[release/10.0.2xx] Fix dnx not authenticating for private feeds#53778
Open
github-actions[bot] wants to merge 3 commits intorelease/10.0.2xxfrom
Open
[release/10.0.2xx] Fix dnx not authenticating for private feeds#53778github-actions[bot] wants to merge 3 commits intorelease/10.0.2xxfrom
github-actions[bot] wants to merge 3 commits intorelease/10.0.2xxfrom
Conversation
github-actions
bot
added
the
backport
Member
|
/ba-g known issue with missing .net framework VS assets on the new build images |
Member
|
/ba-g refresh status now that new known issues are logged correctly |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #53322 to release/10.0.2xx
/cc @baronfel @robertcoltheart
Fixes #51375
Customer Issue
dotnet tool exec/dnxfails with401 Unauthorizedwhen executing tools from authenticated private NuGet feeds (e.g. GitHub Packages, Azure Artifacts), even when credentials are correctly configured inNuGet.configor via environment variables. The same credentials work correctly withdotnet tool installagainst the same feed. The only workaround is to install the tool globally first and then invoke it directly, which defeats the purpose of ad-hoc tool execution. This affects any user who usesdnxordotnet tool execwith a private authenticated source.Description
When resolving packages for
dnx/dotnet tool exec, the code was constructing and passing the raw source URL as an override source (equivalent to passing--source https://...on the command line). This bypasses the credential association stored inNuGet.configfor that named source, causing authentication to fail on subsequent requests. The fix passes the named source entry fromNuGet.configinstead, preserving the credential binding throughout the download operation. The change is minimal and limited to the dnx execution path.Was this a regression?
Testing
Covered by the existing test suite validated in the original PR (#53322). Manual testing by contributor on internal private repos. Ongoing discussion with NuGet team about ways to mimic authenticated feeds for automated testing.
Risk
Low. The change is narrowly scoped to how the NuGet source is identified during
dnx/dotnet tool execpackage resolution. It only affects users with named authenticated sources, and restores the behavior that already works correctly indotnet tool install.