Open nkolev92 opened 1 year ago
zivkan
commented
1 year ago More or less a duplicate of https://github.com/NuGet/Home/issues/11600. If there are differences between the two issues, I think they can be exaplained as a comment, rather than a new issue.
zivkan
commented
1 year ago Apologies to @nkolev92. In the end I'm going to create an epic to track several different work items, as the implementation is becoming more complex, and this ("sub")feature request has different challenges that other parts of the feature.
NuGet Product(s) Involved
NuGet.exe, Visual Studio Package Management UI, MSBuild.exe, dotnet.exe
The Elevator Pitch
Today, the NuGet tooling relies on a 401 challenge to understand whether a source needs auth. This adds a roundtrip for a few of the urls hit the client.
It would be nice, if NuGet would just try to acquire credentials for certain feeds as marked by the user.
This would mean no wasted requests and allow for the source to cleanly know the difference between an authenticated and unauthenticated user from the onset and maybe build some experiences of off that.
Additional Context and Details
The behavior today, only as needed works great when a feed is either fully public, no 401 challenges, or fully private, 401 challenge on every url, but it's not really smooth for sources that may for example be only partially public.
When I'm calling the source public/private, I'm only referring to the restore side. Push tends to require authn even on feeds that are public for restore.