dotnet tool install error installing when a private feed is in nuget.config

[kjbartel]

Describe the bug

dotnet tool install -g foobar does not install any tools if a private nuget feed is in the nuget.config which requires authentication.

This is an exact copy of #9555 which has incorrectly been closed and subsequently ignored even though multiple people continue to comment begging the for the bug to be fixed.

To Reproduce

Execute:
'dotnet tool install -g sourcelink'
and have in the the global nuget.config the company nuget feed from vsts.

If i comment out the private feed out in then nuget.config, then the tool get's installed.

nuget restore does not have a problem with the nuget feed. dotnet restore (which should not be used with VSTS because you have to store a Cleartext PAT in the nuget.config) clearly has the same problem like dotnet tool

Exceptions (if any)

C:\Program Files\dotnet\sdk\2.1.301\NuGet.targets(114,5): error : Fehler beim Abrufen von Informationen zu "sourcelink" aus der Remotequelle "https://XYZ.pkgs.visualstudio.com/_packaging/172bc92f-50b3-48bc-b4cf-9555b7f0fd10/nuget/v3/flat2/fo/index.json". [C:\Users\DerAl\AppData\Local\Temp\ctdjxp0q.bbs\restore.csproj]
C:\Program Files\dotnet\sdk\2.1.301\NuGet.targets(114,5): error : Response status code does not indicate success: 401 (Unauthorized). [C:\Users\DerAl\AppData\Local\Temp\ctdjxp0q.bbs\restore.csproj]

[andrerav]

Just want to voice my support and express my hope that this will get fixed sometime :)

[rvdginste]

I bumped into the same issue and already wasted quite some time on it. In the end, I found #9555 which was closed in 2018, but was never really fixed.

I use a private NuGet feed on Azure Artifacts for my project. This feed is configured to also fetch packages from nuget.org, so only one NuGet feed is needed. A NuGet.Config is provided in the root of the project to configure the feed.

This is used in a build pipeline, and I used the following nuget.config to pass credentials through environment variables.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="private-nuget" value="https://pkgs.dev.azure.com/private/aaa-aaa-aaa-aaa-aaa/_packaging/private-nuget/nuget/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <private-nuget>
      <add key="Username" value="%AzureDevopsUser%" />
      <add key="ClearTextPassword" value="%AzureDevopsPersonalAccessToken%" />
    </private-nuget>
  </packageSourceCredentials>
</configuration>

This works fine with a dotnet restore, but it fails when using it to install dotnet tools. I get an Unauthorized error. Is it not possible for dotnet tools to use the standard authentication mechanisms available in NuGet?

The workaround suggested in 2018 comes down to basically not using authenticated feeds for the dotnet tools....

[dsplaisted]

This may be related to #24220

[DanielTheCoder]

Workaround posted here #22987

[deloorc]

I stumbled upon this issue while facing a similar problem in my own CI setup with Azure Artifacts, and I thought I'd share how I managed to resolve it in case it helps.

Reflecting on the error logs I had, which were nearly identical to the ones you've provided:

• warning NU1801: Failed to retrieve information about '<my dotnet tool name>' from remote source...
• error NU1101: Unable to find package <my dotnet tool name>..

Reading the detailed logs I also saw I was receiving error : Response status code does not indicate success: 401 (Unauthorized).

In my case it appeared to be an authentication issue with the Azure Artifacts feed, a situation not uncommon when dealing with private NuGet feeds.

In my case, what worked was adding the NuGetAuthenticate task to my pipeline configuration. This task ensures that the required credentials are properly set, allowing the .NET CLI to authenticate and access the private feed. Here’s how I did it:

- task: NuGetAuthenticate@1
  inputs:
    forceReinstallCredentialProvider: true

- task: DotNetCoreCLI@2
  displayName: "Restore dotnet tools"
  inputs:
    command: "custom"
    custom: "tool"
    arguments: "restore --ignore-failed-sources --disable-parallel"
    workingDirectory: $(basePath)
    nugetConfigPath: "$(basePath)/NuGet.Config"
    feedsToUse: config

Notice that I've placed the NuGetAuthenticate task right before the DotNetCoreCLI task. This ensures that the credentials are available when attempting to restore the .NET tool.

Below my NuGet.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    <add key="<feedName>" value="https://pkgs.dev.azure.com/<organization>/<project>/_packaging/<feed>/nuget/v3/index.json" />
  </packageSources>
  <solution>
    <add key="disableSourceControlIntegration" value="true" />
  </solution>
</configuration>

NOTE: I've replaced the organization, project, and feed names with placeholders.

Lastly, for local development, ensure that you've authenticated with Azure Artifacts using the credentials provider. You can find a guide on how to do this https://github.com/microsoft/artifacts-credprovider.

Hope this helps!

[SpaceOgre]

I'm having problems with this as well.
I followed the recommendation from Microsoft to not have multiple sources in my Nuget.config file and only added the private one that have the official Nuget as upstream.

To bypass the 401 error I'm using this before:

  - task: NuGetAuthenticate@1

But now the task that tries to install is telling me that the tool does not exist in my private feed.

dotnet-coverage is not found in NuGet feeds https://[orgname].pkgs.visualstudio.com/_packaging/[feedname]/nuget/v3/index.json.

The task looks like this:

  - task: DotNetCoreCLI@2
    displayName: "Install dotnet-coverage"
    inputs:
      command: custom
      custom: tool
      arguments: "install --global dotnet-coverage"

Since it exist in the upstream source of nuget I expect it to find it and install it through that.