dotnet restore --interactive does not work On prem about artifacts-credprovider HOT 25 CLOSED

Just to add - we have just found that SDK v2.2.203 has broken the --interactive function (for Azure Devops hosted feeds, from Windows 10 machines). Reverted to v2.2.202 and it works.

from artifacts-credprovider.

For anyone looking for a summarized solution, here's what worked on a Mac setup:

1. generate a personal acess token (PAT) that gives you rights to the given service;

2. configure your Nuget.config to use the PAT for authentication using Basic auth as shown by stephan7878:

   <?xml version="1.0" encoding="utf-8"?>
   <configuration>
       <packageSources>
           <add key="NuGet official package source" value="https://api.nuget.org/v3/index.json" />
           <add key="Partner" value="https://tfs.partner.com/DefaultCollection/_packaging/Nuget/nuget/v3/index.json" />
       </packageSources>
       <packageSourceCredentials>
           <Partner> 
               <add key="Username" value="USERNAME" />
               <add key="ClearTextPassword" value="PATSTRING" />
               <add key="ValidAuthenticationTypes" value="basic" /> 
           </Partner>
       </packageSourceCredentials>
   </configuration>
   

3. clear the cache and restore the packages using the old HTTP client:

   cd repo
   nuget locals -clear all && export DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0 && nuget restore
   

from artifacts-credprovider.

Our investigation on the internal work item resulted that unfortunately, the way the interactive flow currently works in this cred provider, there is no way to make it work interactively for an on premise Azure DevOps Server instance. The best solution we currently have is to use the workaround of using the environment variables mentioned above. Sorry for the inconvenience.

To make it clearer, the newest version of this cred provider detects if the feed URI is an Azure DevOps Server on premise URI and won't even try the interactive flow to avoid confusing logs.

As a follow-up work item, we should document this in the cred provider readme.

from artifacts-credprovider.

Closing this issue due to inactivity.

from artifacts-credprovider.

I am also experiencing issues with the provider, but I use it in a container.
Here is the setup:

Docker image: mcr.microsoft.com/dotnet/core/sdk:3.0-bionic (same behavior with 2.2-bionic)
Install provider in Dockerfile: RUN bash /application/scripts/installcredprovider.sh
Pass Env Variable In Compose:

environment:
            - VSS_NUGET_EXTERNAL_FEED_ENDPOINTS=${VSS_JSON}

Calling dotnet restore inside the container (with or without --interactive) always throws:

/usr/share/dotnet/sdk/3.0.100-preview8-013656/NuGet.targets(123,5): error : Unable to load the service index for source [REDACTED]. [/application/build/_build.csproj]
/usr/share/dotnet/sdk/3.0.100-preview8-013656/NuGet.targets(123,5): error : GSSAPI operation failed with error - Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate). [/application/build/_build.csproj]

Can anyone give me a hint how to fix this?

from artifacts-credprovider.

With release of 3.0 this is still NOT working for us. Nothing helps. Our whole Integration Test environment is halted due to this issue. I cannot make dotnet restore work on linux containers with our internal NuGet repository, no matter what. Please give me something. I don't want to switch to Windows containers...

from artifacts-credprovider.

Hello, for whos having this problem, maybe you can try this solution -> #63

from artifacts-credprovider.

I'm finding that --interactive does not work for private packages on Azure Devops, either.

PS D:\Dev\sample-func\SampleFunc> dotnet add package --interactive Microsoft.Azure.SignalR.Management
  Determining projects to restore...
  Writing C:\Users\ThisGuy\AppData\Local\Temp\tmpC2A0.tmp
info : Adding PackageReference for package 'Microsoft.Azure.SignalR.Management' into project 'D:\Dev\sample-func\SampleFunc\SampleFunc.csproj'.
info :   CACHE https://api.nuget.org/v3/registration5-gz-semver2/microsoft.azure.signalr.management/index.json
info :   GET https://pkgs.dev.azure.com/<removed>/_packaging/<removed>/nuget/v3/registrations2-semver2/microsoft.azure.signalr.management/index.json
info :   GET https://<removed>.pkgs.visualstudio.com/_packaging/<removed>/nuget/v3/registrations2-semver2/microsoft.azure.signalr.management/index.json
info :   Unauthorized https://<removed>.pkgs.visualstudio.com/_packaging/<removed>/nuget/v3/registrations2-semver2/microsoft.azure.signalr.management/index.json 272ms
info :   Unauthorized https://pkgs.dev.azure.com/<removed>/_packaging/<removed>/nuget/v3/registrations2-semver2/microsoft.azure.signalr.management/index.json 275ms
error: Response status code does not indicate success: 401 (Unauthorized).

I am on NuGet Command Line 5.8.0.6930 and dotnet 5.0.1.02

I suggest you create a new issue as this issue is specific to azure devops server, and has been closed.

from artifacts-credprovider.

I've attempted the workaround described in #6135, also without success.

from artifacts-credprovider.

There's a known issue with NuGet 4.9 and SDK 2.1.500. See here for some additional info.

from artifacts-credprovider.

Thanks @phil-hodgson. I created a globals.json to force .Net SDK 2.1.402, but still seeing the same behaviour.

CredProvider

export NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED=true
export VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://[REDACTED]/nuget/v3/index.json\", \"username\":\"vsts\", \"password\":\"[PAT]\"}]}"
dotnet restore

Exception:

(Restore target) -> 
/usr/share/dotnet/sdk/2.1.402/NuGet.targets(114,5): error : Unable to load the service index for source https://[REDACTED]/nuget/v3/index.json. [REDACTED]
/usr/share/dotnet/sdk/2.1.402/NuGet.targets(114,5): error :   GSSAPI operation failed with error - An invalid status code was supplied (Invalid value in argument). [REDACTED]

Using a nuget.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    <add key="tfs" value="https://[REDACTED]/nuget/v3/index.json" />
  </packageSources>
  <disabledPackageSources />
  <packageSourceCredentials>
    <tfs> 
      <add key="Username" value="vsts" />
      <add key="ClearTextPassword" value="[PAT]" /> 
      <add key="ValidAuthenticationTypes" value="basic" /> 
    </tfs>
  </packageSourceCredentials>
</configuration>

Run restore

dotnet restore

Exception:

/usr/share/dotnet/sdk/2.1.402/NuGet.targets(114,5): error : Unable to load the service index for source https://[REDACTED]/nuget/v3/index.json. [REDACTED]
/usr/share/dotnet/sdk/2.1.402/NuGet.targets(114,5): error :   GSSAPI operation failed with error - An invalid status code was supplied (Invalid value in argument). [REDACTED]

I also upgraded to .NET SDK 2.2 without success, but this is expected as per your link.

Any other ideas?

from artifacts-credprovider.

Are you still experiencing issues? Can you try running dotnet restore --interactive without having credentials in your nuget.config or the env var VSS_NUGET_EXTERNAL_FEED_ENDPOINTS? If you have already given credentials via nuget.config or the env var, is --interactive really necessary?

from artifacts-credprovider.

I'm going to close this due to inactivity. Please reopen if this issue is still occuring.

from artifacts-credprovider.

Hi @alexmullans could you guide me please for a documentation where I can implement dotnet restore --interactivice for CI/CD with restore nuggets from private TFS packager ? And also in automatic way, so we don't have the add the password every time or once a month

Right now I'm facing the same issue like @stephan7878. My workaround which I don't agree with, and trying to change is that we are building and restore de packages in TFS Build (not docker) and after copy in the docker image.

from artifacts-credprovider.

@alexmullans It still isn't prompting for me with:

• Azure DevOps Server 2019
• dotnet v2.2.203
• artifacts-credprovider v0.1.15
• OS: Windows Server 2012 R2

Manually setting the env variable VSS_NUGET_EXTERNAL_FEED_ENDPOINTS is working for me, but it's not user friendly as the dotnet documenation mentions the --interactive flag for this use case.

Could you reopen this issue?

from artifacts-credprovider.

I have the same problem, dotnet restore --interactive does not trigger login for on-premise tfs/azure devops server nuget feeds. It does trigger for cloud azure devops nuget feeds.

Please advice. Is the credential provider actually supposed to work with on-premise tfs/azure devops? If not, how do we use on-premise nuget feeds with dotnet restore in a user friendly way (ie not putting a json object in environment variables)? And also could this be reflected in the docs somewhere if it is in fact not supported? I can't find any information on this.

from artifacts-credprovider.

@shubham90 what do you mean closing due to inactivity? We are waiting for clarification on the credential helper working with azure devops on premise or not. There's been zero answer.

from artifacts-credprovider.

@Mobrockers I apologize for closing this. I missed the fact that this issue is talking about on premise scenario. Hosted ones had a similar bug which got fixed with .NET sdks latest release.

After a quick glance at the code, it looks like --interactive won't work with onprem because it looks for source patterns which are meaningful only for hosted urls. I will change the title of this issue to mention onprem and create an internal bug which fixes this issue.

Meanwhile, the only solution today is to use the environment variable VSS_NUGET_EXTERNAL_FEED_ENDPOINTS to give source and credentials which triggers a separate code path. I am sorry for this inconvenience.

from artifacts-credprovider.

@shubham90 thank you for reopening and filing a bug internally!

from artifacts-credprovider.

Hello, for whos having this problem, maybe you can try this solution -> #63

OMG, THAT WORKED! Weeks have been lost, until this moment. Thank you so much!!!!

from artifacts-credprovider.

@totollygeek specifically what worked for you? i'm still having the same issue :(

from artifacts-credprovider.

This appears to be resolved as per the comments. Please let us know if this is still an existing issue!

from artifacts-credprovider.

@herenhuang No I don't think the actual original problem has been solved, everything here so far has been a workaround using non-interactive authentication.

The actual issue is that interactive login doesn't work on-premises.

As you can see in this post: #45 (comment)

@shubham90 filed an internal issue to fix this problem. There has not yet been any answer on if the actual issue is fixed. The problem has not been fixed.

from artifacts-credprovider.

Alright thanks.

from artifacts-credprovider.

I'm finding that --interactive does not work for private packages on Azure Devops, either.

PS D:\Dev\sample-func\SampleFunc> dotnet add package --interactive Microsoft.Azure.SignalR.Management
  Determining projects to restore...
  Writing C:\Users\ThisGuy\AppData\Local\Temp\tmpC2A0.tmp
info : Adding PackageReference for package 'Microsoft.Azure.SignalR.Management' into project 'D:\Dev\sample-func\SampleFunc\SampleFunc.csproj'.
info :   CACHE https://api.nuget.org/v3/registration5-gz-semver2/microsoft.azure.signalr.management/index.json
info :   GET https://pkgs.dev.azure.com/<removed>/_packaging/<removed>/nuget/v3/registrations2-semver2/microsoft.azure.signalr.management/index.json
info :   GET https://<removed>.pkgs.visualstudio.com/_packaging/<removed>/nuget/v3/registrations2-semver2/microsoft.azure.signalr.management/index.json
info :   Unauthorized https://<removed>.pkgs.visualstudio.com/_packaging/<removed>/nuget/v3/registrations2-semver2/microsoft.azure.signalr.management/index.json 272ms
info :   Unauthorized https://pkgs.dev.azure.com/<removed>/_packaging/<removed>/nuget/v3/registrations2-semver2/microsoft.azure.signalr.management/index.json 275ms
error: Response status code does not indicate success: 401 (Unauthorized).

I am on NuGet Command Line 5.8.0.6930 and dotnet 5.0.1.02

from artifacts-credprovider.