I am using Artifactory as NuGet repository to store all the nuget packages.
When we use this Artifactory link as source, the package Manager in Visual Studio prompts for credentials and worked very fine.
As soon as we moved to build machine (with out VS) and try to build application it is throwing error :
.nuget\NuGet.targets(100,9): error : Key not valid for use in
specified state.
I added source with -user -password and put config at local user location. I tried with ClearText password and encrypted password both are throwing same error.
Am I missing anything here? Please advice.
I believe the error isn't related to Artifactory.
The issue NuGet reports is related with encrypting/decrypting user credentials in nuget.config files.
I encountered the error when I tried to set apiKey for a repo:
NuGet setapikey user:pwd -Config .\NuGet.test.Config -Source .\packages
NuGet reported "Key not valid for use in specified state".
I had NuGet.config file located near NuGet.test.Config. That nuget.config contained packageSourceCredentials section with credentials of other user (than one which was passed to setapikey).
After I remove that credentials from nuget.config the error gone.
Please check Nuget.Config in %AppData%\NuGet
You may want re-create it in order to resolve the issue.
FYI, I had the same problem with my build agent, the issue is resolved by removing "nuget.config" in "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\NuGet"
I encountered the same error when I logged into Windows using a new user account (story: our network admin at our company had removed our users due to an infection by a ransomware and created a new user account for each of us).
We have a local nuget server at our company (created using free Nuget Server).
As #Jinsoo stated, I needed to remove the nuget settings in Nuget.Config (at %AppData%/Roaming/Nuget folder) and set again the apikey for our nuget source using such a command:
nuget setApiKey abcdefghijklmn -Source http://www.our-company-nuget-server.com/nuget
After that I was able again to issue 'nuget push' commands.
Got this issue in TeamCity after adding a global nuget config to the build servers.
Had to change to a newer version of nuget.exe in the build configs, as the old version probably could not cope with some setting in the nuget config.
I had the same problem.
For me the problem could be resolved by simply putting a dotnet restore task in front of the dotnet build task.
In the dotnet restore task I could then specify my feed. With just the dotnet build task it tried to restore nugets with the NuGet.conf file and the local logins, which is more error prone.
It seems that NuGet setapikey encrypts the credentials using the currently-logged-on-user's private key. Therefore, only that user can use these encrypted credentials. If a different user (a service account for CI/CD etc.) tries, they get Key not valid for use in specified state.
Related
I am trying to configure a VB.Net project that has a reference to NuGet package that is stored in our Artifactory repository. I am trying to configure a build in TFS 2018 and I think that there maybe several ways to configure the build in TFS.
I used the .net desktop app template and then modified it. I have it configured as
Use NuGet 4.4.1
NuGet restore
Build Solution
Publish Symbols
Copy Files to ….
Publish Artifact: drop
It’s failing at the NuGet restore:
The nuget command failed with exit code(1) and error(Errors in packages.config projects
Processed: ##vso[task.issue type=error;]The nuget command failed with exit code(1) and error(Errors in packages.config projects%0D%0A Unable to find version '1.0.8' of package 'WPSArchiver-AnyCPU'.%0D%0A C:\Users\TFSBuild1_SVCACCT.nuget\packages: Package 'WPSArchiver-AnyCPU.1.0.8' is not found on source 'C:\Users\TFSBuild1_SVCACCT.nuget\packages\'.%0D%0A https://api.nuget.org/v3/index.json: Package 'WPSArchiver-AnyCPU.1.0.8' is not found on source 'https://api.nuget.org/v3/index.json'.%0D%0A https://xxxxxxxxx.yyyy.com:8443/artifactory/api/nuget/wps-csat-nuget-local: The V2 feed at 'https:// xxxxxxxxx.yyyy.com:8443/artifactory/api/nuget/wps-csat-nuget-local/Packages(Id='WPSArchiver-AnyCPU',Version='1.0.8')' returned an unexpected status code '401 Unauthorized'.)
task result: Failed
Packages failed to restore
So it looks like it does try to access our local instance of Artifactory, but it is getting a '401 Unauthorized'
As you can see in the image above I created a “Credentials for feeds…” For this I created a Nuget authentication
Should I use different build steps? How can I troubleshoot the authentication request. I know that the account that I am using is valid.
It looks like the Feed URL in above service connection for local Artifactory server is not complete. The source URL pointing to Artifactory should be like this http://severname:8081/artifactory/api/nuget/<repository key>.
In your case you can try changing the Feed URL in above screen to https://xxxxxxxxx.yyyy.com:8443/artifactory/api/nuget/wps-csat-nuget-local
The Feed URL should be the same with the packageSources you defined in nuget.config file.
You can modify the setting for Credentials for feeds in the Service connection section of in project settings.
Project settings--> Service connections under Pipelines-->Select your connection(CSAT Artifactory)--> Update the Feed URL.
If it is still not able to authenticate, you can try using the API Key for the Password field of the artifactory connection.
Hope above help!
Running into an issue with Nuget, Jenkins, and Artifactory. Can't seem to get the Jenkins pipeline to recognize the Nuget configuration
What is working:
login to artifactory with the account I'm trying to read with.
view the repository and artifacts I am trying to access.
use the nuget command line to access the repository and put in username and password when prompted.
Now when the same process is put in a Jenkins pipeline, I get the following:
"The remote server indicated that the previous request was forbidden. Please provide credentials for **https://host.domain/artifactory/api/nuget/v3/repo**"
Here is how I setup nuget:
nuget.exe sources Add -Name Artifactory -Source https://host.domain/artifactory/api/nuget/v3/repo -username <username> -password <password>
nuget.exe setapikey <username>:<password> -Source Artifactory
Even adding the two lines above result in the same error
Had similar error. Nuget.Config was good, everything looked (and was) correctly set up. Turned out nuget was using a CredentialProvider exe from VS2019 which overrode my config settings.
Renamed that exe and everything works as expected.
to check if you are having the same issue, try running:
nuget list -Source YourArtifactory -verbosity detailed
If it mentions any Credential Providers and their errors - this could be the reason.
In Artifactory repository button "Set Me Up".
This is how to step by step.
I've tried to publish a nuget package to my GitHub Packages account but in all cases I'm having the 404 error.
I've followed as requested on the GitHub's site:
nuget source Add -Name "GitHub" -Source "https://nuget.pkg.github.com/[MyAccount]/index.json" -UserName [MyUserName] -Password GH_TOKEN
It throwed me an error saying to add an api key.
So I created a Personal Access Token and set the api key:
nuget setapikey [MY_PAT_TOKEN] -Source "https://nuget.pkg.github.com/[MyAccount]/index.json"
But when trying to push again I had:
"Your request could not be authenticated by the GitHub Packages
service. Please ensure your access token is valid and has the
appropriate scopes configured."
So I created another token with the necessary scopes:
- read:packages
- write:packages
- delete:packages
- repo
I deleted the source and the api key and started the steps above again, with the new token, but I had the 404 error, saying that the source was not found.
So I've tried a lot of options... changing package name, changing source name, and a bunch of other things, but with the same result.
So I read this on the GitHub's website:
"When you publish a package, by default GitHub Packages uses the
package name to determine the GitHub repository containing the
package. For example, a package named odata-client would be published
to the OWNER/odata-client repository. If you would like to change the
repository containing the package, or publish multiple packages to the
same repository, you can include the URL to the GitHub repository in
the repository field of the package's .nuspec file."
As I'm using .NET Core 3.0 so I changed the csproj including:
<RepositoryUrl>https://nuget.pkg.github.com/[MyAccount]/Common</RepositoryUrl>
<RepositoryType>git</RepositoryType>
But this time I had a 400 (Bad Request)
And I tired some variations for the above url: ending with index.json, ending without index.json, ending with common, etc... But always have Bad Request error.
So I deleted this configurations and tryied again: 404 (Not Found)
I don't know what to do any more. There are someone that can help me with that? What am I doing wrong? It lacks some configuration?
I had same issue. For me it was wrong Repository Url in nuget package. I would advise you to check that RepositoryUrl is set and it is a valid url of existing repo.
I have been fixed the same error setting my repository URL:
<PropertyGroup>
<!--Others configurations values-->
<RepositoryUrl>https://github.com/GITUSERNAME/REPOSITORY-PATH**</RepositoryUrl>
</PropertyGroup>
I am using dotnet core and setting this configuration in .csproj
I had the same issue, my solution was to give all "Repo" permissions to the token.
PS: my Repo was private
I had the exact same issue and struggled with it alot.
I ended up using some of your pointers - adding
to my .nuspec and packed the project again.
This helped and pushing to github worked.
Please try packing your project again.
I have a newly installed Windows 10 machine with the .NET Core SDK 3.0.100. I have a project with it's nuget.config file containing (among other reference) a reference to an Azure Artifacts nuget feed, and i'd like to access credentials to this feed interactively. It's worth to point out that i'd like to use command line to achieve this. My IDE of choice is Jetbrains Rider and not Visual Studio (for this particular question i'm not sure that matters though).
I have downloaded the Azure Artifacts Credential Provider by running a powershell command (Invoke-WebRequest...) and installed it - what seems - successfully. Now I have a nuget plugin on my computer that's supposed to help me retrieve credentials for azure artifact feeds.
What i do expect to work is that running dotnet restore --interactive should prompt me to enter credentials, but it doesnt. It doesnt prompt at all, and just complains that it cannot find the packages.
I've tried this other times too, both on MacOS and Windows with my colleagues, and it always seem to be some problems related to this. Any ideas what i'm doing wrong?
Thanks for your help!
There is another option in case you cannot make dotnet restore --interactive work out of the box when you add the nuget.config file to your project.
You can clear all the nuget local caches.
The easiest way of doing this is using the following command:
dotnet nuget locals all --clear
After some time, when all caches are cleared, you can run dotnet restore --interactive again, and hopefully the Azure Artifacts Credential Provider should show you instructions for authentication through device code.
I'll answer my own question as it might help someone else.
When I tried dotnet restore --configfile .\.nuget\NuGet.Config --interactive it did prompt me. I could login in and everything worked!
I'm not sure why, but it seems that just running dotnet restore --interactive doesn't pick the correct nuget sources - or at least not the ones I have defined in .\.nuget\NuGet.Config in my local project. And therefore the credential provider (obviously) won't prompt me for anything. I haven't found any details on whether this is the expected behaviour or a bug.
With the option posted by #Robson Rocha about clear all the nuget local caches, I could got the credential instructions but nevertheless after authentication I kept getting the error:
warn : The plugin credential provider could not acquire credentials. ...
error: Response status code does not indicate success: 401 (Unauthorized).
I solved the problem in my Windows dev environment creating an Azure Personal Access Token with permissions “Scopes: Custom defined, Packaging: Read” and setting it in the %AppData% Nuget folder:
C:\Users\{UserName}\AppData\Roaming\NuGet\NuGet.Config
nuget.config reference - packageSourceCredentials
<packageSourceCredentials>
<MyPackageSourceKey>
<add key="Username" value="myUserName" />
<add key="ClearTextPassword" value="TheAzurePersonalAccessToken" />
</MyPackageSourceKey>
</packageSourceCredentials>
Because the %AppData% Nuget folder is per user and it is outside of the repo folder, the credentials are kept secure per user and we avoid committing them into the repo.
You may need to install https://github.com/microsoft/artifacts-credprovider#setup then you will be able to use dotnet restore --interactive
As of January 2023 "dotnet restore --interactive" in many cases will not actually show the prompt and silently wait for 90 seconds, then fail to restore. Presumably showing the prompt is done at wrong logging level and hence do not show up on the console.
Workaround: add --verbosity minimal
dotnet restore --interactive --verbosity minimal
Solution obtained from the corresponding issue reported in 2021 - https://github.com/dotnet/sdk/issues/22987
I am attempting to restore packages that I've uploaded to my AppVeyor account NuGet feed, yet it is failing to connect to the feed during the build.
In my appveyor.yml file I have:-
nuget:
account_feed: true
And I have confirmed that the account feed mentioned in the logs is the correct URL for my account feed.
I have also opened that feed by connecting to it using Visual Studio and entering my account credentials. When doing that, I have confirmed that the packages I'm trying to restore exist as expected.
However the build fails with this in the logs:-
https://ci.appveyor.com/nuget/xxxxxxxxxx-yyyyyyyyyyyy: Unable to load the service index for source https://ci.appveyor.com/nuget/xxxxxxxxxx-yyyyyyyyyyyy.
The HTTP request to 'GET https://ci.appveyor.com/nuget/xxxxxxxxxx-yyyyyyyyyyyy' has timed out after 100000ms.
NuGet Config files used:
C:\projects\MyProjectName\Source\NuGet.Config
C:\Users\appveyor\AppData\Roaming\NuGet\NuGet.Config
C:\ProgramData\nuget\Config\Microsoft.VisualStudio.Offline.config
C:\ProgramData\nuget\Config\ServiceFabricSDK.config
Feeds used:
C:\Users\appveyor\.nuget\packages\
https://www.nuget.org/api/v2
https://A-CUSTOM-EXTERNAL-NUGET-FEED-I-ALSO-ACCESS/nuget
https://ci.appveyor.com/nuget/xxxxxxxxxx-yyyyyyyyyyyy
C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\
C:\Program Files\Microsoft SDKs\Service Fabric\packages\
Note: The custom external NuGet feed should be unrelated. I have other packages that successfully restore from there before my build breaks with the private account repo attempt.
Is there something I'm missing that will allow me to connect to my AppVeyor account NuGet repo for the restoring of a package?
Could it have anything to do with the package itself?
AppVeyor has made some changes not allowing you to implicitly include your private account NuGet repository for public code respositories.
As in #ilyaf's answer, the discussion here confirms this, and says the following is the reason.
In previous implementation having this enabled and working for public
project was a vulnerability rather than a feature because on your
account feed you can have NuGet packages from both public and private
projects and anyone submitting PR to public build would have been able
to grab private packages from your account feed. It's fixed now.
So to still get this working, as mentioned in #Feodor Fitsner's comment, you need to configure a new nuget source mentioning your account's NuGet repo.
Here's what you need to do.
Go to the Project in AppVeyor that you're trying to build and select the Settings for that project. On the 'Environments' settings tab, add two new Environment Variables:-
'nuget_user'
'nuget_password'
...placing your AppVeyor credentials in the values for each of those.
In your appveyor.yml, add a new NuGet source under the install node.
install:
- nuget sources add -Name MyAccountFeed -Source <feed-url> -UserName %nuget_user% -Password %nuget_password%
...where <feed-url> is your NuGet feed URL.
Note: These two steps are defined in steps 2 and 3 or this doc.
https://www.appveyor.com/docs/nuget/#configuring-external-private-nuget-feed-for-your-builds
Now, ensure that you have account_feed and project_feed off for your build (otherwise the build will complain that there are duplicate feeds).
Do this by either deleting the following:-
nuget: account_feed:
OR ensure you have
nuget:
account_feed: false
project_feed: false
Your project should now build correctly, retrieving your NuGet packages from your NuGet account.
This, however, may be a workaround to what AppVeyor were trying to initially block with their change.
Please take a look at this discussion.