How to use Authenticated NuGet Feeds

  Subscribe
7/17/2019 - Marco von Ballmoos

Much of Encodo's infrastructure is now housed in Azure. Each employee has an account in Azure.

From Visual Studio

Because users are already authenticated in Visual Studio (to register it), they will be able to access Azure NuGet feeds through Visual Studio without any further intervention. You can restore/install/update without providing any additional credentials.

From the Command Line

As of today, access to Azure Feeds from the command line is granted only if you provide credentials with the source.

Sources created in the Visual Studio UI do not include credentials.

Solutions that include sources in a NuGet.config do not have credentials (because they are stored in the repository).

Therefore, you must register a NuGet source with authentication for Azure for your user.

Personal Nuget.Config

You can find your NuGet.config in your roaming profile on Windows, at C:\Users\<username>\AppData\Roaming\NuGet\NuGet.Config.

Instead of editing the file directly, use the NuGet command line to add an authenticated source.

Create a Personal Access Token (PAT)

You cannot just use your username/password to create an authenticated source. Instead, you have to use a PAT.

Follow the instructions below to create a PAT for your Azure account.

  • Log in to Azure
  • From the user settings (top-right), select Security
  • Select "Personal access tokens" in the list on the left
  • Press the "New Token" button at the top-left of the list
  • Name it NuGet Feed Access
  • Leave the organization at the default (encodo for employees)
  • Set the expiration to something reasonable.
    • 90 days is probably OK.
    • You can choose up to a year.
    • You can update the expiration date at a later time.
  • Select Custom defined for Scopes
  • Click the "Show all scopes" link at the bottom of the dialog (above the "Create" button)
  • Scroll down to "Packaging" and select "Read"
  • Press "Create" to add the token
  • Copy the token immediately. It will never be shown again.
  • Store the token somewhere safe (a password manager is a good idea). If you forget it, you'll have to regenerate the token.

Some extra tips:

  • Set up a reminder in your calendar for when your PAT is about to expire
  • You can change the expiration date for the token even after you've created it

Add an Authenticated NuGet Source

Now you can set up a NuGet source for your user.

Execute the following command, replacing the bracketed arguments as follows:

  • <username>: your own user name (e.g. <bob@encodo.ch>)
  • <PAT> the PAT you generated above
  • Change the URL for a feed other than Quino
nuget sources add -Name "Azure (Authenticated)" -Source https://encodo.pkgs.visualstudio.com/_packaging/Quino/nuget/v3/index.json -UserName <username> -Password <PAT>

Sign up for our Newsletter