microsoft / artifacts-credprovider Goto Github PK
View Code? Open in Web Editor NEWThe Azure Artifacts Credential Provider enables dotnet, NuGet.exe, and MSBuild to interactively acquire credentials for Azure Artifacts feeds.
License: MIT License
artifacts-credprovider's Issues
nuget.config interfere with VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
running on linux (docker) .
using microsoft/dotnet:2.1.403-sdk
and https://github.com/Microsoft/artifacts-credprovider/releases/download/...
VSS_NUGET_EXTERNAL_FEED_ENDPOINTS is set up correctly to authenticated to a tfs 2017 nuget feed.
If I add a nuget.config in the restore directory, something gets broken and I get a 401 ...
If I remove the nuget.config it does work back again .
Note that it does not work even if I put corect credentials (pat token) in the nuget.config
("ems" is an on premise tfs 2017 nuget feed)
Is nuget.config supported somehow in this scenario ? If it is not, it should be ignored altogether.
p.s. : the nuget.config is fine since I was using it nuget.exe for restore (but had to pull mono in the build) container).
nuget commandline verbosity not matched causes random crashes
Using current version along nuget.exe causes random crashes when nuget -verbosity parameter is defined. This is due to mismatch of possible values of this parameter. You are using LogLevel from https://github.com/NuGet/NuGet.Client/blob/dev/src/NuGet.Core/NuGet.Common/Errors/LogLevel.cs
public enum LogLevel
{
Debug = 0,
Verbose = 1,
Information = 2,
Minimal = 3,
Warning = 4,
Error = 5
}
while you should be using Verbosity from https://github.com/NuGet/NuGet.Client/blob/dev/src/NuGet.Clients/NuGet.CommandLine/Common/Verbosity.cs
public enum Verbosity
{
Normal,
Quiet,
Detailed
}
Due to current implementation, every time that verbosity is set as parameter of nuget executable and something odd happens (like authentication not working) app evaluates verbosity argument and crashes like that:
[CredentialProvider] Could not find ADAL token for https://company.pkgs.visualstudio.com/_packaging/company/nuget/v3/index.json
[CredentialProvider] Failed to acquire bearer token for VSTSSessionTokenClient
WARNING: The plugin credential provider could not acquire credentials. Authentication may require manual action. Consider re-running the command with --interactive for `dotnet`, /p:NuGetInteractive="true" for MSBuild or removing the -NonInteractive switch for `NuGet`
WARNING: The credential plugin model used by 'M:\j_ukcamsjenkins02_CFP_PU_x86_9\Build\NuGet\Client\CredentialProvider.Microsoft.exe' is deprecated. Please contact the provider of the plugin for an alternative. More information about the recommended plugin model can be found at 'https://aka.ms/nuget-cross-platform-authentication-plugin'.
CredentialProvider.Microsoft: Unhandled Exception: PowerArgs.ValidationArgException: detailed is not a valid value for type LogLevel, options are Debug, Verbose, Information, Minimal, Warning, Error
CredentialProvider.Microsoft: at PowerArgs.ArgRevivers.ReviveEnum(Type t, String value, Boolean ignoreCase)
CredentialProvider.Microsoft: at PowerArgs.CommandLineArgument.Revive(String commandLineValue)
CredentialProvider.Microsoft: at PowerArgs.CommandLineArgument.Populate(HookContext context)
CredentialProvider.Microsoft: at PowerArgs.CommandLineArgument.PopulateArguments(List`1 arguments, HookContext context)
CredentialProvider.Microsoft: at PowerArgs.Args.ParseInternal(CommandLineArgumentsDefinition definition, String[] input)
CredentialProvider.Microsoft: at PowerArgs.Args.<>c__DisplayClass13_0.<ParseAction>b__0()
CredentialProvider.Microsoft: at PowerArgs.Args.Execute[T](Func`1 argsProcessingCode)
CredentialProvider.Microsoft: at PowerArgs.Args.ParseAction(CommandLineArgumentsDefinition definition, String[] args)
CredentialProvider.Microsoft: at PowerArgs.Args.ParseAction(Type t, String[] args)
CredentialProvider.Microsoft: at PowerArgs.Args.Parse(Type t, String[] args)
CredentialProvider.Microsoft: at PowerArgs.Args.Parse[T](String[] args)
CredentialProvider.Microsoft: at PowerArgs.Args.<>c__DisplayClass22_0`1.<ParseAsync>b__0()
CredentialProvider.Microsoft: at System.Threading.Tasks.Task`1.InnerInvoke()
CredentialProvider.Microsoft: at System.Threading.Tasks.Task.Execute()
CredentialProvider.Microsoft: --- End of stack trace from previous location where exception was thrown ---
CredentialProvider.Microsoft: at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
CredentialProvider.Microsoft: at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
CredentialProvider.Microsoft: at NuGetCredentialProvider.Program.<Main>d__11.MoveNext() in E:\A\_work\857\s\CredentialProvider.Microsoft\Program.cs:line 63
CredentialProvider.Microsoft: --- End of stack trace from previous location where exception was thrown ---
CredentialProvider.Microsoft: at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
CredentialProvider.Microsoft: at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
CredentialProvider.Microsoft: at NuGetCredentialProvider.Program.<Main>(String[] args)
Unable to load the service index for source https://company.pkgs.visualstudio.com/_packaging/company/nuget/v3/index.json.
Response status code does not indicate success: 401 (Unauthorized).
System.InvalidOperationException: Unable to load the service index for source https://company.pkgs.visualstudio.com/_packaging/company/nuget/v3/index.json.
---> NuGet.Protocol.Core.Types.FatalProtocolException: Unable to load the service index for source https://company.pkgs.visualstudio.com/_packaging/company/nuget/v3/index.json.
---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at NuGet.Protocol.HttpSource.<>c__DisplayClass14_0`1.<<GetAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Common.ConcurrencyUtilities.<ExecuteWithFileLockedAsync>d__2`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
...
Cred provider does not work with .net sdk 3.0.100
Install .net sdk 3.0.100.
Set NUGET_PLUGINS_PATH to point to the cred provider location. Use dotnet restore to restore packages. Fails with:
It was not possible to find any compatible framework version
The specified framework 'Microsoft.NETCore.App', version '2.1.0' was not found.
- Check application dependencies and target a framework version installed at:
/usr/share/dotnet/ - Installing .NET Core prerequisites might help resolve this problem:
https://go.microsoft.com/fwlink/?LinkID=798306&clcid=0x409 - The .NET Core framework and SDK can be installed from:
https://aka.ms/dotnet-download - The following versions are installed:
3.0.0-preview-27122-01 at [/usr/share/dotnet/shared/Microsoft.NETCore.App]
1>/usr/share/dotnet/sdk/3.0.100-preview-009812/NuGet.targets(114,5): error : Broken pipe [/root/code/code1/code1.csproj]
System.IO.IOException: Broken pipe
at System.IO.FileStream.WriteNative(ReadOnlySpan1 source) at System.IO.FileStream.FlushWriteBuffer() at System.IO.FileStream.Dispose(Boolean disposing) at System.IO.Stream.Close() at System.IO.StreamWriter.CloseStreamFromDispose(Boolean disposing) at System.IO.StreamWriter.Dispose(Boolean disposing) at System.IO.TextWriter.Dispose() at NuGet.Protocol.Plugins.Sender.Dispose() at NuGet.Protocol.Plugins.Connection.Dispose() at NuGet.Protocol.Plugins.Plugin.Dispose() at NuGet.Protocol.Plugins.PluginFactory.CreatePluginAsync(String filePath, IEnumerable1 arguments, IRequestHandlers requestHandlers, ConnectionOptions options, CancellationToken sessionCancellationToken)
at NuGet.Protocol.Plugins.PluginFactory.GetOrCreateAsync(String filePath, IEnumerable`1 arguments, IRequestHandlers requestHandlers, ConnectionOptions options, CancellationToken sessionCancellationToken)
at NuGet.Protocol.Core.Types.PluginManager.<>c__DisplayClass24_0.<b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
After that I removed the NUGET_PLUGINS_PATH location and it worked well. So, there is something wrong with nuget talking to plugin for the first time.
Need to revert this commit once resolved.
How to set CanShowDialog from MSBuild?
Hi @satbai I'm using the credprovider from MSBuild, and even though I pass /p:NugetInteractive=true the CanShowDialog is still set to false:
IsNonInteractive: False, CanShowDialog: False
It looks like there is no way to thread through the setting to the task from MSBuild?
Self-hosted build agent and dotnet restore
How are we supposed to configure this if a self-hosted agent is installed on a own server and a build script calls dotnet restore? I have a custom nuget.config that clears and adds:
1 - a Azure DevOps Artifacts feed
2 - NuGet org
Is it supposed to work if I:
Add environment variable: NUGET_PLUGIN_PATHS pointing to folder with the ZIPs plugins
Add environment variable: VSS_NUGET_EXTERNAL_FEED_ENDPOINTS with JSON
{"endpointCredentials": [{"endpoint":"https://myfeed.com/index.json", "username":"not-required", "password":"accesstoken"}]}
The access token has full rights to Packages feeds.
InstallCredentialProvider.ps1 fails with dotnet sdk 3.0 docker image
I'm trying to install Credential Provider through dockerfile but looks like it is failing for asp.net core sdk 3.0 (mcr.microsoft.com/dotnet/core/sdk:3.0) docker image.
The script InstallCredentialProvider.ps1 is https://github.com/microsoft/artifacts-credprovider/blob/master/helpers/installcredprovider.ps1
Step 12/23 : RUN pwsh InstallCredentialProvider.ps1
---> Running in 7c6e24ab258f
Fetching release https://api.github.com/repos/Microsoft/artifacts-credprovider/releases/latest
Using Microsoft.NetCore2.NuGet.CredentialProvider.zip
Creating temp directory for the Credential Provider zip: C:\Windows\TEMP\CredProviderZip
Directory: C:\Windows\TEMP
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---- 9/5/2019 11:02 AM CredProviderZip
Downloading https://github.com/microsoft/artifacts-credprovider/releases/download/0.1.18/Microsoft.NetCore2.NuGet.CredentialProvider.zip to C:\Windows\TEMP\CredProviderZip\Microsoft.NuGet.CredentialProvider.zip
Extracting zip to the Credential Provider temp directory
Copying Credential Provider to .nuget\plugins
Copy-Item : Cannot find path 'C:\Windows\TEMP\CredProviderZip\plugins\netcore\CredentialProvider.Microsoft' because it does not exist.
At C:\src\InstallCredentialProvider.ps1:128 char:1
+ Copy-Item ([System.IO.Path]::Combine($tempZipLocation, "plugins", $lo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Windows\TEMP\Cre…lProvider.Microsoft:String) [Copy-Item], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
The command 'cmd /S /C pwsh InstallCredentialProvider.ps1' returned a non-zero code: 1
Corrupted 'SessionTokenCache.dat' produces inactionable, unrecoverable 'The data is invalid' errors
Overview
I installed the cred provider to interact with an Azure DevOps packages feed. All was well.
At some point (possibly after a Blue Screen, though I'm not sure), all of my nuget commands started failing with the following error message.
at NuGet.Protocol.Plugins.OutboundRequestContext`1.HandleFault(Message fault)
at NuGet.Protocol.Plugins.MessageDispatcher.OnMessageReceived(Object sender, MessageEventArgs e)
at System.EventHandler`1.Invoke(Object sender, TEventArgs e)
at NuGet.Protocol.Plugins.StandardOutputReceiver.OnLineRead(Object sender, LineReadEventArgs e)
--- End of inner exception stack trace ---
The error didn't go away after re-runs and a reboot.
The errors provided no hint as to what the issue was or how it could be resolved.
After debugging for a while, I was able to trace the error to the following call stack:
credentialprovider.microsoft.exe!NuGetCredentialProvider.Util.EncryptedFile.ReadFileBytes(string, bool) Line 17 C#
credentialprovider.microsoft.exe!NuGetCredentialProvider.Util.SessionTokenCache.ReadFileBytes() Line 85 C#
credentialprovider.microsoft.exe!NuGetCredentialProvider.Util.SessionTokenCache.Cache.get() Line 27 C#
credentialprovider.microsoft.exe!NuGetCredentialProvider.Util.SessionTokenCache.TryGetValue(System.Uri, out string) Line 53 C#
credentialprovider.microsoft.exe!NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.TryCache(NuGet.Protocol.Plugins.GetAuthenticationCredentialsRequest, out string) Line 149 C#
credentialprovider.microsoft.exe!NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.HandleRequestAsync(NuGet.Protocol.Plugins.GetAuthenticationCredentialsRequest) Line 63 C#
credentialprovider.microsoft.exe!NuGetCredentialProvider.Program.Main(string[]) Line 155 C#
It looks like my %LocalAppData%\MicrosoftCredentialProvider\SessionTokenCache.dat file was corrupted somehow, leading to these errors.
Repro
- Use the cred provider to install a package
- Use a text editor to tweak the contents of %LocalAppData%\MicrosoftCredentialProvider\SessionTokenCache.dat
- Try to install another package using the cred provider
Expected behavior
The tool should ideally detect that the file is corrupted and recreate it. That failing, it should at least log something like 'File X contains invalid data.'
Credential Provider is for Read-Only use cases?
I just have a question about this project.
Can this artifacts credential provider be used to push packages to our internal Azure Dev Ops Artefacts feed.
If not, can you point me in the right direction in how I can achieve this. Limitations are that I cannot use the yaml tasks to push packages, I should be able to do it from a script.
installcredprovider.sh errors on WSL (Ubuntu)
/home/vihofer/corefx/artifacts/installcredprovider.sh: 16: /home/vihofer/corefx/artifacts/installcredprovider.sh: [[: not found
Seems like https://github.com/Microsoft/artifacts-credprovider/blob/master/helpers/installcredprovider.sh#L16 is not supported on all bash variants?
'dotnet restore' unhandled exception with NuGetCredentialProvider
Hey team,
I'm not sure if this is an issue with the dotnet CLI or with the credential provider. I'll try this repository first. I've also reviewed the other open issues and it this doesn't appear to be related.
We are using Azure Artifacts and restoring packages in a docker container:
WORKDIR /nuget_cache_warmer
COPY **/*.csproj ./
RUN for f in ./*.csproj; do dotnet restore $f --source $NUGET_SOURCE --source https://api.nuget.org/v3/index.jsonl; done
This is our base image: FROM microsoft/dotnet:2.1-sdk
Intermittently, I start to see:
Unhandled Exception: [0m [91mSystem.Threading.Tasks.TaskCanceledException: A task was canceled.
NuGet.Protocol.Plugins.MessageDispatcher.DispatchWithNewContextAsync[TOutgoing,TIncoming](IConnection connection, MessageType type, MessageMethod method, TOutgoing payload, CancellationToken cancellationToken) at NuGet.Protocol.Plugins.SymmetricHandshake.HandshakeAsync(CancellationToken cancellationToken) at NuGet.Protocol.Plugins.Connection.ConnectAsync(CancellationToken cancellationToken)
at NuGet.Protocol.Plugins.PluginFactory.CreateFromCurrentProcessAsync(IRequestHandlers requestHandlers, ConnectionOptions options, CancellationToken sessionCancellationToken)
at NuGetCredentialProvider.Program.Main(String[] args)
at NuGetCredentialProvider.Program.<Main>(String[] args)
This happens more than once during the restore processing, but not for every .csproj file.
What is interesting compared to other issues is the restore process will complete, and I can run the next docker step to build my project successfully.
If it matters, the docker build is running on a Linux TeamCity agent. If I run dotnet restore --disable-parallel, the exception does not occur, however the restore takes twice as long (as expected).
Since I can still restore successfully this isn't a huge problem, though I thought I'd report it.
installcredprovider.ps1 should be digitally signed
When I try to run the powershell script, I get the error:
"installcredprovider.ps1 cannot be loaded. The file C:\Program Files\artifacts-credprovider-master\helpers\installcredprovider.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and settingexecution policy, see about_Execution_Policies at blah blah."
Digitally signing the script will also help protect the integrity of the file.
Setup artifacts-credprovider in TFS CI/CD with Docker
Hello,
I'm trying to restore Nuget packages from a private TFS in a docker container using TFS CI/CD. Unfortunately I'm still getting 401 Unauthorized.
Docker File
FROM microsoft/dotnet:2.2-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
FROM microsoft/dotnet:2.2-sdk AS build
WORKDIR /src
COPY ["Web/Web.csproj", "Web/"]
RUN curl -s -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
COPY nuget.config ./
RUN export VSS_NUGET_EXTERNAL_FEED_ENDPOINTS={"endpointCredentials": [{"endpoint":"http://[redacted]/tfs/SDCC/_packaging/SDCC/nuget/v3/index.json", "username":"[user]", "password":"[PAT]"}]}
ARG token
ENV SYSTEM_ACCESSTOKEN = $token
ENV DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0
RUN dotnet restore "Web/Web.csproj" --configfile nuget.config -nowarn:msb3202,nu1503 --verbosity diag
COPY . .
WORKDIR "/src/Web"
RUN dotnet build "Web.csproj" -c Release -o /app
FROM build AS publish
RUN dotnet publish "Web.csproj" -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "Web.dll"]
Nuget.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<!--To inherit the global NuGet package sources remove the <clear/> line below -->
<clear />
<add key="nuget" value="https://api.nuget.org/v3/index.json" />
<add key="SDCC" value="https://[Redacted]/tfs/SDCC/_packaging/SDCC/nuget/v3/index.json" />
</packageSources>
<packageSourceCredentials>
<SDCC>
<add key="Username" value="[UserName]" />
<add key="ClearTextPassword" value="[PAT]" />
</SDCC>
</packageSourceCredentials>
</configuration>
If I install CredProvider I receive that it can't find the nuget package.
If I don't use CredProvider and don't use nuget.config I receive a message, but I guess that's because I don't have included the nuget.config in the docker image
error NU1101: Unable to find package Sdcc.Core. No packages exist with this id in source(s): nuget.org
As response, Either I receive unauhtorized
Response status code does not indicate success: 401 (Unauthorized)
Invaldi status code was supplied
GSSAPI operation failed with error - An invalid status code was supplied (Configuration file does not specify default realm). [/src/Web/Web.csproj]
I'm lost, I have no other idea what to do, as a workaround which works, but breaks the principle of Docker is that In my CI/CD TFS Pipeline, I'm making the restore / build / publish and push everything in Docker container and push the Docker Image.
Thanks
Provider does not seem to work with latest SDK docker image
The readme is not very clear on what the prerequisites are for this on Linux -- or, indeed, whether or not this even works with dotnet on Linux. I have a container based on microsoft/dotnet:2.1-sdk which contains version 2.1.402 of the SDK according to dotnet, I have run the install script and /root/.nuget/plugins contains the provider, but:
- Setting VSS_NUGET_EXTERNAL_FEED_ENDPOINTS does not seem to have any effect (even with the correct syntax, as per #33)
- Running
dotnet restore --interactive project.csprojlikewise fails with a 401 without ever prompting for anything.
There's no evidence that the plugin is being run, so I'm guessing my prerequisites are somehow wrong.
Random "A task was canceled." errors
IRequestHandler instances are singletons. The CancellationToken passed to HandleResponseAsync(...) is per-request. Because RequestHandlerBase is changing RequestHandlerBase.CancellationToken on every request, there's the possibility that multiple inbound requests for the same handler could incorrectly share the same CancellationToken.
$profilePath is not resolved correctly in Windows Docker container
I have been trying to connect to my company's private nuget feed from inside a docker container and struggled to make it work.
In the end I found that there was an bug in the copying of the extracted files: they were copied to the folder where the script was run from instead of the UserProfile folder.
Checking the content of [System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::UserProfile) in the intermediate container shows that it is empty (while it should be 'C;\Users\ContainerUser').
The base image I used is mcr.microsoft.com/dotnet/core/sdk:3.0
Workaround:
Changing $profilePath=System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::UserProfile) to $profilePath="C:\Users\ContainerUser\" made it work in my case.
[YAML-BUILD] 401 when building Dockerfile in Build Agent (Interactive?)
Passing in the $(System.AccessToken) and using a custom NuGet.config, I'm seeing this error in the build:
Error
/usr/share/dotnet/sdk/2.2.104/NuGet.targets(114,5): warning : The plugin credential provider could not acquire credentials. Authentication may require manual action. Consider re-running the command with --interactive for `dotnet`, /p:NuGetInteractive="true" for MSBuild or removing the -NonInteractive switch for `NuGet` [/src/Solution/Project.csproj]
/usr/share/dotnet/sdk/2.2.104/NuGet.targets(114,5): error : Unable to load the service index for source https://pkgs.dev.azure.com/1234567890/_packaging/0987654321/nuget/v3/index.json. [/src/Solution/Project.csproj]
/usr/share/dotnet/sdk/2.2.104/NuGet.targets(114,5): error : Response status code does not indicate success: 401 (Unauthorized). [/src/Solution/Project.csproj]
Build YAML
variables:
PAT: $(System.AccessToken)
...
- task: DockerCompose@0
displayName: Container build
inputs:
action: Build services
containerregistrytype: Azure Container Registry
azureSubscriptionEndpoint: $(azureSubscriptionEndpoint)
azureContainerRegistry: $(azureContainerRegistry)
dockerComposeFile: $(projectRootPath)/docker-compose.yml
additionalDockerComposeFiles: docker-compose.az-build.yml
env:
DOCKER_REGISTRY: $(azureContainerRegistry)/
PAT: $(PAT)
Dockerfile
FROM microsoft/dotnet:2.2-sdk AS sdk-base
ARG FEED_URL
ARG PAT
FROM microsoft/dotnet:2.2-aspnetcore-runtime-alpine AS runtime-base
FROM sdk-base AS build
ARG FEED_URL
ARG PAT
# Install the Credential Provider to configure the access
RUN wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
# Configure the environment variables
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\":\"${FEED_URL}\", \"password\":\"${PAT}\"}]}"
WORKDIR /src
COPY ["Solution/Project.csproj", "Solution/"]
COPY ["NuGet.config", "."]
RUN dotnet restore "Solution/Project.csproj" --configfile ./NuGet.config -v quiet
NuGet.config
<configuration>
<packageSources>
<clear />
<add key="0987654321" value="https://pkgs.dev.azure.com/1234567890/_packaging/0987654321/nuget/v3/index.json." protocolVersion="3" />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
</packageSources>
<activePackageSource>
<add key="All" value="(Aggregate source)" />
</activePackageSource>
</configuration>
Can't restore with NuGet.exe (error running the CredentialProvider)
Hi,
I am trying to use the CredentialProvider to authenticate with a feed in Azure Artifacts, but I can't get it to work with nuget.exe restore.
I have the CredentialProvider in a custom folder and set the NUGET_CREDENTIALPROVIDERS_PATH env var to that same place.
However, when I attemp to run NuGet restore, it keeps failing with 401 (Unauthorized).
I tried to pass the switch -verbosity detailed to nuget.exe, and I get the followin stack trace:
Restoring NuGet package Node.js.x86.0.10.36. WARNING: The credential plugin model used by 'C:\svn\trunkrepo\ServiceStudio\..\Commons\ThirdParty\AzureCredentialsProvider\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe' is deprecated. Please contact the provider of the plugin for an alternative. More information about the recommended plugin model can be found at 'https://aka.ms/nuget-cross-platform-authentication-plugin'. CredentialProvider.Microsoft: Unhandled Exception: PowerArgs.ValidationArgException: detailed is not a valid value for type LogLevel, options are Debug, Verbose, Information, Minimal, Warning, Error CredentialProvider.Microsoft: at PowerArgs.ArgRevivers.ReviveEnum(Type t, String value, Boolean ignoreCase) CredentialProvider.Microsoft: at PowerArgs.CommandLineArgument.Revive(String commandLineValue) CredentialProvider.Microsoft: at PowerArgs.CommandLineArgument.Populate(HookContext context) CredentialProvider.Microsoft: at PowerArgs.CommandLineArgument.PopulateArguments(List1 arguments, HookContext context)
CredentialProvider.Microsoft: at PowerArgs.Args.ParseInternal(CommandLineArgumentsDefinition definition, String[] input)
CredentialProvider.Microsoft: at PowerArgs.Args.<>c__DisplayClass13_0.b__0()
CredentialProvider.Microsoft: at PowerArgs.Args.Execute[T](Func1 argsProcessingCode) CredentialProvider.Microsoft: at PowerArgs.Args.ParseAction(CommandLineArgumentsDefinition definition, String[] args) CredentialProvider.Microsoft: at PowerArgs.Args.ParseAction(Type t, String[] args) CredentialProvider.Microsoft: at PowerArgs.Args.Parse(Type t, String[] args) CredentialProvider.Microsoft: at PowerArgs.Args.Parse[T](String[] args) CredentialProvider.Microsoft: at PowerArgs.Args.<>c__DisplayClass22_01.b__0()
CredentialProvider.Microsoft: at System.Threading.Tasks.Task1.InnerInvoke() CredentialProvider.Microsoft: at System.Threading.Tasks.Task.Execute() CredentialProvider.Microsoft: --- End of stack trace from previous location where exception was thrown --- CredentialProvider.Microsoft: at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() CredentialProvider.Microsoft: at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) CredentialProvider.Microsoft: at NuGetCredentialProvider.Program.<Main>d__11.MoveNext() in E:\A\_work\857\s\CredentialProvider.Microsoft\Program.cs:line 63 CredentialProvider.Microsoft: --- End of stack trace from previous location where exception was thrown --- CredentialProvider.Microsoft: at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() CredentialProvider.Microsoft: at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) CredentialProvider.Microsoft: at NuGetCredentialProvider.Program.<Main>(String[] args)
Can I get some help to understand what's going on? It looks like when I build using MSBuild (without calling nuget.exe directly) it works, but I can't get it to work with nuget.exe.
Best Regards,
Diogo Oliveira
ADAL should enable use of system creds
ADAL currently uses PromptBehavior.Always:
https://github.com/microsoft/artifacts-credprovider/blob/master/CredentialProvider.Microsoft/CredentialProviders/Vsts/AdalTokenProvider.cs#L85
Instead, it should use PromptBehavior.SelectAccount, which enables the user to select workplace joined/AAD joined accounts and remove the need to enter in a password again.
installcredprovider.sh doesn't work
ERROR: Unable to find url in JSON response. Response: {
"url": "https://api.github.com/repos/Microsoft/artifacts-credprovider/releases/16072424",
"assets_url": "https://api.github.com/repos/Microsoft/artifacts-credprovider/releases/16072424/assets",
"upload_url": "https://uploads.github.com/repos/Microsoft/artifacts-credprovider/releases/16072424/assets{?name,label}",
"html_url": "https://github.com/Microsoft/artifacts-credprovider/releases/tag/0.1.15",
"id": 16072424,
"node_id": "MDc6UmVsZWFzZTE2MDcyNDI0",
"tag_name": "0.1.15",
"target_commitish": "master",
"name": "0.1.15",
"draft": false,
"author": {
"login": "satbai",
"id": 24945574,
"node_id": "MDQ6VXNlcjI0OTQ1NTc0",
"avatar_url": "https://avatars0.githubusercontent.com/u/24945574?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/satbai",
"html_url": "https://github.com/satbai",
"followers_url": "https://api.github.com/users/satbai/followers",
"following_url": "https://api.github.com/users/satbai/following{/other_user}",
"gists_url": "https://api.github.com/users/satbai/gists{/gist_id}",
"starred_url": "https://api.github.com/users/satbai/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/satbai/subscriptions",
"organizations_url": "https://api.github.com/users/satbai/orgs",
"repos_url": "https://api.github.com/users/satbai/repos",
"events_url": "https://api.github.com/users/satbai/events{/privacy}",
"received_events_url": "https://api.github.com/users/satbai/received_events",
"type": "User",
"site_admin": false
},
"prerelease": false,
"created_at": "2019-03-12T20:54:18Z",
"published_at": "2019-03-12T21:18:31Z",
"assets": [
{
"url": "https://api.github.com/repos/Microsoft/artifacts-credprovider/releases/assets/11496508",
"id": 11496508,
"node_id": "MDEyOlJlbGVhc2VBc3NldDExNDk2NTA4",
"name": "Microsoft.NetCore2.NuGet.CredentialProvider.tar.gz",
"label": null,
"uploader": {
"login": "satbai",
"id": 24945574,
"node_id": "MDQ6VXNlcjI0OTQ1NTc0",
"avatar_url": "https://avatars0.githubusercontent.com/u/24945574?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/satbai",
"html_url": "https://github.com/satbai",
"followers_url": "https://api.github.com/users/satbai/followers",
"following_url": "https://api.github.com/users/satbai/following{/other_user}",
"gists_url": "https://api.github.com/users/satbai/gists{/gist_id}",
"starred_url": "https://api.github.com/users/satbai/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/satbai/subscriptions",
"organizations_url": "https://api.github.com/users/satbai/orgs",
"repos_url": "https://api.github.com/users/satbai/repos",
"events_url": "https://api.github.com/users/satbai/events{/privacy}",
"received_events_url": "https://api.github.com/users/satbai/received_events",
"type": "User",
"site_admin": false
},
"content_type": "application/x-gzip",
"state": "uploaded",
"size": 1248422,
"download_count": 71,
"created_at": "2019-03-12T21:18:17Z",
"updated_at": "2019-03-12T21:18:18Z",
"browser_download_url": "https://github.com/Microsoft/artifacts-credprovider/releases/download/0.1.15/Microsoft.NetCore2.NuGet.CredentialProvider.tar.gz"
},
{
"url": "https://api.github.com/repos/Microsoft/artifacts-credprovider/releases/assets/11496507",
"id": 11496507,
"node_id": "MDEyOlJlbGVhc2VBc3NldDExNDk2NTA3",
"name": "Microsoft.NetCore2.NuGet.CredentialProvider.zip",
"label": null,
"uploader": {
"login": "satbai",
"id": 24945574,
"node_id": "MDQ6VXNlcjI0OTQ1NTc0",
"avatar_url": "https://avatars0.githubusercontent.com/u/24945574?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/satbai",
"html_url": "https://github.com/satbai",
"followers_url": "https://api.github.com/users/satbai/followers",
"following_url": "https://api.github.com/users/satbai/following{/other_user}",
"gists_url": "https://api.github.com/users/satbai/gists{/gist_id}",
"starred_url": "https://api.github.com/users/satbai/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/satbai/subscriptions",
"organizations_url": "https://api.github.com/users/satbai/orgs",
"repos_url": "https://api.github.com/users/satbai/repos",
"events_url": "https://api.github.com/users/satbai/events{/privacy}",
"received_events_url": "https://api.github.com/users/satbai/received_events",
"type": "User",
"site_admin": false
},
"content_type": "application/x-zip-compressed",
"state": "uploaded",
"size": 1262044,
"download_count": 3767,
"created_at": "2019-03-12T21:18:13Z",
"updated_at": "2019-03-12T21:18:13Z",
"browser_download_url": "https://github.com/Microsoft/artifacts-credprovider/releases/download/0.1.15/Microsoft.NetCore2.NuGet.CredentialProvider.zip"
},
{
"url": "https://api.github.com/repos/Microsoft/artifacts-credprovider/releases/assets/11496506",
"id": 11496506,
"node_id": "MDEyOlJlbGVhc2VBc3NldDExNDk2NTA2",
"name": "Microsoft.NuGet.CredentialProvider.tar.gz",
"label": null,
"uploader": {
"login": "satbai",
"id": 24945574,
"node_id": "MDQ6VXNlcjI0OTQ1NTc0",
"avatar_url": "https://avatars0.githubusercontent.com/u/24945574?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/satbai",
"html_url": "https://github.com/satbai",
"followers_url": "https://api.github.com/users/satbai/followers",
"following_url": "https://api.github.com/users/satbai/following{/other_user}",
"gists_url": "https://api.github.com/users/satbai/gists{/gist_id}",
"starred_url": "https://api.github.com/users/satbai/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/satbai/subscriptions",
"organizations_url": "https://api.github.com/users/satbai/orgs",
"repos_url": "https://api.github.com/users/satbai/repos",
"events_url": "https://api.github.com/users/satbai/events{/privacy}",
"received_events_url": "https://api.github.com/users/satbai/received_events",
"type": "User",
"site_admin": false
},
"content_type": "application/x-gzip",
"state": "uploaded",
"size": 3157816,
"download_count": 2124,
"created_at": "2019-03-12T21:18:06Z",
"updated_at": "2019-03-12T21:18:07Z",
"browser_download_url": "https://github.com/Microsoft/artifacts-credprovider/releases/download/0.1.15/Microsoft.NuGet.CredentialProvider.tar.gz"
},
{
"url": "https://api.github.com/repos/Microsoft/artifacts-credprovider/releases/assets/11496505",
"id": 11496505,
"node_id": "MDEyOlJlbGVhc2VBc3NldDExNDk2NTA1",
"name": "Microsoft.NuGet.CredentialProvider.zip",
"label": null,
"uploader": {
"login": "satbai",
"id": 24945574,
"node_id": "MDQ6VXNlcjI0OTQ1NTc0",
"avatar_url": "https://avatars0.githubusercontent.com/u/24945574?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/satbai",
"html_url": "https://github.com/satbai",
"followers_url": "https://api.github.com/users/satbai/followers",
"following_url": "https://api.github.com/users/satbai/following{/other_user}",
"gists_url": "https://api.github.com/users/satbai/gists{/gist_id}",
"starred_url": "https://api.github.com/users/satbai/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/satbai/subscriptions",
"organizations_url": "https://api.github.com/users/satbai/orgs",
"repos_url": "https://api.github.com/users/satbai/repos",
"events_url": "https://api.github.com/users/satbai/events{/privacy}",
"received_events_url": "https://api.github.com/users/satbai/received_events",
"type": "User",
"site_admin": false
},
"content_type": "application/x-zip-compressed",
"state": "uploaded",
"size": 3949510,
"download_count": 15441,
"created_at": "2019-03-12T21:18:02Z",
"updated_at": "2019-03-12T21:18:03Z",
"browser_download_url": "https://github.com/Microsoft/artifacts-credprovider/releases/download/0.1.15/Microsoft.NuGet.CredentialProvider.zip"
}
],
"tarball_url": "https://api.github.com/repos/Microsoft/artifacts-credprovider/tarball/0.1.15",
"zipball_url": "https://api.github.com/repos/Microsoft/artifacts-credprovider/zipball/0.1.15",
"body": "- Fixing 'task is canceled' issue\r\n- Adding mutex handling to SessionTokenCache\r\n- Adding more verbose logs"
}
installcredprovider script should respect NUGET_PACKAGES env variable
Work with MFA
Is this tool supposed to work if my account has 2 factor authentication turned on? I'm getting prompted for my username and password but am receiving a Response status code does not indicate success: 401 (Unauthorized). I've double checked my credentials so I was wondering if MFA might be giving me issues? I've tried giving it a PAT also with no luck
dotnet list package --outdated returns 401
On my Mac development machine, everything is working for commands like dotnet restore or dotnet add package {private package}.
However checking outdated items with dotnet list package --outdated I get the following error:
Ginsberg-2:TS.XXXX.Api user$ dotnet list package --outdated
The following sources were used:
https://api.nuget.org/v3/index.json
https://XXXX.pkgs.visualstudio.com/_packaging/XXXX/nuget/v3/index.json
error: Unable to load the service index for source
https://XXXX.pkgs.visualstudio.com/_packaging/XXXX/nuget/v3/index.json.
error: Response status code does not indicate success: 401 (Unauthorized).
The dotnet list package --outdated doesn't support the --interactive flag.
Ginsberg-2:TS.XXXX.Api user$ dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 2.2.104
Commit: 73f036d4ac
Runtime Environment:
OS Name: Mac OS X
OS Version: 10.14
OS Platform: Darwin
RID: osx.10.14-x64
Base Path: /usr/local/share/dotnet/sdk/2.2.104/
Host (useful for support):
Version: 2.2.2
Commit: a4fd7b2c84
.NET Core SDKs installed:
2.1.4 [/usr/local/share/dotnet/sdk]
2.1.503 [/usr/local/share/dotnet/sdk]
2.2.104 [/usr/local/share/dotnet/sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.1.7 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.2.2 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.1.7 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.2.2 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.0.5 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 2.1.7 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App] .
Microsoft.NETCore.App 2.2.2 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
To install additional .NET Core runtimes or SDKs:
https://aka.ms/dotnet-download
Random failure to authenticate to Azure DevOps using dotnet tool
The credential provider fails to properly authenticate with an Azure DevOps feed about 50% of the time as shown below:
A Fiddler trace shows that the "Authorization" header contains invalid credentials for the times that it fails:
GET https://REDACTED/_packaging/REDACTED/nuget/v3/flat2/REDACTED/index.json HTTP/1.1
X-NuGet-Session-Id: REDACTED
User-Agent: NuGet .NET Core MSBuild Task/4.9.0 (Microsoft Windows 10.0.17134 )
X-NuGet-Client-Version: 4.9.0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Authorization: Basic Og==
Host: REDACTED
Decoding "Og==" in Base64 results in ":"
Unable to use credential provider in a multistage docker build using a dotnet core 3.0 image
I start my multistage docker builds with FROM mcr.microsoft.com/dotnet/core/sdk:3.0 as I'm evaluating .NET Core 3.0.0-preview5. The code I build has dependencies in a private NuGet feed so I use the following along with ARG VSS_NUGET_EXTERNAL_FEED_ENDPOINTS to supply the required auth info:
FROM mcr.microsoft.com/dotnet/core/sdk:3.0
ARG VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
# support private nuget feeds using the env VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
RUN wget https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh \
&& chmod +x installcredprovider.sh \
&& ./installcredprovider.sh
Feed authorization has worked in the past when the base image is a sdk:2.2 or similar tag. The problem with using the sdk:3.0 tag is that the credentials provider is dependent on .NET Core 2.1 which is unavailable in the base docker image.
Is there a version of the credential provider built for .NET Core 3.0.0 previews, preferably the latest?
How to set VSS_NUGET_EXTERNAL_FEED_ENDPOINTS correctly
I'm trying to set VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable but it looks like no effect.
Here are the steps to reproduce my problem.
Machine A:
-
Install
NuGet.exeandCredentialProvider.VSS.exechoco install nuget.commandline nuget-credentialprovider-vss -y
-
Create new
nuget.configfiledotnet new nuget
-
Add my Azure Artifacts NuGet feed
nuget sources add -Name {YourOrg} -Source https://{YourOrg}.pkgs.visualstudio.com/_packaging/{YourProject}/nuget/v3/index.json -
Try pass the authenticate
nuget list
-
Generate PAT by the following command. Copy the "Password" property's value as PAT.
CredentialProvider.VSS.exe -U https://{YourOrg}.pkgs.visualstudio.com/_packaging/{YourProject}/nuget/v3/index.json
Machine B:
-
Install
NuGet.exeandCredentialProvider.VSS.exechoco install nuget.commandline nuget-credentialprovider-vss -y
-
Create new
nuget.configfiledotnet new nuget
-
Add my Azure Artifacts NuGet feed
nuget sources add -Name {YourOrg} -Source https://{YourOrg}.pkgs.visualstudio.com/_packaging/{YourProject}/nuget/v3/index.json -
Setup
VSS_NUGET_EXTERNAL_FEED_ENDPOINTSenvironment variable. The [PAT] is what I generated at Machine A.set VSS_NUGET_EXTERNAL_FEED_ENDPOINTS={"endpointCredentials": [{"endpoint":"https://{YourOrg}.pkgs.visualstudio.com/_packaging/{YourProject}/nuget/v3/index.json", "username":"VssSessionToken", "password":"[PAT]"}]}
-
Try pass the authenticate but this doesn't read
VSS_NUGET_EXTERNAL_FEED_ENDPOINTSenvironment variable!nuget list
I expected the pass authentication because I already set correct VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable! Am I do something wrong?
Documentation request: Adding the credential provider for a VSTS / Azure DevOps agent
Hi there,
I'm attempting to set up our on-premise build agents to use the Credential Provider when restoring packages from our private Azure Artifacts feed. However it's not entirely clear from the documentation how you install the Credential Provider NuGet plugin in a way that the Network Service which runs the VSTS / Azure DevOps Agent service can use it.
Would much appreciate if you can update the docs with this info, as the Credential Provider seems like the perfect solution for this kind of environment.
Example of working with dotnet:2.2-sdk-alpine
I've been wrestling to get this working with the Alpine builds of the donet core SDK.
Is there an example of this anywhere?
dotnet restore --interactive fails with SSL errors on WSL
Hi Guys-
I'm running WSL (Pengwin) on Win10. I've installed the credprovider. (Though the plugin dir ended up being ~/.nuget/NuGet/plugins). When I run dotnet restore --interactive, I get:
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : [CredentialProvider]Failed to acquire session token: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> System.TypeInitializationException: The type initializer for 'SslMethods' threw an exception. ---> System.TypeInitializationException: The type initializer for 'Ssl' threw an exception. ---> System.TypeInitializationException: The type initializer for 'SslInitializer' threw an exception. ---> Interop+Crypto+OpenSslCryptographicException: error:0E076071:configuration file routines:MODULE_RUN:unknown module name [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at Interop.SslInitializer..cctor() [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : --- End of inner exception stack trace --- [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at Interop.Ssl..cctor() [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : --- End of inner exception stack trace --- [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at Interop.Ssl.SslV2_3Method() [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at Interop.Ssl.SslMethods..cctor() [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : --- End of inner exception stack trace --- [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at Interop.OpenSsl.AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, SslAuthenticationOptions sslAuthenticationOptions) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SafeDeleteSslContext..ctor(SafeFreeSslCredentials credential, SslAuthenticationOptions sslAuthenticationOptions) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : --- End of inner exception stack trace --- [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_0(SslClientAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : --- End of inner exception stack trace --- [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Threading.Tasks.ValueTask`1.get_Result() [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Threading.Tasks.ValueTask`1.get_Result() [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Threading.Tasks.ValueTask`1.get_Result() [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at NuGetCredentialProvider.CredentialProviders.Vsts.AuthUtil.GetResponseHeadersAsync(Uri uri, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at NuGetCredentialProvider.CredentialProviders.Vsts.AuthUtil.GetAadAuthorityUriAsync(Uri uri, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider.HandleRequestAsync(GetAuthenticationCredentialsRequest request, CancellationToken cancellationToken) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : at NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.HandleRequestAsync(GetAuthenticationCredentialsRequest request) [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : Unable to load the service index for source https://mscatapult.pkgs.visualstudio.com/_packaging/FpgaTools/nuget/v3/index.json. [/mnt/c/code/HWBuild/hwbuild.sln]
/usr/share/dotnet/sdk/2.2.300/NuGet.targets(121,5): error : Response status code does not indicate success: 401 (Unauthorized). [/mnt/c/code/HWBuild/hwbuild.sln]
I'm not sure where to go from here. Is the credprovider not compatible with WSL or am I missing a package...? Is this even a credprovider issue or should I submit this to the .net core team?
Auth does not work with msbuild /restore if VSS_NUGET_EXTERNAL_FEED_ENDPOINTS has a secret
If VSS_NUGET_EXTERNAL_FEED_ENDPOINTS is set as an environment variable like:
{"endpointCredentials": [{"endpoint":"https://accountname.pkgs.visualstudio.com/_packaging/feed-name/nuget/v3/index.json", "username":"username", "password":"$(VstsToken)"}]}
where $(VstsToken) is a secret variable (which it would be , of course), then the credential provider does not work as it does not have access to the variable.
installcredprovider scripts should allow to pass in a version
Passing in a version explictly instead of relying on latest is important for deterministic builds.
Change the Azure Artifacts download to this
Currently when you go to Azure Artifacts and click Connect to feed, you see this:
Given that Gen 1 credential providers are soon to be deprecated, shouldn't the bits in this repo be what is linked to from there?
Edit: apologies if this is the wrong place to raise it
How to set VSS_NUGET_EXTERNAL_FEED_ENDPOINTS in Azure pipeline?
Hello
I'm not sure if this belongs to this repository.
I set up an Azure DevOps Pipeline and tried to get nugets from telerik feed with auth, but this doesn't work with credential provider (as described here https://docs.microsoft.com/en-us/azure/devops/artifacts/nuget/dotnet-exe)
My Pipeline:
steps:
- task: NuGetToolInstaller@0
displayName: 'Use NuGet 4.8.1'
inputs:
versionSpec: 4.8.1
checkLatest: true
- task: NuGetCommand@2
displayName: 'NuGet restore'
inputs:
restoreSolution: '$(Parameters.solution)'
feedsToUse: config
nugetConfigPath: src/SomeObscureWeb/NuGet.ConfigI tried specifying json in VSS_NUGET_EXTERNAL_FEED_ENDPOINTS as Pipeline Variable but it doesn't seem that credential provider in pipline is using this value.
My VSS_NUGET_EXTERNAL_FEED_ENDPOINTS looks like this
{"endpointCredentials": [{
"endpoint":"https://nuget.telerik.com/nuget",
"username":"[email protected]",
"password":"xxx"}]}How should I setup VSS_NUGET_EXTERNAL_FEED_ENDPOINTS for Azure Pipline to add new feed with credentials?
Thank you
Peter
Nuget.exe prompting for credentials on every restore
Hello,
I have the credential provider installed at %userprofile%/.nuget/plugins. It works fine for the dotnet CLI. I have used the --interactive switch once and it has saved my credentials and reuses the cached creds on subsequent dotnet operations.
I'm now trying to have nuget.exe cache my credentials. However, on each nuget restore run, it prompts me for my credentials when trying to authenticate against Azure Artifacts.
Tool versions:
MSBuild: 15.9.21.664
nuget.exe: 4.9.4.5839
I noticed when running nuget restore, the tool outputs this:
MSBuild auto-detection: using msbuild version '15.9.21.664' from 'C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\15.0\bin'.
Is it likely I need to use interactive mode with msbuild first before I can use nuget.exe without providing credentials?
I'm running msbuild /t:restore /p:nugetInteractive=true but it doesn't seem to be restoring any of my packages. I'll keep trying and in the meantime, I'm hoping to hear back from one of the contributors here.
Thanks for your help and thanks for developing this great tool :)
Question: How do you force token acquisition
I just installed the credential provider via the helper script on macOS. I'm now trying to install a global tool from a private azure feed, but it's coming up with a package not found error. I suspect this is because I haven't yet acquired a token. The README says to run dotnet restore --interactive, but I don't have a project against which I can restore (since I'm trying to install a global tool). Is there another way to force it to acquire a token?
In box cred provider is very old
The version of the cred provider that is in current Visual Studio 2019 previews is 0.1.5 from September 2018. There have been a lot of improvements around Windows auth since then but I'm having to tell people to manually install the latest version. Will you be updating the version that ships with Visual Studio soon?
Windows Integrated Auth fails
All our users are not able to authenticate with our DevOps Artifacts feed.
[Verbose] [CredentialProvider]GET https://XXX
[Verbose] [CredentialProvider]Could not find AAD authority from headers, using default: https://login.microsoftonline.com
[Verbose] [CredentialProvider]Using AAD authority: https://login.microsoftonline.com/common
[Verbose] [CredentialProvider]Failed to acquire token from cache
[Verbose] [CredentialProvider]VstsCredentialProvider - Exception trying to generate VSTS/TFS token: https://XXX, message: password_required_for_managed_user: Password is required for managed user, stack: at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenNonInteractiveHandler.PreTokenRequestAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenCommonAsync(String resource, String clientId, UserCredential userCredential)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions.AcquireTokenAsync(AuthenticationContext ctx, String resource, String clientId, UserCredential userCredential)
at NuGetCredentialProvider.CredentialProviders.Vsts.AdalTokenProvider.AcquireTokenWithWindowsIntegratedAuth(CancellationToken cancellationToken) in E:\A\_work\203\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\AdalTokenProvider.cs:line 98
at NuGetCredentialProvider.CredentialProviders.Vsts.BearerTokenProvider.GetAsync(Uri uri, Boolean isRetry, Boolean isNonInteractive, Boolean canShowDialog, CancellationToken cancellationToken) in E:\A\_work\203\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\BearerTokenProvider.cs:line 65
at NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider.HandleRequestAsync(GetAuthenticationCredentialsRequest request, CancellationToken cancellationToken) in E:\A\_work\203\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\VstsCredentialProvider.cs:line 70
[Verbose] [CredentialProvider]VstsCredentialProvider - Could not find credentials for https://XXX
[Information] [CredentialProvider]Username:
[Information] [CredentialProvider]Password:
Consider publishing plugin as self-contained app
If not published as a self-contained app, a NuGet launch of the plugin could fail if the plugin's runtime dependencies are not satisfied.
.NET Core ran into this failure because their build uses .NET Core 3.0 with multilevel lookup (DOTNET_MULTILEVEL_LOOKUP) disabled.
Continuous prompting for credentials on Linux / VS Code
I've installed the credential provider using the one-shot script and verified the locations of the tooling as provided in the description. I assume the correct behavior for the credential provider is to prompt once and terminate. When I run dotnet restore --interactive in either an Ubuntu terminal or in VS Code terminal it results in a continuous loop of browser authentications with generated tokens (i.e. repeated requests for authentication with different tokens as shown in the screenshot below). The command never completes unless I leave it running and don't respond within 90 seconds. For each cycle of authentication, I do receive an email confirmation from Azure DevOps for each new token. Any help on this would be appreciated as it's becoming a blocking issue.
OS: Ubuntu 19.04
VS Code: 1.37.1
.NET Core 2.2
nuget.exe install prompts for username and password instead of using this cred provider
I have run https://raw.githubusercontent.com/microsoft/artifacts-credprovider/master/helpers/installcredprovider.ps1 on my machine and 0.1.18.0 of the credential provider is installed.
Yet when I try to use nuget install I just get a username/password prompt:
tools\5.0.2\nuget.exe install -source https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json A
Feeds used:
https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json
Installing package 'A' to 'D:\git\lib.template'.
MSBuild auto-detection: using msbuild version '16.300.19.37701' from 'C:\Program Files (x86)\Microsoft Visual Studio\2019\Int.Preview\MSBuild\Current\Bin'.
Please provide credentials for: https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json
UserName: Password:
non-triage situation
The Credential Provider accepts a set of environment variables. These are the only two that we recommend setting in non-triage situations.
What is a "non-triage situation"?
See: https://github.com/microsoft/artifacts-credprovider#environment-variables
Do you possible mean "non-interactive"?
Concurrent CredentialProvider processes cause IOExceptions on SessionTokenCache.dat
Description
If SessionTokenCache.dat is not present & up-to-date, spawning multiple Nuget/CredentialProvider processes at once will lead to failures.
There are two specific problems here:
- The failing processes will emit output like
[Error] [CredentialProvider]Failed to acquire session token: System.IO.IOException: The process cannot access the file '%userprofile%\AppData\Local\MicrosoftCredentialProvider\SessionTokenCache.dat' because it is being used by another process.- Somewhat oddly, the error is written to stdout instead of stderr
- The failing processes still return a successful exit code (0)
Note that this does NOT seem to cause SessionTokenCache.dat to become corrupted. Subsequent runs seem to work just fine.
Repro
The following C# snippet will consistently produce a few failures.
const int numProcesesToSpawn = 20;
string credentialProviderExe = Environment.ExpandEnvironmentVariables(@"%userprofile%\.nuget\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe");
string datFilePath = Environment.ExpandEnvironmentVariables(@"%LocalAppData%\MicrosoftCredentialProvider\SessionTokenCache.dat");
string feedUrl = "<my AzDev nuget feed url>";
if (File.Exists(datFilePath)) File.Delete(datFilePath);
Parallel.For(0, numProcesesToSpawn, (i) =>
{
ProcessStartInfo startInfo = new ProcessStartInfo(credentialProviderExe, $"-N -U {feedUrl}");
startInfo.UseShellExecute = false;
startInfo.RedirectStandardOutput = true;
Process process = Process.Start(startInfo);
process.WaitForExit();
string stdOut = process.StandardOutput.ReadToEnd();
if (stdOut.Contains("The process cannot access the file"))
{
Console.WriteLine($"Encountered failure. Exit code is {process.ExitCode}. Stdout = '{stdOut}'");
}
});
Console.WriteLine("Done");Symptoms
Sample CredentialProvider error message:
[Information] [CredentialProvider]VstsCredentialProvider - Acquired bearer token using 'ADAL Windows Integrated Authentication'
[Information] [CredentialProvider]VstsCredentialProvider - Attempting to exchange the bearer token for an Azure DevOps session token.
[Error] [CredentialProvider]Failed to acquire session token: System.IO.IOException: The process cannot access the file 'C:\Users\bberger\AppData\Local\MicrosoftCredentialProvider\SessionTokenCache.dat' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.File.InternalWriteAllBytes(String path, Byte[] bytes, Boolean checkHost)
at NuGetCredentialProvider.Util.EncryptedFile.WriteFileBytes(String filePath, Byte[] bytes, Boolean writeUnencrypted) in E:\A\_work\467\s\CredentialProvider.Microsoft\Util\EncryptedFile.cs:line 36
at NuGetCredentialProvider.Util.SessionTokenCache.set_Item(Uri key, String value) in E:\A\_work\467\s\CredentialProvider.Microsoft\Util\SessionTokenCache.cs:line 40
at NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.<HandleRequestAsync>d__5.MoveNext() in E:\A\_work\467\s\CredentialProvider.Microsoft\RequestHandlers\GetAuthenticationCredentialsRequestHandler.cs:line 91
[Information] [CredentialProvider]Username:
[Information] [CredentialProvider]Password:
Sample nuget error
Restoring NuGet package NETStandard.Library.2.0.3.
MSBuild auto-detection: using msbuild version '15.9.21.664' from 'C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\15.0\bin'.
[CredentialProvider]VstsCredentialProvider - Attempting to exchange the bearer token for an Azure DevOps session token.
[CredentialProvider]VstsCredentialProvider - Acquired bearer token using 'ADAL Windows Integrated Authentication'
WARNING: Unable to find version '2.0.3' of package 'NETStandard.Library'.
D:\nugetcache\.pkgref: Package 'NETStandard.Library.2.0.3' is not found on source 'D:\nugetcache\.pkgref'.
<my AzDev feed>: Unable to load the service index for source <my AzDev feed>.
Response status code does not indicate success: 401 (Unauthorized).
WARNING: Unable to find version '2.0.3' of package 'NETStandard.Library'.
D:\nugetcache\.pkgref: Package 'NETStandard.Library.2.0.3' is not found on source 'D:\nugetcache\.pkgref'.
<my AzDev feed>: Unable to load the service index for source <my AzDev feed>.
Response status code does not indicate success: 401 (Unauthorized).
NuGet Config files used:
D:\o1\dev\NuGet.Config
%AppData%\Roaming\NuGet\NuGet.Config
C:\Program Files (x86)\NuGet\Config\Microsoft.VisualStudio.Offline.config
Feeds used:
D:\nugetcache\.pkgref
<my AzDev feed>
[CredentialProvider]Failed to acquire session token: System.IO.IOException: The process cannot access the file '%LocalAppData%\MicrosoftCredentialProvider\SessionTokenCache.dat' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean
useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.File.InternalWriteAllBytes(String path, Byte[] bytes, Boolean checkHost)
at NuGetCredentialProvider.Util.EncryptedFile.WriteFileBytes(String filePath, Byte[] bytes, Boolean writeUnencrypted) in E:\A\_work\467\s\CredentialProvider.Microsoft\Util\EncryptedFile.cs:line 36
at NuGetCredentialProvider.Util.SessionTokenCache.set_Item(Uri key, String value) in E:\A\_work\467\s\CredentialProvider.Microsoft\Util\SessionTokenCache.cs:line 40
at NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.d__5.MoveNext() in E:\A\_work\467\s\CredentialProvider.Microsoft\RequestHandlers\GetAuthenticationCredentialsRequestHandler.cs:line
91
Errors in packages.config projects
Unable to find version '2.0.3' of package 'NETStandard.Library'.
D:\nugetcache\.pkgref: Package 'NETStandard.Library.2.0.3' is not found on source 'D:\nugetcache\.pkgref'.
<my AzDev feed>: Unable to load the service index for source <my AzDev feed>.
Response status code does not indicate success: 401 (Unauthorized).
Unhandled Exception: System.IO.FileNotFoundException
Installed Cred Provider with automated PowerShell script.
- NuGet.exe 4.9.2 does not find the plugin WITHOUT setting the
NUGET_PLUGIN_PATHSenv var, so the convention based lookup is broken.
Then I set the env var:
$env:NUGET_PLUGIN_PATHS="C:\Users\OSKAR207adm\.nuget\plugins\netcore\CredentialProvider.Microso
ft\CredentialProvider.Microsoft.dll"
- After setting the env var and running a push command, the credential provider bombs out:
PS C:\Users\OSKAR207adm> & "C:\BuildAgent\tools\NuGet.CommandLine.4.9.2\tools\NuGet.exe" push "<package>"
vsts -Source <feed_url> -Verbosity detailed
NuGet Version: 4.9.2.5706
Using C:\Users\OSKAR207adm\.nuget\plugins\netcore\CredentialProvider.Microsoft\CredentialProvider.Microsoft.dll as a cre
dential provider plugin.
Unhandled Exception: System.IO.FileNotFoundException: Could not load file or assembly 'System.Runtime, Version=4.2.1.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.
Unable to load the service index for source <feed_url>.
A task was canceled.
NuGet.Protocol.Core.Types.FatalProtocolException: Unable to load the service index for source <feed_url>.
---> System.Threading.Tasks.TaskCanceledException: A tas
k was canceled.
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.TimeoutUtility.<StartWithTimeout>d__0`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.HttpRetryHandler.<SendAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.HttpSource.<GetThrottledResponse>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.HttpSource.<>c__DisplayClass14_0`1.<<GetAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Common.ConcurrencyUtilities.<ExecuteWithFileLockedAsync>d__2`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.HttpSource.<GetAsync>d__14`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.ServiceIndexResourceV3Provider.<GetServiceIndexResourceV3>d__9.MoveNext()
--- End of inner exception stack trace ---
at NuGet.Protocol.ServiceIndexResourceV3Provider.<GetServiceIndexResourceV3>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.ServiceIndexResourceV3Provider.<TryCreate>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.Core.Types.SourceRepository.<GetResourceAsync>d__16`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.PackageUpdateResourceV3Provider.<TryCreate>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.Core.Types.SourceRepository.<GetResourceAsync>d__16`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.Core.Types.SourceRepository.<GetResourceAsync>d__15`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Commands.CommandRunnerUtility.<GetPackageUpdateResource>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Commands.PushRunner.<Run>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.CommandLine.PushCommand.<ExecuteCommandAsync>d__32.MoveNext()
.NET Core SDK version: 2.2.103
dotnet restore --interactive does not work On prem
Environment
- Using Ubuntu 18.04.1 LTS (Bionic Beaver) on a Windows host.
- Connecting to a TFS 2017 Update 2 Server.
- Installed latest Nuget.exe, .Net Core v2.1.6 (SDK 2.1.500)
- Installed Microsoft.NuGet.CredentialProvider and verified content in
$HOME\.nuget\plugins
Issues
dotnet restore --interactivedoes not promptdotnet restorewith nuget.config file containing PAT token throws exception
/usr/share/dotnet/sdk/2.1.500/NuGet.targets(114,5): error : Unable to load the service index for source https://[REDACTED]/nuget/v3/index.json. [REDACTED]
/usr/share/dotnet/sdk/2.1.500/NuGet.targets(114,5): error : GSSAPI operation failed with error - An invalid status code was supplied (Invalid value in argument). [REDACTED]
dotnet restorewithout specifying PAT token in nuget.config throws exception
/usr/share/dotnet/sdk/2.1.500/NuGet.targets(114,5): error : Unable to load the service index for source https://REDACTED/nuget/v3/index.json. [REDACTED]
/usr/share/dotnet/sdk/2.1.500/NuGet.targets(114,5): error : GSSAPI operation failed with error - An invalid status code was supplied (SPNEGO cannot find mechanisms to negotiate). [REDACTED]
Please advise on any know issues / workaround to get a dotnet restore working against a TFS private package feed.
Bundle with nuget
When I download git for Windows, then it has built-in support for 2FA for different providers like GitHub or VSTS.
Wouldn't it make sense to include this credential provider directly in the main nuget distribution? This would save projects from including installation instructions in their README files on how to get started with private Azure NuGet feeds. I consider this a problem, especially since this is only required when using the command line or VS Code. Opening a project in Visual Studio works out of the box as it has built-in integration with private Azure NuGet feeds and doesn't require any extra steps.
Unable to log-out of credential provider
When running CredentialProvider for the first time, it will pop up a Microsoft log-in window (presumably via the "Trying authentication provider Browser-based federated authentication..." option. When using my correct Azure DevOps account with Artifacts option enabled, all works well.
Somehow, I had to supply my login id/password again in that microsoft login window, but I mistakenly used the wrong account (which does not have Artifacts option). I now continuously get 402 error from Nuget (Payment Required: user does not have license). This is all correct up to this point.
My issue now, is how do I revoke that credential / log-in and reset CredentialProvider to ask me for login username/password again? If I run Visual Studio under a different name as such: "runas
/netonly /user:anotherUserName devenv.exe", it will then ask me to re-log in via Microsoft pop up window once CredentialProvider is run.
Any way to work around this via options?
Interactive UI question
I'm looking to migrate from Microsoft.VisualStudio.Services.NuGet.CredentialProvider, but I'm a bit unclear as to what UI I should get when running in interactive mode.
Should I see a pop-up dialog (like I would get with the old provider), or is it just a console-based prompt?
Or does it vary depending on whether I run dotnet restore or nuget restore?
Case sensitive comparison for endpoint credentials
There is a case sensitive comparison on line 111 in VstsBuildTaskServiceEndpointCredentialProvider.cs that leads to unbeing able to authorization for a certain endpoint if something is in the wrong case. This comparison should be made case insensitive.
credprovider and VSS_NUGET_EXTERNAL_FEED_ENDPOINTS with Docker
Hello,
Maybe you could help me with authentication with private NuGet feed, I already spend a day for different solutions and notice this repo, but I'm still struggling to make it done.
I'm using below Dockerfile with different variations, but I'm getting Unauthorized each time
FROM microsoft/dotnet:2.2-sdk AS build
ARG VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
WORKDIR /api
#ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS={"endpointCredentials":[{"endpoint":"https://name.pkgs.visualstudio.com/_packaging/Feed/nuget/v3/index.json","username":"PAT","password":"PAT"}]}
# Auth with private feed
RUN wget https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh \
&& chmod +x installcredprovider.sh \
&& ./installcredprovider.sh
# Copy csproj and restore as distinct layers
COPY ["App.csproj", "./"]
RUN dotnet restore
# Copy everything else and build
COPY . ./
RUN dotnet publish -c Release -o out
FROM microsoft/dotnet:2.2-aspnetcore-runtime AS runtime
WORKDIR /api
COPY --from=build /api/out ./
EXPOSE 4444
ENTRYPOINT ["dotnet", "App.dll"]
I tried with ARGs and ENVs to set the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS, but each time I'm getting this error:
error NU1101: Unable to find package Package.Name. No packages exist with this id in source(s): nuget.org
Currently we don't have dedicated NuGet.Config in the project, maybe it's the case of this issue?
That I need to create it and add this private repo to it?
Thank you.
"A task was canceled" exception with CredentialProvider.Microsoft.exe v0.1.15
Our AzureDevOps build pipeline continues to see "System.Threading.Tasks.TaskCanceledException: A task was canceled." exceptions during NuGet restore, similar to #77, but we have version 0.1.15 that contains the fix for that issue.
We are using NuGet.exe v4.9.4 on AzureDevOps, installed using the NuGetToolInstaller@0 and performing a Restore using NuGetCommand@2, v2.150.0.
From the build logs, here's the NuGet.exe invocation:
Detected NuGet version 4.9.4.5839 / 4.9.4+ed6e2dca9391d13b431f4eff58c5194f0ebcee13
SYSTEMVSSCONNECTION exists true
[command]C:\BA\_tool\NuGet\4.9.4\x64\nuget.exe restore "C:\BA\8139\s\SpatialServices\SpatialServices API - Windows.sln" -Verbosity Detailed -NonInteractive -ConfigFile C:\BA\8139\s\SpatialServices\nuget.config
NuGet Version: 4.9.4.5839
MSBuild auto-detection: using msbuild version '15.9.21.664' from 'C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\15.0\bin'. Use option -MSBuildVersion to force nuget to use a specific version of MSBuild.
Here's the output from the CredentialProvider.Microsoft.exe showing version information:
Using C:\BA\_tasks\NuGetCommand_333b11bd-d341-40d9-afcf-b32d5ce6f23b\2.150.0\CredentialProviderV2\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe as a credential provider plugin.
[CredentialProvider.175929]Time elapsed in milliseconds after sending response 'Request' 'GetOperationClaims': 28
[CredentialProvider.175929]Running in plug-in mode
[CredentialProvider.175929]Handling 'Request' 'Initialize'. Time elapsed in ms: 7 - Payload: {"ClientVersion":"4.9.4","Culture":"en-US","RequestTimeout":"00:00:05"}
[CredentialProvider.175929]Time elapsed in milliseconds after sending response 'Request' 'Initialize': 10
[CredentialProvider.175929]Sending response: 'Request' 'Initialize'. Time elapsed in ms: 9
[CredentialProvider.175929]Command-line v0.1.15: "C:\BA\_tasks\NuGetCommand_333b11bd-d341-40d9-afcf-b32d5ce6f23b\2.150.0\CredentialProviderV2\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe" -Plugin
[CredentialProvider.175929]Handling 'Request' 'GetOperationClaims'. Time elapsed in ms: 1 - Payload: {}
[CredentialProvider.175929]Sending response: 'Request' 'GetOperationClaims'. Time elapsed in ms: 12
[CredentialProvider.175929]Handling 'Request' 'SetLogLevel'. Time elapsed in ms: 1 - Payload: {"LogLevel":"Debug"}
[CredentialProvider]Sending response: 'Request' 'SetLogLevel'. Time elapsed in ms: 3
[CredentialProvider]Time elapsed in milliseconds after sending response 'Request' 'SetLogLevel': 6
And the unhandled exception that fails builds:
Unhandled Exception: System.Threading.Tasks.TaskCanceledException: A task was canceled.
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.Plugins.MessageDispatcher.<DispatchWithNewContextAsync>d__26`2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.Plugins.SymmetricHandshake.<HandshakeAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.Plugins.Connection.<ConnectAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGet.Protocol.Plugins.PluginFactory.<CreateFromCurrentProcessAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGetCredentialProvider.Program.<Main>d__11.MoveNext() in E:\A\_work\616\s\CredentialProvider.Microsoft\Program.cs:line 133
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGetCredentialProvider.Program.<Main>(String[] args)
installcredprovider.ps1 -force doesn't actually overwrite previous contents
== Repro ==
- Have an older version of the cred provider installed (e.g. 0.1.11.0)
- Run installCredProvider.ps1 -AddNetFx -Force
- Check the installed version (e.g. via
(get-item -Path "$Env:userprofile\.nuget\plugins\netfx\CredentialProvider.Microsoft\CredentialProvi der.Microsoft.exe").VersionInfo | Format-List -Force
The version will still be the old version instead of whatever the current version is (currently 0.1.15.0)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.