Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NuGet v3.2 does not negotiate Kerberos, but only for restore and only for project.json references #1551

Closed
mababey opened this issue Oct 10, 2015 · 1 comment
Closed

NuGet v3.2 does not negotiate Kerberos, but only for restore and only for project.json references #1551

mababey opened this issue Oct 10, 2015 · 1 comment
Assignees
@feiling
Labels
Priority:1 High priority issues that must be resolved in the current sprint. Type:Bug
Milestone
3.3.0

Comments

@mababey
Copy link

mababey commented Oct 10, 2015

I was catching up with this thread: #456, but the discussion revolved around basic auth. I’m seeing issues with Windows Integrated Auth.

We have a UWP app we’re trying to migrate from VS2015 RC to RTM. For the RC, using packages.config and NuGet v3.0, there’s no problem installing packages from our intranet server for third-party components, let's call it http://internal/nuget/. This works on the MSBuild hooks whether running in the IDE, or invoking MSBuild directly on the command line. http://internal is joined to an internal AD domain, has NTLM and ASP.NET impersonation enabled, and anonymous access disabled.

For RTM, we have to move to project.json, which means we also have to invoke restore “manually” for command line builds, which means we need NuGet client v3.2. I see two things:
• In the IDE, I get spammed with auth prompts by the VSIX. (If I enter credentials, the build succeeds, otherwise packages are not downloaded.)
• On the command-line, it just gives up with a bunch of errors, “Please provide credentials for: http://internal/nuget/” and “Cannot prompt for input in non-interactive mode.”

But this is the same server for which we never had to enter credentials, resolving many of the same packages.

What’s even more bizarre, is that if, everything else being identical, I run two consecutive “nuget restore” operations, where one targets a solution that has all packages.config based projects, and the other solution has a mix of packages.config/project.json, the pure packages.config approach works.

In the working pattern, the first request is anonymous and results in a 401 status, and is followed by a request with a Kerberos ticket in the authorization header which results in a 200 status. In the failing pattern, after the 401 it just quits.

So it seems to boil down to the new code added to handle project.json references not negotiating NTLM.

This is all running on the latest Visual Studio 2015, with the .NET 1.1 tools update, and the latest NuGet extension in the IDE, and the latest NuGet.exe downloaded from nuget.org. The machine is joined to the same domain as http://internal/nuget, and I'm logged in with a domain user account.
@yishaigalatzer yishaigalatzer added this to the 3.3.0-Beta milestone Oct 12, 2015
@yishaigalatzer yishaigalatzer added Priority:1 High priority issues that must be resolved in the current sprint. Type:Bug labels Oct 12, 2015
@feiling
Copy link

feiling commented Oct 21, 2015

Fixed. NuGet/NuGet.Client@1e93f02

@feiling feiling closed this as completed Oct 21, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@feiling feiling

Labels
Priority:1 High priority issues that must be resolved in the current sprint. Type:Bug
Projects
None yet
Milestone
3.3.0
Development

No branches or pull requests
3 participants
@yishaigalatzer @feiling @mababey