Home: `dotnet add package` won't use credentials from global config for a source specified in local config
_From @evil-shrike on May 15, 2018 11:40_
Steps to reproduce
Given an internal Artifactory server with several repositories, all of them require authentication.
dotnet add package Microsoft.AspNetCore.All work for an arbitrary new project. That means that all cached credentials in "C:\Users\UserName\AppData\Roaming\NuGet\NuGet.Config" are fine.
That global NuGet.Config contains several sources:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageRestore>
<add key="enabled" value="True" />
<add key="automatic" value="True" />
</packageRestore>
<packageSources>
<add key="rnd-virtual-dev" value="https://company.org/api/nuget/nuget-virtual-dev" />
<add key="rnd-virtual" value="https://company.org/api/nuget/nuget-virtual" />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
</packageSources>
<activePackageSource>
<add key="rnd-virtual" value="https://company.org/api/nuget/nuget-virtual" />
</activePackageSource>
<bindingRedirects>
<add key="skip" value="False" />
</bindingRedirects>
<packageManagement>
<add key="format" value="0" />
<add key="disabled" value="True" />
</packageManagement>
<packageSourceCredentials>
<rnd-virtual-dev>
<add key="Username" value="username" />
<add key="Password" value="AQA..." />
</rnd-virtual-dev>
<rnd-virtual>
<add key="Username" value="username" />
<add key="Password" value="AQA..." />
</rnd-virtual>
</packageSourceCredentials>
</configuration>
Now I'm adding a local NuGet.Config besides my csproj and try the same install: dotnet add package Microsoft.AspNetCore.All
It fails with 401 Unauthorized!
The local nuget.config contains one of the source from global config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="Dev" value="https://company.org/api/nuget/nuget-virtual" />
</packageSources>
</configuration>
If I run nuget.exe (4.6.2.5055) directly it works fine (that is it uses credentials from global config).
Expected behavior
Credentials are being used.
Actual behavior
Installation fails:
D:\Work\temp\testapp\Server>dotnet add package Microsoft.AspNetCore.All
Writing C:\Users\UserName\AppData\Local\Temp\tmp2C0.tmp
info : Adding PackageReference for package 'Microsoft.AspNetCore.All' into project 'D:\Work\temp\testapp\Server\Server.csproj'.
log : Restoring packages for D:\Work\temp\testapp\Server\Server.csproj...
info : GET https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.all/index.json
info : GET https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0
info : GET https://company.org/api/nuget/nuget-virtual-dev/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0
info : CACHE https://company.org/api/nuget/rnd-nuget/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0
info : Unauthorized https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0 100ms
log : Retrying 'FindPackagesByIdAsyncCore' for source 'https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0'.
log : Response status code does not indicate success: 401 (Unauthorized).
info : GET https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0
info : Unauthorized https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0 3ms
log : Retrying 'FindPackagesByIdAsyncCore' for source 'https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0'.
log : Response status code does not indicate success: 401 (Unauthorized).
info : GET https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0
info : Unauthorized https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0 3ms
error: Failed to retrieve information about 'Microsoft.AspNetCore.All' from remote source 'https://company.org/api/nuget/nuget-virtual/FindPackagesById()?id='Microsoft.AspNetCore.All'&semVerLevel=2.0.0'.
error: Response status code does not indicate success: 401 (Unauthorized).
Environment data
dotnet --info output:
.NET Command Line Tools (2.1.200)
Product Information:
Version: 2.1.200
Commit SHA-1 hash: 2edba8d7f1
Runtime Environment:
OS Name: Windows
OS Version: 10.0.17134
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\2.1.200\
Microsoft .NET Core Shared Framework Host
Version : 2.0.7
Build : 2d61d0b043915bc948ebf98836fefe9ba942be11
PS: I double checked that the sources in local config and in global one are the same.
_Copied from original issue: dotnet/cli#9281_
livarcocc
All 7 comments
@evil-shrike Thanks for reporting the problem.
Can you try storing the password in clear text and try again?
nuget sources update -Name rnd-virtual-dev -UserName username -Password <password> -Storepasswordincleartext -configfile <global_nuget_config>
mishra14
on 16 May 2018
@mishra14 I've tried with creds in cleartext - no changes, getting same 401 for the source specified in local nuget.config.
evil-shrike
on 16 May 2018
nkolev92
on 13 Nov 2018
im having this exact same issue on my system:
.NET Core SDK :
Version: 3.1.202
Commit: 6ea70c8dca
Runtime Environment:
OS Name: Windows
OS Version: 10.0.17763
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\3.1.202\
dotnet add package output:
error: Response status code does not indicate success: 401 (Unauthorized).
my NuGet.Config (also tried with encrypted password):
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
<add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />
<add key="MyPrivateRepo" value="http://someurl:5100/v3/index.json" />
</packageSources>
<packageRestore>
<add key="enabled" value="True" />
<add key="automatic" value="True" />
</packageRestore>
<bindingRedirects>
<add key="skip" value="False" />
</bindingRedirects>
<packageManagement>
<add key="format" value="0" />
<add key="disabled" value="False" />
</packageManagement>
<packageSourceCredentials>
<MyPrivateRepo>
<add key="Username" value="username" />
<add key="ClearTextPassword" value="password" />
</MyPrivateRepo>
</packageSourceCredentials>
</configuration>
Luqswe
on 18 May 2020
Same issue here too. I have no choice but to specify no restore And it turns out that specifying the -n flag, which I assumed would turn off both package restoring AND any checks on remote sources, doesn't help with this.
I really hope package operations with dotnet CLI will receive some serious love soon. Right now I don't feel I can rely on it for anything serious.
Crono1981
on 2 Sep 2020
@Luqswe - I have reopened the issue based on your comments.
@Crono1981 - What version of the .NET SDK are you using?
aortiz-msft
on 2 Sep 2020
@aortiz-msft I'm on 3.1.401
Crono1981
on 2 Sep 2020
Related issues
rrelyea
路
3Comments
philippe-lavoie
路
3Comments
clairernovotny
路
3Comments
livarcocc
路
3Comments
p-kaczynski
路
3Comments
Most helpful comment
im having this exact same issue on my system:
.NET Core SDK :
Version: 3.1.202
Commit: 6ea70c8dca
Runtime Environment:
OS Name: Windows
OS Version: 10.0.17763
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\3.1.202\
dotnet add package output:
error: Response status code does not indicate success: 401 (Unauthorized).my NuGet.Config (also tried with encrypted password):