAT works as well.

So it seems to me that, because TFS offers to negotiate the authentication, dotnet restore decides to use that, but then only actual user credentials seem to work, and the PAT does not work.

cstichlberger on 24 May 2018

👍1

this seems to be similar to https://github.com/NuGet/Home/issues/7209, will close it as that has been solved. Feel free to reopen if this is still an issue after the release.

PatoBeltran on 19 Oct 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

nuget.exe -update self can't ... update itself to NuGet v5.8.0

augustoproiete · 3Comments

Access to dgspec.json is denied when building docker image

blackchoey · 3Comments

Unable to install or update NuGet package if one package source is failing

mrward · 3Comments

TFS Error "[file]not be found in your workspace, or you do not have permission to access it" during upgrade or uninstall when solution/project is bound to TFS source control

zhili1208 · 3Comments

Nuget - Show the actual assembly version

vsfeedback · 3Comments