Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
[ProGet] NuGet push: Always asks for credentials
-
Hello!
This regards ProGet (v2.2.9) and the official NuGet command line tool (v2.7.41115.310).
Environment: Windows 8; IIS 8; bundled SQL Server Express 2005.
I try to use the default API key config, and the option "-ApiKey Admin:Admin" still makes NuGet ask for credentials.
Output:
>nuget push "jquery.2.0.3.nupkg" -Source http://localhost:8081/nuget/out-of-the-box -ApiKey Admin:Admin Pushing jQuery 2.0.3 to 'http://localhost:8081/nuget/out-of-the-box'... Please provide credentials for: http://localhost:8081/nuget/out-of-the-box UserName: Admin Password: ***** Your package was pushed.The feed has no API key. LDAP auth is neither used nor supported (free).
I've also tried to specify an API key for the feed, then created a new role with the "Feeds_AddPackage" task, then granted the role for "Anonymous User".
Even then, the NuGet tool asks for credentials.
Output:
>nuget push "jquery.2.0.3.nupkg" -Source http://localhost:8081/nuget/out-of-the-box -ApiKey test Pushing jQuery 2.0.3 to 'http://localhost:8081/nuget/out-of-the-box'... Please provide credentials for: http://localhost:8081/nuget/out-of-the-box UserName: Admin Password: ***** Your package was pushed.Please see what happens when the task "Feeds_OverwritePackage" is not granted for Anonymous:
>nuget push "jquery.2.0.3.nupkg" -Source http://localhost:8081/nuget/out-of-the-box -ApiKey test Pushing jQuery 2.0.3 to 'http://localhost:8081/nuget/out-of-the-box'... Please provide credentials for: http://localhost:8081/nuget/out-of-the-box UserName: Admin Password: ***** Failed to process request. 'There was an error processing the request: The package jQuery.2.0.3 already exists and the user Anonymous does not have the Feeds_OverwritePackage privilege.'. The remote server returned an error: (403) Forbidden..I don't know what to do or try next, and I would appreciate your assistance.
Thank you in advance!
-
Thank you for the detailed report. We are still attempting to reproduce this... in the meantime, would you be able to send a Fiddler trace to support at inedo dot com for the requests issued from the NuGet client and the response from the ProGet server?
-
Hello,
Thank you for your response!
I've inspected the request and response using Fiddler, and the issue has been resolved!
After granting Anonymous User the "Feeds_ViewFeed" privilege, the issue ceased to exist. I'm sure you know best whether this is correct behavior or not.
I have an idea why this problem happened.
I did not want any anonymous access to the site (view feeds, packages, etc). If anonymous users were assigned the "View Only" role, then I had deleted the privilege. After that, I created a new role, and it did not include the "Feeds_ViewFeed" task. I thought only "Feeds_AddPackage" and "Feeds_OverwritePackage" were required to push packages.
Thank you very much for your support! :)
Troubleshooting
NuGet command:
nuget push "jquery.2.0.3.nupkg" -Source http://%computername%:8081/nuget/out-of-the-box -ApiKey Admin:AdminRequest:
GET http://sal-fujitsu:8081/nuget/out-of-the-box HTTP/1.0 User-Agent: NuGet/2.7.41115.310 (Microsoft Windows NT 6.2.9200.0) Host: sal-fujitsu:8081Response:
HTTP/1.1 401 Unauthorized Cache-Control: private Content-Length: 111 Content-Type: text/plain; charset=utf-8 Server: Microsoft-IIS/8.0 X-AspNet-Version: 4.0.30319 X-UA-Compatible: IE=edge WWW-Authenticate: Basic realm="ProGet Feed out-of-the-box" X-Powered-By: ASP.NET Date: Thu, 23 Jan 2014 02:01:38 GMT Connection: close You are not authorized to view this feed because the user Anonymous does not have the Feeds_ViewFeed privilege.
-
As an addendum, we've also discovered that this can happen if ProGet is hosted via IIS with Windows Authentication and without Forms Authentication enabled. To resolve this, make sure both Windows Authentication and Forms Authentication are enabled.
-
We are also having troubles with nuget push.
Your setup don't include any granted rights for anonymous users. Nuget asks for user/password, but after sending them to the server, it is getting 401 anyway.HTTP/1.1 401 You are not authorized to view this feed because the user Anonymous does not have the Feeds_ViewFeed privilege.
We are using ProGet with integrated server. Web uploads are ok.
So the questions is: is it possible to use nuget push without granting permissions to anonymous users?
-
@Alexey - Sure, just supply the argument:
-ApiKey username:passwordwhen pushing the package.
For further reference: http://inedo.com/support/documentation/proget/feeds/nuget/api-keys
-
Hello!
Nevertheless, please tell me, can I push packages with API Key only, without grant the Feeds_AddPackage privilege to the Anonymous User and without typing username/password?
I am using configuration "No API Key with Integrated User Directory" (http://inedo.com/support/documentation/proget/feeds/api-keys).
The Feeds_AddPackage privilege isn't grant to Anonymous User. But if I push the package with argument -ApiKey Admin:Admin, Nuget asks for username/password ("Please provide credentials for: ....").Windows Server 2008, ProGet Express Edition Version 3.1.0 (Build 8), SQL Express, Integrated Web Server.
Thank you!
-
Serge,
If you want unauthenticated users (i.e. anonymous users) able to publish packages, then you need to grant the Feeds_AddPackage privilege.
The API Key always sits on top of authentication. So, grant to anonymous, then configure a key.
-
The issue is that before nuget publishes a package, it goes to the feed source without authentication with GET. This fails with 401 and nuget starts asking credentials.
In general, this means that we must have a view feed assigned to anonymous user, which is rather unfortunate but this is the issue with nuget.exe