I have my own NuGet server running with an authenticated private feed. To add credentials to the client calling it I use the following:
dotnet nuget add source https://localhost:7228/nuget/v3/index.json -n mynugetserver -u "<<username>>" -p "<<password>>"
This stores the credentials as I expect and the server is using Basic Authentication for the endpoints. When I run the command, the nuget.config file is setup as I'd expect.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
<add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />
<add key="mynugetserver" value="https://localhost:7228/nuget/v3/index.json" />
</packageSources>
<packageSourceCredentials>
<mynugetserver>
<add key="Username" value="<username>" />
<add key="Password" value="<encrypted password>" />
</mynugetserver>
</packageSourceCredentials>
</configuration>
However, any attempt to restore a package from the server fails when I have basic authentication enabled on my NuGet server. It works perfectly when authentication is turned off. From debugging my server and using Fiddler I can see that neither Visual Studio or the dotnet restore command line tool ever send the username and password in the header, it's always empty. My understanding of consuming a private package from an authenticated feed is that the the tools will call the index.json and if it returns a 401 response that it will then retry the call with the username and password information.
I'm getting this from this MS document.
However, it never seems to do anything with the username and password, from what I can see it tries the index.json endpoint 10 times without the basic authentication token, then just gives up and shows:
Failed to download package 'package.name.1.1.1' from 'https://localhost:7228/nuget/v3/package/package.name/1.1.1/package.name.1.1.1.nupkg'.
Response status code does not indicate success: 401 (Unauthorized).
C:\Users\myuser\Projects\MyProject\MyProject.csproj : error NU1301:
Failed to retrieve information about 'Package.Name' from remote source 'https://localhost:7228/nuget/v3/package/package.name/index.json'.
Response status code does not indicate success: 401 (Unauthorized).
I've tried with a standalone NuGet.config file and a clear text password. I've tried with specifying the authentication types. Whatever I do it never passes any authentication information to my service.
NuGetPackageSourceCredentials_{name}for testing purpose? Following the document you shared, when the server responds with an HTTP 401 response, NuGet will search for credentials in environment variable first. If setting environment variable doesn't work too, we might try to check other possibilities. By the way, may I know which .Net core version you are using?www-authenticateheader in its 401 response, as required by the http spec? it needs to tell the http client which auth type to use, therefore needs to say to use basic auth.Response.Headers.Appendin the response it didn't work but switching toResponse.Headers.Addmakes it work, thanks!! This is the answer.