I am trying to configure the Azure Artifacts Credential Provider to allow me to connect to Azure DevOps and publish NuGet packages to the Artifacts feed. I have installed the credential provider on my build server. However every time that I run the build I get the following error:
Am I supposed to pass in a PAT to the Credential Provider or is the account that is running the build need to have access to Azure DevOps so that it can generate credentials? The documentation was a little unclear to me about how this works. My TeamCity instance is a little out of date so maybe I need to work on getting that upgraded first.
Please, add NuGet Credentials Provider build feature for your build configuration. Specify an URL for the feed (the same way as you did in NuGet Publish build step), a valid username + PAT (not a password in there).
The accepted answer seems to no longer be working. On TeamCity 2019.1.4 running on Windows Server 2016 and using .NET Core 2.2.105:
[push] WARNING: The credential plugin model used by 'C:\TeamCity\buildAgent\plugins\nuget-agent\bin\credential-provider\CredentialProvider.TeamCity.exe' is deprecated. Please contact the provider of the plugin for an alternative. More information about the recommended plugin model can be found at 'https://aka.ms/nuget-cross-platform-authentication-plugin'.
[17:18:31][push] Please provide credentials for: https://pkgs.dev.azure.com/org/project/_packaging/feed/nuget/v3/index.json
[17:18:31][push] Unable to load the service index for source https://pkgs.dev.azure.com/org/project/_packaging/feed/nuget/v3/index.json.
[17:18:31][push] Response status code does not indicate success: 401 (Unauthorized).
Manually installing and running the https://github.com/microsoft/artifacts-credprovider works from the command line if I log in to the server and set the env vars for non-interactive use, but does not work within the context of a TeamCity Build job.
Is there a newer TeamCity runner than can handle authentication for dotnet nuget push to Azure Artifacts?
Related
I'm currently trying to add a Azure Devops artefact feed to Teamcity so I can pull dependencies built in Azure to our legacy Teamcity build server. I understand that I can use the Nuget Feed Credentials build feature to handle the authentication of this with an access token.
What I'm struggling with is that this build feature appears to need to be added to each build individually. Is there a way to handle this authentication centrally so I don't need to modify every build config where I want to use this feed?
The solution endded up being to create a build configuration template and use that to handle the auth.
Create new build configuration template on the root project
Add Nuget feed credentials step to the build configuration template (username can be anything, password should be a PAT which can read the feed)
Apply the new build configuration template to the root project
The end result of this is all your projects will have the same nuget authentication config.
I am trying to publish a NuGet package to a NuGet feed I created in Azure Devops. I have experience in doing these kind of things (I published on NuGet.org) but for some reason I do not understand, it is not working when I try to do this for my employer.
When I click "Connect To Feed", I see this explanation:
This clearly shows where to put my package path and where to put the source. However, it does not show where to put the API key I generated.
But I gave it a try and typed (after generating the package file):
dotnet nuget push --source "Test" --api-key az ClassLibrary1.1.0.0.nupkg
This was not working (401)
I really do not understand this part of the explanation: "API Key (any string will do)". Why possibly "any string will do". I need a valid API key.... Not "any string".
After that I tried to publish in way I have good experience with (when publishing nuget.org public nuget packages). In this statement, the source and key are clearly specified.
Here is how I did it:
Also that does not work. I got a 401 again.
My API key that should give me access (and thus prevents a 401) should be fine. This is how I generated the API key:
Most likely, there is something wrong with the way I specified my API key, not with the API key itself. So how do I specify it correctly in my command-line statement in order to successfully publish my package?
There are a few steps you'll have to take before you can push to your NuGet feed locally:
Install the Azure Artifact Credential Provider: https://go.microsoft.com/fwlink/?linkid=2099625
Run dotnet restore --interactive, this will prompt you for credentials
Run dotnet nuget push --source "BackgroundJobs" --api-key anyapikey <package-path>
Note: You can use any API key.
I saw several pages on Internet but none that explains how to do this.
I have Azure Pipelines, a Windows self-hosted agent and an intranet TFS 2018 Server.
I tried to create a “New Azure Repos/Team Foundation Server” service connection with a full access PAT and got this message: “Failed to query service connection API: 'https: //tfs…/defaultcollection/project/_admin/_services/_apis/projects'. Error Message: 'A task was canceled.'” However, I am not even sure this is what I need.
I want a build pipeline to trigger when developers checks-in in VS2019 for a project in TFS. This pipeline would get the code on the agent, build and create an artifact on Azure Artifacts. A release pipeline would take that artifact and deploy on our intranet servers.
Is that possible?
If yes, could you help me find what must be done in Devops and on the TFS servers?
If not, could you please tell me the best way to do the above?
Many thanks
When you create a "New Azure Repos/Team Foundation Server" service connection, you can try to choose Save without verification.
If you want to check in in VS2019 to trigger a build pipeline, then you need to find the Triggers tab in the build pipeline interface, and then enable continuous integration, add Branch filters.
You can install extension TFS artifacts for Release Management in your organization. With this extension, you can deploy artifacts from external TFS. When you add an artifact, select External TFS build, and then add the required information, you can deploy the artifact to your Internal service
You can get the projectId by calling the REST API below:
REST API : https://learn.microsoft.com/en-us/rest/api/azure/devops/core/projects/list?view=vsts-rest-tfs-4.1
Extension TFS artifacts for Release Management: https://marketplace.visualstudio.com/items?itemName=ms-vscs-rm.vss-services-externaltfs
I am trying to configure a VB.Net project that has a reference to NuGet package that is stored in our Artifactory repository. I am trying to configure a build in TFS 2018 and I think that there maybe several ways to configure the build in TFS.
I used the .net desktop app template and then modified it. I have it configured as
Use NuGet 4.4.1
NuGet restore
Build Solution
Publish Symbols
Copy Files to ….
Publish Artifact: drop
It’s failing at the NuGet restore:
The nuget command failed with exit code(1) and error(Errors in packages.config projects
Processed: ##vso[task.issue type=error;]The nuget command failed with exit code(1) and error(Errors in packages.config projects%0D%0A Unable to find version '1.0.8' of package 'WPSArchiver-AnyCPU'.%0D%0A C:\Users\TFSBuild1_SVCACCT.nuget\packages: Package 'WPSArchiver-AnyCPU.1.0.8' is not found on source 'C:\Users\TFSBuild1_SVCACCT.nuget\packages\'.%0D%0A https://api.nuget.org/v3/index.json: Package 'WPSArchiver-AnyCPU.1.0.8' is not found on source 'https://api.nuget.org/v3/index.json'.%0D%0A https://xxxxxxxxx.yyyy.com:8443/artifactory/api/nuget/wps-csat-nuget-local: The V2 feed at 'https:// xxxxxxxxx.yyyy.com:8443/artifactory/api/nuget/wps-csat-nuget-local/Packages(Id='WPSArchiver-AnyCPU',Version='1.0.8')' returned an unexpected status code '401 Unauthorized'.)
task result: Failed
Packages failed to restore
So it looks like it does try to access our local instance of Artifactory, but it is getting a '401 Unauthorized'
As you can see in the image above I created a “Credentials for feeds…” For this I created a Nuget authentication
Should I use different build steps? How can I troubleshoot the authentication request. I know that the account that I am using is valid.
It looks like the Feed URL in above service connection for local Artifactory server is not complete. The source URL pointing to Artifactory should be like this http://severname:8081/artifactory/api/nuget/<repository key>.
In your case you can try changing the Feed URL in above screen to https://xxxxxxxxx.yyyy.com:8443/artifactory/api/nuget/wps-csat-nuget-local
The Feed URL should be the same with the packageSources you defined in nuget.config file.
You can modify the setting for Credentials for feeds in the Service connection section of in project settings.
Project settings--> Service connections under Pipelines-->Select your connection(CSAT Artifactory)--> Update the Feed URL.
If it is still not able to authenticate, you can try using the API Key for the Password field of the artifactory connection.
Hope above help!
I am using Artifactory as NuGet repository to store all the nuget packages.
When we use this Artifactory link as source, the package Manager in Visual Studio prompts for credentials and worked very fine.
As soon as we moved to build machine (with out VS) and try to build application it is throwing error :
.nuget\NuGet.targets(100,9): error : Key not valid for use in
specified state.
I added source with -user -password and put config at local user location. I tried with ClearText password and encrypted password both are throwing same error.
Am I missing anything here? Please advice.
I believe the error isn't related to Artifactory.
The issue NuGet reports is related with encrypting/decrypting user credentials in nuget.config files.
I encountered the error when I tried to set apiKey for a repo:
NuGet setapikey user:pwd -Config .\NuGet.test.Config -Source .\packages
NuGet reported "Key not valid for use in specified state".
I had NuGet.config file located near NuGet.test.Config. That nuget.config contained packageSourceCredentials section with credentials of other user (than one which was passed to setapikey).
After I remove that credentials from nuget.config the error gone.
Please check Nuget.Config in %AppData%\NuGet
You may want re-create it in order to resolve the issue.
FYI, I had the same problem with my build agent, the issue is resolved by removing "nuget.config" in "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\NuGet"
I encountered the same error when I logged into Windows using a new user account (story: our network admin at our company had removed our users due to an infection by a ransomware and created a new user account for each of us).
We have a local nuget server at our company (created using free Nuget Server).
As #Jinsoo stated, I needed to remove the nuget settings in Nuget.Config (at %AppData%/Roaming/Nuget folder) and set again the apikey for our nuget source using such a command:
nuget setApiKey abcdefghijklmn -Source http://www.our-company-nuget-server.com/nuget
After that I was able again to issue 'nuget push' commands.
Got this issue in TeamCity after adding a global nuget config to the build servers.
Had to change to a newer version of nuget.exe in the build configs, as the old version probably could not cope with some setting in the nuget config.
I had the same problem.
For me the problem could be resolved by simply putting a dotnet restore task in front of the dotnet build task.
In the dotnet restore task I could then specify my feed. With just the dotnet build task it tried to restore nugets with the NuGet.conf file and the local logins, which is more error prone.
It seems that NuGet setapikey encrypts the credentials using the currently-logged-on-user's private key. Therefore, only that user can use these encrypted credentials. If a different user (a service account for CI/CD etc.) tries, they get Key not valid for use in specified state.