VSTS Nuget restore credentials - authentication

We are using a nuget package that requires authentication and are having issues when we try to build our project via VSTS builds. We can pull up the external nuget package feed from our authenticated browser and also via Visual Studio. The project builds locally and has no issues. However, when running through VSTS builds, we receive a 401 unauthorized messed even though we believe we have set things up properly.
Setup
Image of nuget task
Image of authentication for nuget feed
Image of personal access token that is used
Build log
Part of the log that shows that the authentication is picked up and being applied:
2018-03-30T19:38:43.2917713Z Saving NuGet.config to a temporary config file.
2018-03-30T19:38:43.3113980Z Using authentication information for the following URI: https://microsoft.pkgs.visualstudio.com/_packaging/MEE.Privacy/nuget/v3/index.json
2018-03-30T19:38:43.3123672Z [command]D:\a\_tool\NuGet\4.1.0\x64\nuget.exe sources Remove -NonInteractive -Name Privacy -ConfigFile D:\a\4\Nuget\tempNuGet_5609.config
2018-03-30T19:38:45.5301476Z Package source with Name: Privacy removed successfully.
2018-03-30T19:38:45.5348241Z [command]D:\a\_tool\NuGet\4.1.0\x64\nuget.exe sources Add -NonInteractive -Name Privacy -Source https://microsoft.pkgs.visualstudio.com/_packaging/MEE.Privacy/nuget/v3/index.json -ConfigFile D:\a\4\Nuget\tempNuGet_5609.config -Username ******** -Password ********
2018-03-30T19:38:46.0254022Z Package Source with Name: Privacy added successfully.
2018-03-30T19:38:46.0295574Z [command]D:\a\_tool\NuGet\4.1.0\x64\nuget.exe restore D:\a\4\s\msc\dev\Msc.Privacy\Msc.Privacy.sln -Verbosity Detailed -NonInteractive -ConfigFile D:\a\4\Nuget\tempNuGet_5609.config
Error that we receive when trying to find nuget package:
The nuget command failed with exit code(1) and error(Errors in packages.config projects
Unable to find version '1.1.18087.3' of package 'Microsoft.PrivacyServices.CommandFeed.Client'.
C:\Users\VssAdministrator\.nuget\packages\: Package 'Microsoft.PrivacyServices.CommandFeed.Client.1.1.18087.3' is not found on source 'C:\Users\VssAdministrator\.nuget\packages\'.
D:\a\4\Nuget\..\..\_Packages: Package 'Microsoft.PrivacyServices.CommandFeed.Client.1.1.18087.3' is not found on source 'D:\a\4\Nuget\..\..\_Packages'.
https://api.nuget.org/v3/index.json: Package 'Microsoft.PrivacyServices.CommandFeed.Client.1.1.18087.3' is not found on source 'https://api.nuget.org/v3/index.json'.
https://microsoft.pkgs.visualstudio.com/_packaging/MEE.Privacy/nuget/v3/index.json: Unable to load the service index for source https://microsoft.pkgs.visualstudio.com/_packaging/MEE.Privacy/nuget/v3/index.json.
Response status code does not indicate success: 401 (Unauthorized).
Questions
Any ideas on what we could be missing?

It turns out our personal access token was not setup properly. When creating the token, we weren't choosing the correct account. To fix our issues, we created a new token using 'All accessible [Microsoft] accounts' instead of 'myuser1'.
Image of personal access token creation

Related

Adding PackageReference for package fails with 401 (Unauthorized)

I am trying to install a third-party NuGet package (e.g. StyleCop) into a project. The project also has packages that are installed from our own private NuGet feed. When trying to install the package, we receive a 401 error like this.
MyProject> dotnet add .\MyProject.csproj package StyleCop
Determining projects to restore...
Writing C:\Users\me\AppData\Local\Temp\tmp6A51.tmp
info : Adding PackageReference for package 'StyleCop' into project '.\MyProject.csproj'.
info : CACHE https://api.nuget.org/v3/registration5-gz-semver2/stylecop/index.json
info : GET https://mediavaletsc.pkgs.visualstudio.com/_packaging/c559332f-5d8d-4d3f-8fc2-6e06125775fa/nuget/v3/registrations2-semver2/stylecop/index.json
info : Unauthorized https://mycompany.pkgs.visualstudio.com/_packaging/xxx-xxx-xxx-xxx-xxx/nuget/v3/registrations2-semver2/stylecop/index.json 680ms
error: Response status code does not indicate success: 401 (Unauthorized).
Oddly enough, running dotnet restore works just fine, even after doing a git clean -xfd. How can we configure dotnet and/or nuget to accept the installation of StyleCop or any other public package?
We needed to re-authenticate with Visual Studio Team Services (VSTS) because the API key had expired and/or been revoked.
The reason dotnet restore still worked, but dotnet add ... package ... failed, was because the former used the local cache, whereas the latter hit the server. Restore also stopped working after we ran nuget locals all -clear.
To re-authenticate with did the following.
nuget sources remove -name $sourceName | Out-Null;
nuget sources add -name $sourceName -source $sourcePath -username $username -password $apiKey

VSTS build fails with MSB3325, Cannot import PFX key file

I had created a build definition to build a desktop application online on visualstudio.com which fail at task Build Solution (Visual Studio build) with following error,
[error]C:\Program Files (x86)\Microsoft Visual
Studio\2017\Enterprise\MSBuild\15.0\Bin\Microsoft.Common.CurrentVersion.targets(3156,5):
Error MSB3325: Cannot import the following key file:
Sixmod5Certificate.pfx. The key file may be password protected. To
correct this, try to import the certificate again or manually install
the certificate to the Strong Name CSP with the following key
container name: VS_KEY_3B2BCC84AE4E26F1
I followed solution specified at, https://developercommunity.visualstudio.com/content/problem/156086/vsts-build-msb3325-cannot-import-the-following-key.html
then as specified at, https://stackoverflow.com/a/48698229/3531672
I had added a powershell script task before build task, as follows,
[CmdletBinding()]
param(
[Parameter(Mandatory)][string] $pfxpath,
[Parameter(Mandatory)][string] $password
)
Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()
but no luck yet,
There are different SO post similar to this specifying solution to build from Admin user, or installing pfx certificate manually, but as they are related to personal computer and I am trying to configure Continuous integration on visualstudio.com, they don't seem useful to me.
Please note I am able to successfully build on my local machine.
If you wish to regenerate this problem at your end, follow these steps,
STEP 1: Create a new VSTO Addin Project (Any Excel/Word/Powerpoint).
STEP 2: Attach this to VSTS.
STEP 3: In signing tab of Application properties, instead of using temperory certificate, create a new password protected certificate (PFX - Personal Information Exchange in my case) and use this to sign ClickOnce Manifest
STEP 4: Try to build on local machine, it will succeed.
STEP 5: Push it over and try to build on VSTS, you will get the same error as above.
I unchecked the "Sign the assembly" checkbox from the "project properties -> Signing" page and everything worked like a charm. The build was signed successfully through VSTS. Somehow I missed this solution provided in many SO threads related to the problem.

Unauthorized nuget package from Visual Studio Team Services using asp.net core rc2

I am unable to install/restore nuget packages from a Visual Studio Team Services feed in an asp.net core web application (RC2). I receive the following:
error: Response status code does not indicate success: 401
(Unauthorized).
I am running Visual Studio Community 2015 Update 2 and nuget version 3.4.4. I am able to install/restore packages from this feed in other project types.
Do I need to do something else to pass my credentials for an asp.net core web app?
Steps to reproduce:
From Team Services package tab I select "Connect to Feed" and copy the NuGet package source URL
In visual studio -> Tools -> NuGet Package Manager -> Package Manager settings -> Package sources and add the feed url from vso
Then from my ASP.NET Core Web Application (.NET Framework) project right click references -> Manage NuGet Packages
-> Select my feed from Package source (packages are listed) -> Click to install
In output:
Installing NuGet package xxxxx
Successfully installed xxxxx to WebApplication1
========== Finished ==========
Then it will try to restore the package at which point I get:
error: Response status code does not indicate success: 401 (Unauthorized).
error: Failed to retrieve information from remote source
And inside web project references - package has warning icon - NU1001 The dependency xxxxx could not be resolved
I know that it's not exactly the same issue, but people may come across this one alongside as I did.
I have installed VS Community 2019​ and yesterday I decided to remove the VS 2017, but after that, when I tried to restore the Nuget Packages made by the company, it started displaying an error of 401 Unauthorized.
After a few net searches I decided I didn't want to mess around with VS configurations and files, I then realized, since it's an 401 Unauthorized it's related with an account so what I did was:
Closed VS2019
Went to windows management credentials and removed all those that where related with my packages
Reopened VS 2019 and restored the Nuget Packages for my solution.
It them asked for my credentials, set it up and all went well from here.
Here are the two accounts I removed and got recreated:
In my case I was using an azure dev ops feed. After updating visual studio 2022 I started getting this message "Response status code does not indicate success: 401 (Unauthorized)."
I followed and tried most of the solutions here. but what worked for me was to
Go to: file -> accounts settings
Click "sign out"
Then go to the nuget manager and click the refresh button
This will then show you the azure dev ops login window where you login to your account
This worked for me, (your mileage may vary) just hope it helps someone else and saves some precious receding hairs.
I can reproduce your issue at my side and following is the workaround I use to restore the packages:
Remove the VSTS feed resource from "VS\Tools\NuGet Package Manager\Package sources".
Open "Packages" tab from your VSTS web portal.
Select the feed you want to connect and click "Connect to feed" option.
Select "Personal Access Tokens" method in the dialog.
Copy the generated command in the dialog.
Run CMD as Administrator on you machine.
Paste the copied command into CMD.
Add "-StorePasswordInClearText" argument after the command.
Run the command.
Restart the VS.
Install and restore the packages.
For me, the issue was due to incorrect credentials (not specifying the domain) when connecting to a private on-premise Azure Artifacts NuGet feed, which wasn't immediately apparent.
Using Visual Studio 2019, open NuGet Package Manager for a project. If the 'Browse' tab shows first and the package source is the private NuGet feed, there appears to be no issue as it initially lists all packages. However, switching to the 'Installed' tab results in a login dialogue popping up.
If I enter my username and password without the domain (so username intead of domain/username), it appears to accept this, but then no other versions are listed for my installed packages other than the version installed. If I go to the 'Browse' tab, I then see the following error:
When I click 'Show errors in output', I see the following:
Failed to retrieve metadata from source 'https://[domain]/[Collection]/_packaging/[GUID]/nuget/v3/query2/?q=&skip=0&take=26&prerelease=true&semVerLevel=2.0.0'.
Response status code does not indicate success: 401 (Unauthorized).
To resolve this, in Credential Manager, I close Visual Studio, then remove any credentials relating to the Azure DevOps server(e.g., [domain], VSCredentials_[domain]). I noticed that the username for these showed the wrong domain - it showed the Azure DevOps server domain instead of the Active Directory domain.
I then reopen Visual Studio, open NuGet Package Manager again and this time (on the 'Installed' tab) enter my credentials including the domain (domain/username). This resolves the issue and allows me to connect to the Azure Artifact NuGet feed.
This happens when you change your profile password. Just sign out and from top right (at your profile picture-> account settings); sign in again and your problem will be solved.
I had a similar problem (no authentication) in the NuGet Restore task of a VSTS build definition. The solution was to add a NuGet.config file in the root of the project with a reference to the official and my custom feed. Maybe it helps your core project also.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
<add key="RmlrTools" value="https://<MyProjectName>.pkgs.visualstudio.com/DefaultCollection/_packaging/<MyFeedName>/nuget/v3/index.json" />
</packageSources>
<!-- used to store credentials -->
<packageSourceCredentials />
<!-- Used to specify which one of the sources are active -->
<activePackageSource>
<!-- this tells only one given source is active -->
<add key="NuGet official package source" value="https://nuget.org/api/v2/" />
<!-- this tells that all of them are active -->
<add key="All" value="(Aggregate source)" />
</activePackageSource>
<!-- Used to disable package sources -->
<disabledPackageSources />
<!--
Used to specify default API key associated with sources.
See: NuGet.exe help setApiKey
See: NuGet.exe help push
See: NuGet.exe help mirror
-->
<!--<apikeys>
<add key="http://MyRepo/ES/api/v2/package" value="encrypted_api_key" />
</apikeys>-->
</configuration>
Try restarting the computer before you try any of the above.
In my case , I followed these steps
create the personal access token with relevant credentials
download nuget.exe (nuget cli)
using windows run command open the cmd,then
cd C:\Downloads(where the cli is downloaded) ,type
"nuget.exe" and enter
execute -->
nuget.exe sources Add -Name "MyFeedName" -Source "https://myfeedurl" -username username -password MyAccessToken
in visual studio tools->commandline->developer command prompt
dotnet restore
Go to "Manage Nuget Packages"
Click "Setting" from right top Corner
Untick "Packages"
In my case I was using Azure Devops private feed and the NuGet package restoring worked in Visual Studio and in Nuget CLI but it didn't work with Rider and dotnet restore command
The solution was to install The Azure Artifacts Credential Provider and it fixed the problem. I just had to run this command to install it:
iex "& { $(irm https://aka.ms/install-artifacts-credprovider.ps1) }"
This is a fix for a local developer machine. For fixing it on CI/CD check this question.
I'm using VS 2022. The way I was able to fix it is to relog into VS. The trick is the tooltip on the top right SAYS I'm logged in, but when you click your profile logo on the top right, then goto Account Settings, it told me I needed to "reenter my credentials". How does that work, I'm logged in, but I'm not logged in? Turns out it doesn't work, I needed to log in AGAIN for it to REALLY work.

ASP.NET 5 site fails to publish to azure appservice because of a long path

I'm trying to publish a relatively new ASP.NET site to azure appservice from Visual Studio.
I'm getting the following error message during the preview:
The "Dnu" task failed unexpectedly.
System.Exception:
Microsoft .NET Development Utility Clr-x86-1.0.0-rc1-16231
Copying to output path C:\Users*****\AppData\Local\Temp\PublishTemp*****************.********.WebApi114
Error: The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.
at Microsoft.DNX.Tasks.Dnu.Execute()
at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()
at Microsoft.Build.BackEnd.TaskBuilder.d__26.MoveNext()
Path is long indeed. How do I fix it?
Error is from windows file API, not control by Azure App Service. Sadly I think you will have to find a way to shorter your file path in order to fix this issue.
I was running into the same issue trying to build an Angular2 app locally. So I tend to agree with Xiaomin that it may be a local issue. What worked for me was to run the dnu publish command from a command prompt with the output flag set with a shorter folder destination provided. For example, navigate to the location of the project you want to publish in a command prompt and type:
"dnu publish --runtime active -o c:\Sample"
The above command will post your output to c:\Sample.
You can interrogate the options as follows:
"dnu -help"
"dnu publish -help"

Signing assemblies with PFX files in MSBuild, Team Build, and TFS

I get this error when trying to build a project using Team Build (MSBuild) on TFS 2010:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets (1970):
Cannot import the following key file: CCC.pfx.
The key file may be password protected.
To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_C00C673BBB353901
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets (1970):
Importing key file "CCC.pfx" was canceled.
It all builds OK in Visual Studio 2010. The assembly is signed with a PFX file. Usually in Visual Studio we are prompted for the password the first time we build, but then never again...
I've tried running:
sn -i companyname.pfx VS_KEY_3E185446540E7F7A
as other replies as suggested in Stack Overflow question Cannot import the keyfile 'blah.pfx' - error 'The keyfile may be password protected'. I've tried importing into the personal certificate store as suggested in Stack Overflow question Using MSBuild to sign ClickOnce or assembly results in error MSB3321. But all to no avail, still the same error.
How do I do it? Do I have to somehow add the certificate to the Windows account the build service runs under or something like that?
Alternatively, how do I make the build done in Team Build not use signing? I just want to check it compiles and run the unit tests. I don't need signing for that.
You need to adapt this answer to your specific. Something like:
sn -i companyname.pfx VS_KEY_C00C673BBB353901
What I did is not that elegant, but works: log in as the user that runs msbuild on the build machine, manually invoke msbuild, and then type in the password when prompted. It'll now be saved in that user's certificate store, and now the builds can run unattended.
What finally fixed it for me was making the account under which TFS Build service runs an administrator on the local machine.
Don't know though if any of the other stuff I was trying before also needs to be done to get it working. But before it was admin it didn't work after it became admin it worked.
I was getting the same error, and after reading your "administrator" comment - I just ran VS Command Prompt as Admin and it now works fine.
I have faced similar issue
Scenario 1: While building project in local system
In my case i was getting the manifest signing error once i download the project from TFS and build it.
To avoid this issue I right clicked on the project ==> Properties ==> Signing
then unchecked "Sign the ClickOnce Manifests"
OR
You can click Select from store button and select your login id from the dialog box open.
OR
You can install the PFX file manually and later click on More Options button to install those certificate.
Scenario 2:- Manifest error during Build
Here to resolve this error i first clicked Select from store button and select my login id from the dialog box .Then I committed that project in TFS first and then run the build.
I had following settings:
<PropertyGroup>
<SignAssembly>false</SignAssembly>
<AssemblyOriginatorKeyFile>MyKey.pfx</AssemblyOriginatorKeyFile>
</PropertyGroup>
Assembly signing was turned off, but AssemblyOriginatorKeyFile caused error during manifest sign. Removed AssemblyOriginatorKeyFile to fix it.