-
Notifications
You must be signed in to change notification settings - Fork 708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Basic Authentication - Response status code does not indicate success: 401 (Unauthorized) #383
Comments
It's possible, ultimately that's what is used with PATs. From your experiments it seems clear the credential provider is working as expected if your username and password are correctly returned from the tool (the last log), so the issue is likely on the nuget client side. The first log where you're getting multiple attempts that's nuget client trying the credentials, getting 401, then requesting a new one (to which the same credential is returned). You can see that IsRetry is initially false, but then flips to True as the credentials aren't working. Since this doesn't seem like a credential provider issue, have you hooked up fiddler or wireshark to capture the outgoing call from nuget client to the private repository? That would indicate if the same credentials are being used on those calls, or highlight the different between using the credential provider to pass credentials vs nuget passing credentials. |
@JohnSchmeichel Thank you for your quick response. I tried to read something from the Wireshark output, but as everything is encrypted, and I'm not that familiar with Wireshark it was a dead end for me. As you mentioned nuget as client, I tried directly using nuget to restore, but with the same response: nuget restore proget_experimental.csproj -Verbosity detailed
What still works is nuget without CredentialProvider, when I've to insert the credentials manually. I'll try to get access now to our internal server and hope I can find something in the logs there. Is there a possibility to somehow see the difference between with and without CredentialProvider without Wireshark? Additionally, I tried to build the CredentialProvider on my own, but getting of course the following error. Can I somehow ignore this?
|
i'm not sure it's fully related but looks like we also have similar issue. we use .NET Core 3.1 in linux under docker for following image
The last time we used it was March 16 and it worked fine and output was
and then it fails on restore step
|
@sergey-litvinov-work I think your issue is different as it's failing to successfully install the credential provider, can you open a new issue on this? |
@chrisdecker1201 try using fiddler if you can, you should be able to see the requests sent from NuGet to the remote server and inspect the headers and payload. |
@JohnSchmeichel should i still create an issue? we just added If you think that it's good to create a defect - i can create it, but it's a question what should be default version - older .NET so it won't require any changes for older project, or new one and then older project need to force to use older version. And if the answer is newer should be default, then i guess we don't need a ticket |
Glad it's working for you (will still look at the script error though). Newer should be the default, the .NET Core 3.1 is out of support and we'll be removing it from the code base in the coming weeks. |
Thank you for the tip with fiddler. Sadly I'm still confused. I'm not an expert in authentication but the main difference I see is that, when I try to use the credential provider it's using the NTLM and get a 401 response:
And when I use direct authentication with dotnet nuget add source "https://internalproget.server.com/nuget/Experimental/v3/index.json" --name "ProGet Experimental (Basic Auth)" --username "username" --password "password" it's using Kerberos and get a 200 response:
|
I will try to disable NTLM on the server tomorrow and try again. Maybe that's the solution. |
I'm not sure anymore if the issue is related to the CredentialProvider or more an issue of the server configuration I have. I set
With
|
I agree that this looks more like an issue with NuGet or server configuration. Some relevant issues from the NuGet side that may help here: NuGet/Home#5286 In particular I suspect the Negotiate is the issue here as it will be used before the Basic credentials are used. You can try to use the -ValidAuthenticationTypes option to restrict to Basic only. |
Recommend you follow up with the NuGet team at https://github.com/NuGet/Home if you're still experiencing issues with it authenticating with the external endpoint. Closing out this issue as the Artifacts credential provider is properly returning the provided credentials. |
@JohnSchmeichel I've get a response NuGet/Home#12546 (comment), but I'm not sure what to do. If I understand the reponse correct the credentialprovider has an issue. At least I don't know what to do, to fix my issue with this response. |
The credential provider only supports Basic, that's hard-coded in and always has been. So likely your external server needs to enable this option then if NuGet will only use Basic authentication from the credential provider if the server indicates that's supported. I thought NuGet will use the credentials in the same manner as if it was given them via |
@JohnSchmeichel Wouldn't it be the correct solution, that I can configure the auth type in the credential provider? In my case kerberos. |
Then basic auth and this credential provider isn't going to work for you here. Removing the Basic auth filter is not an option, that's required for the tokens the credential provider provides. Would recommend you use the |
Hello,
We use the following systems:
Azure DevOps Pipelines
external Feed (ProGet from Inedo https://inedo.com/proget)
self hosted build agents (Windows Server 2022)
We have the following issue:
I can't get the credential provider running with the external feed. It does not work in the pipeline and it does not work manually.
I try the following:
And I'm getting:
I prepared the system with the following:
When I manually add the dependcy to the *.csproj file
and run
dotnet restore -v d
, I get the following output:When I add username and password everything is working:
When I execute the following, I also have a positive response:
Maybe I'm doing something wrong or maybe it's not possible to use basic authentication. Can you maybe help me 😄 ?
Thank you
The text was updated successfully, but these errors were encountered: