NuGet should use HttpClientHandler.PreAuthentication to reduce HTTP 401's

[zivkan]

NuGet Product(s) Affected

NuGet.exe, Visual Studio Package Management UI, Visual Studio Package Manager Console, MSBuild.exe, dotnet.exe, NuGet SDK

Current Behavior

Related to #11600, NuGet is currently making an unauthenticated HTTP request to every URL. For private feeds, the server then responds with HTTP 401, and then NuGet (technically HttpClientHandler does it automatically, so it's completely hidden from NuGet) resends with credentials.

This means that at least 50% of all HTTP requests NuGet sends to a server results in HTTP 401 responses.

Note that PreAuthenticate has a limitation/design choice where a "base" URL needs to be authenticated first, and then any URL that matches the rough equivilent of url.StartsWith(baseUrl.SubString(0, baseUrl.IndexOfLast("/")) will re-use those creds.

Therefore, enabling PreAuthenticate without any other changes means that it will only work when:

1. NuGet does not use a cached service index
2. The server makes all resources (listed in the service index) start with the same URL that the service index itself is in.

In particular, this means that Azure Artifacts' current implementation where customers write a URL with "friendly"/alias names in their nuget.config, but then the service index changes parts of the URL to canonical GUIDs, will not meet HttpClientHandler's PreAuthenticate design.

However, other server implementations already meet the second requirement above, so PreAuthenticate, without any other changes to NuGet, will immediately benefit those servers (when NuGet doesn't use a cached service index, which has a different tracking issue).

Desired Behavior

Dramatically reduce the number of HTTP 401's the server has to send back to the client.

Additional Context

No response