Blog

Solve 401 (Unauthorized) error when restoring packages using VSTS Package Management and .NET Core

by Marco Mansi
26 Dec, 2016
Uncategorized

For the quick answer jump directly to the conclusion

Yesterday I was setting up the build for an ASP .NET Core (Web API) application I wrote, this application was using a package from the VSTS Package Management repository.
To setup this build I was using the new dotnet Core tooling (in preview) which is available when creating a new Build Definition:


The build task was like this:

As I said before my application was using a package hosted in the VSTS Package Manager Repository, so I added a Nuget.config file in the folder containing the project dependent on that package with the package sources defined in it:

And then I started the build.
Unfortunately I got a 401 (Unauthorized) error during the package restore:

The message is clear, the task was unable to authenticate to the VSTS Package Management Repository.
To solve the problem I thought it was just a matter to generate a PAT (Personal Access Token) and save it in the Nuget.config previously created.
But according to the Microsoft documentation the NET Core’s dotnet restore command doesn’t currently support encrypted credentials, so I will need to specify a Personal Access Token in plain text.
Really? I mean, really!?!?
I don’t want to do that. I don’t want to save passwords, tokens etc..of any kind in clear text and in source control!
Fortunately reading further ahead I saw this lines:

Note that as of NuGet 3.4.0, the nuget restore command can be used in place of the dotnet restore command. nuget restore works with any of the auth mechanisms outlined on this page.

So I replaced the .NET Core Restore Task with the Nuget Restore Task and restarted the build:

As you can see the Restore Task seems to be working now, but the build Task is failing now:

It seems to be that the package restore for .NET Core isn’t working well.
But wait a moment, the documentation said starting from Nuget 3.4.0 the Nuget could be used, but if we look at the Restore Task log we see that nuget 3.3.o is being used.
Let’s take a look in the advanced options of the Nuget Task:

Here we can select a version higher than 3.3.0 and even higher than 3.4.0, let’s give it a try!

Now if I start the build again, it will work smoothly, problem solved:

Conclusion

The easiest way to solve this problem is to replace the .NET Core Restore task and use the Nuget Restore task and to set the version to 3.5.0 – build 1938 (rc2) in the advanced properties.

by Marco Mansi
Hi! Focus and dedication to everything that has to do with technology and, most of all, software development and architecture is what describes me. I’m curious and interested in everything that is new and I seek to understand the more quickly the potential and the ability to implement these technologies in the real world. I love open source and I think that sharing knowledge is the key to make better things, everywhere. Marco is the co-founder of the Dutch Azure Meetup, a series of meetings to share Azure knowledge using a hands-on approach.

Explore related posts