We have a CI build working in Jenkins. We have a NuGet package feed in Azure DevOps, and we are getting a 401 Unauthorized
error when restoring NuGet packages during a build:
https://pkgs.dev.azure.com/X/_packaging/FeedName@Release/nuget/v3/index.json : Unable to load the service index for source https://pkgs.dev.azure.com/X/_packaging/FeedName@Release/nuget/v3/index.json . Response status code does not indicate success: 401 (Unauthorized).
Jenkins setup:
I have the NuGet Credential Provider installed on the Jenkins machine, but I installed it when logged in as myself. I replicated the steps I took on my laptop to get around this same issue. My laptop is working. The Jenkins server is not, and I think it has something to do with the NuGet Credential Provider not working for the "Local System" account, but have no idea how to fix this.
The build is controlled by a PowerShell script, and the NuGet restore command looks like:
& "$solutionPath"\.nuget\NuGet.exe restore "$solutionFile"
$solutionPath
is the folder in which the.sln file exists for Visual Studio $solutionFile
is the exact file name for the.sln file After reading How to specify credentials for external nuget feeds in VSTS nuget restore I also added a new "source" to the local NuGet installation via:
.\.nuget\NuGet.exe sources add -name "FeedName" -source "https://pkgs.dev.azure.com/X/_packaging/FeedName@Release/nuget/v3/index.json" -username <my username> -password <my personal access token> -configfile .\.nuget\NuGet.config
Usernames that I tried:
.
, like the Jenkins config needs to authenticate with Azure DevOps when getting the latest version of our code via TFVC The -password
argument was a copy and paste of a Personal Access Token with read/write permissions to the Azure DevOps artifacts feed.
But again, I was remoted into the Jenkins machine as my username when I did this, and I'm still getting the same problem.
How to fix 401 Unauthorized
when restoring NuGet packages during a Jenkins build when the packages are coming from an Azure DevOps artifacts NuGet feed?
Try using the name of the Personal Access Token (PAT) as the username. That is the name that you gave to the PAT while creating it.
Edit .nuget/NuGet.config
and add the following code:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<solution>
<add key="disableSourceControlIntegration" value="true" />
</solution>
<packageSources>
<add key="MyPackages" value="https://pkgs.dev.azure.com/OrganizationName/_packaging/FeedName@Release/nuget/v3/index.json" />
</packageSources>
<packageSourceCredentials>
<!-- Tag name 'MyPackages' matches 'key' attribute under packageSources -->
<MyPackages>
<!-- Username is the name you gave your Personal Access Token in Azure -->
<add key="Username" value="NameOfPersonalAccessToken" />
<!-- Choose one of the tags below: -->
<!-- Use Password if PAT is encrypted -->
<add key="Password" value="EncryptedPersonalAccessTokenGoesHere" />
<!-- Use ClearTextPassword if PAT is encrypted -->
<add key="ClearTextPassword" value="PlainTextPersonalAccessTokenGoesHere" />
</MyPackages>
</packageSourceCredentials>
</configuration>
More info: https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#packagesourcecredentials
While the OP was unblocked, I had a totally different issue resulting in the same behavior on an Azure DevOps pipeline using a private NuGet feed hosted on ADO.
I was following the Azure Artifacts Credential Provider guide , and had set the environment variable of VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
as a Secret variable.
After a couple days of hair-pulling debugging, I ran across this comment on a GitHub issue which totally blew my mind. That env-var gets auto-generated, given the right circumstances.
I should have mentioned this in my first message but the NuGet build task will automatically populate the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS variable if the Azure Artifacts credential provider (V2) is being used and the "Credentials for feeds outside this account/collection" section is filled
So I followed the rest of the instructions and set these variables up, even though SESSIONTOKENCACHE had already been set.
NuGet.ForceEnableCredentialProvider=false
NuGet_ForceEnableCredentialProviderV2=true
NUGET_CREDENTIALPROVIDER_MSAL_ENABLED=true
NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED=true
and removed VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
completely.
And that was that. Unblocked, finally.
What was odd was that before I was unblocked, NuGet was working fine for restore
and push
, just not list
... very odd.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.