Home: dotnet restore failed on private (authenticated) feeds on .NET SDK > v2.2.100

@DoCode
What's your scenario? Repro steps?
Which versions before 2.2.100 worked?

How are you connecting to a feed? Using a credential provider or clear text credentials?

Is it related to https://github.com/NuGet/Home/issues/7517?

It works with .NET SDK 2.0 to 2.2.100!
And no, it not relates to #7517.

Repro steps:

1) Add private NuGet feed with credentials and API key;

nuget add source -name test -source https://localhost/api/v2/ -username user1 -pasword 1234

2) Push a test package to the feed

nuget push testpackage.1.0.0.nupkg -source test

3) Test if packae is listed

nuget list testpackage -souce test

4) Create project file project.proj and reference the testpackage

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFramework>netcoreapp2.1</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="testpackage" Version="1.0.0" />
  </ItemGroup>
</Project>

5) Try to restore project.proj with dotnet restore

dotnet restore `project.proj`

FAILED with HTTP error 401!

What's an exact version of 2.0.x or 2.1.x SDK that you have tried?
What's the version of nuget.exe that you are using?

2.2.100 and 2.1.500 have matching NuGet code, meaning 1 not working and the other one working would potentially suggest a runtime problem.

What's an exact version of 2.0.x or 2.1.x SDK that you have tried?

Currently, I tried 2.1.500, 2.2.100. Both worked also since 2.0.x.
I tried 2.2.200-preview-009648 and 3.0.100-preview-009812. Both not working!

What's the version of nuget.exe that you are using?

I'm tried 4.8.1, 4.9.1 and 5.0.0.5713.

Update:

• .NET Core SDK 2.2.100-preview3-009430 WORKED
• .NET Core SDK 2.2.100 NOT WORKED

Any news here?
This blocks the 2.2.100 RTM release for production!

@DoCode
There shouldn't be any difference between 2.2.1xx and 2.1.5xx, they carry the same NuGet bits.

Can you try using the latest patch of the 2.2.1xx SDK.

@nkolev92 ok I tried 2.2.101 and it's working now!
Thanks. You can close this issue.

For anyone else accidentally finding this issue across a dozen similar, both dotnet restore a nuget restore "worked for me" against a private artifactory when I commented out the nuget.org source in %appdata%/nuget/nuget.config, disabled the apikeys entry and kept only my used ID and my Artifactory HTTP Basic authentication password (not my login password) in packageSourceCredentials/KEY/add for the two tags with attributes key="Username" and key="ClearTextPassword".

I later figured I could hide the Basic auth password from plain view by getting the nuget command encrypt it. It may be important to remove the default nuget.org entry for the private server authentication.

\util\nuget sources Remove -Name nuget.org
\util\nuget sources Remove -Name Artifactory
\util\nuget sources Add -Name Artifactory -Source https://artifactory.COMPANY.test/artifactory/api/nuget/COMPANY-BUSINESS-nuget -UserName USERID -Password AP5...Jw

Almost forgot: I deleted the other nuget.configs nearby, including one in the upper directory. The tool looked up the one upstairs (the vendor knows why).

Closing per @DoCode's comment.

@ilatypov
The fact that you have extra sources should normally not be impacting the authentication.

My dotnet 2.2.102 showed 403 errors when running dotnet restore. The closing of the ticket did not result from fixing or even finding the cause of the issue. On the contrary, my comment showed unreliable behaviour of dotnet restore depending on the presence of the default nuget.org source. The last comment by @nkolev92 claimed the intent of the tool and this ticket does not contradict the intent.

@ilatypov

Please open another issue with your exact problem.

Keeping the discussion as close as possible to the original issue is necessary because otherwise it'd be difficult to fully resolve a ticket. We released a patch to SDK 2.2.101, which fixed his problem. The root cause of this issue is the other linked one where NuGet was not able to match the credentials to the source.

Regarding your issue.
It's unlikely that having one more/fewer extra source will affect restore auth issues.

disabled the apikeys entry and kept only my used ID and my Artifactory HTTP Basic authentication password (not my login password) in packageSourceCredentials/KEY/add for the two tags with attributes key="Username" and key="ClearTextPassword".

The api keys are used only for push, so that shouldn't be causing a problem.
Changing the package source credentials is what seems like it fixed your issue.

Some other information that'd be helpful when you file that ticket.

• How did originally add the credentials in the config.

• Do you recall which version of the tools you used when you did that.

• If you start with a new config, and the latest tools are you at all able to repro the issue.

I am also having this problem. this was working ok prior to my 3.1sdk upgrade