search

microsoft / artifacts-credprovider

The Azure Artifacts Credential Provider enables dotnet, NuGet.exe, and MSBuild to interactively acquire credentials for Azure Artifacts feeds.
MIT License
767 stars 706 forks source link

CredProvider not caching AzureDevops token #290

Closed levimatheri closed 2 years ago

levimatheri commented 2 years ago

I'm trying to install a dotnet template package from a private NuGet feed in Azure Devops. I would think once I run with --interactive flag, the PAT should be cached and not needed for subsequent installations until the token expires. However I keep getting this error if I run without the --interactive flag:

[NuGet Manager] [Warning] The plugin credential provider could not acquire credentials. Authentication may require manual action. Consider re-running the command with --interactive for `dotnet`, /p:NuGetInteractive="true" for MSBuild or removing the -NonInteractive switch for `NuGet`
Error: Failed to read package information from NuGet source https://ITPayerApplications.pkgs.visualstudio.com/_packaging/upmc-healthplan-nuget/nuget/v3/index.json.
Warning: HealthPlan.Microservice.ProjectTemplates is not found in NuGet feeds https://api.nuget.org/v3/index.json, https://ITPayerApplications.pkgs.visualstudio.com/_packaging/upmc-healthplan-nuget/nuget/v3/index.json, C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\.
HealthPlan.Microservice.ProjectTemplates could not be installed, the package does not exist.

I ran CredentialProvider.Microsoft.exe -I -V Verbose -U "<NUGET FEED URL>" and got the following error with stack trace:

[Verbose] [CredentialProvider]Running in stand-alone mode
[Verbose] [CredentialProvider]Command-line v0.1.28+103227dd070f2b048ce0ae9bc259f12d509d85e2: "C:\Users\muriukilm\.nuget\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe" -I -V Verbose -U <NUGET FEED URL>
[Verbose] [CredentialProvider]Handling auth request, Uri: <NUGET FEED URL>, IsRetry: True, IsNonInteractive: False, CanShowDialog: False
[Verbose] [CredentialProvider]URI: <NUGET FEED URL>
[Verbose] [CredentialProvider]VstsBuildTaskServiceEndpointCredentialProvider - This credential provider must be run under the Team Build tasks for NuGet with external endpoint credentials. Appropriate environment variable needs to be set.
[Verbose] [CredentialProvider]Skipping NuGetCredentialProvider.CredentialProviders.VstsBuildTaskServiceEndpoint.VstsBuildTaskServiceEndpointCredentialProvider, cannot provide credentials for <NUGET FEED URL>
[Verbose] [CredentialProvider]VstsBuildTaskCredentialProvider - This credential provider must be run under the Team Build tasks for NuGet. Appropriate environment variables must be set.
[Verbose] [CredentialProvider]Skipping NuGetCredentialProvider.CredentialProviders.VstsBuildTask.VstsBuildTaskCredentialProvider, cannot provide credentials for <NUGET FEED URL>
[Verbose] [CredentialProvider]VstsCredentialProvider - Matched well-known Azure DevOps Service hostname: itpayerapplications.pkgs.visualstudio.com
[Verbose] [CredentialProvider]Using NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider to try to get credentials for <NUGET FEED URL>.
[Verbose] [CredentialProvider]IsRetry: True
[Verbose] [CredentialProvider]Invalidating SessionToken cache for <NUGET FEED URL>
[Verbose] [CredentialProvider]GET <NUGET FEED URL>
[Verbose] [CredentialProvider]Found AAD Authority from 401 headers: https://login.windows.net/8b3dd73e-4e72-4679-b191-56da1588712b
[Verbose] [CredentialProvider]VstsCredentialProvider - Using AAD authority: https://login.windows.net/8b3dd73e-4e72-4679-b191-56da1588712b
[Verbose] [CredentialProvider]VstsCredentialProvider - Not running bearer token provider 'Msal Cache'
[Verbose] [CredentialProvider]VstsCredentialProvider - Attempting to acquire bearer token using provider 'Msal Windows Integrated Authentication'
[Verbose] [CredentialProvider]VstsCredentialProvider - Bearer token provider 'Msal Windows Integrated Authentication' failed with exception:\nMSAL.Desktop.4.32.1.0.MsalClientException:
        ErrorCode: wstrust_endpoint_not_found
Microsoft.Identity.Client.MsalClientException: WS-Trust endpoint not found in metadata document.
   at Microsoft.Identity.Client.WsTrust.CommonNonInteractiveHandler.<PerformWsTrustMexExchangeAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.IntegratedWindowsAuthRequest.<FetchAssertionFromWsTrustAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.IntegratedWindowsAuthRequest.<ExecuteAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at NuGetCredentialProvider.CredentialProviders.Vsts.MsalTokenProvider.<AcquireTokenWithWindowsIntegratedAuth>d__16.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\MSAL\MsalTokenProvider.cs:line 156
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at NuGetCredentialProvider.CredentialProviders.Vsts.MsalTokenProvider.<AcquireTokenWithWindowsIntegratedAuth>d__16.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\MSAL\MsalTokenProvider.cs:line 172
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at NuGetCredentialProvider.CredentialProviders.Vsts.MsalWindowsIntegratedAuthBearerTokenProvider.<GetTokenAsync>d__8.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\MSAL\MsalBearerTokenProviders.cs:line 58
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider.<HandleRequestAsync>d__8.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\VstsCredentialProvider.cs:line 117
[Verbose] [CredentialProvider]VstsCredentialProvider - Not running bearer token provider 'Msal UI'
[Verbose] [CredentialProvider]VstsCredentialProvider - Attempting to acquire bearer token using provider 'Msal Device Code'
[Minimal] [CredentialProvider]DeviceFlow: <NUGET FEED URL>
[Minimal] [CredentialProvider]ATTENTION: User interaction required.

Any ideas??

github-actions[bot] commented 2 years ago

In order to consolidate to fewer feedback channels, we've moved suggestions and issue reporting to Developer Community.

Hjaltesorgenfrei commented 2 years ago

I'm having the same issue when running under dotnet 6, but it works with dotnet 3.1

levimatheri commented 2 years ago

@Hjaltesorgenfrei Works with dotnet 5 too

craigktreasure commented 2 years ago

Anyone have a link to this issue in Developer Community? I'm having a hard time finding it.

Hjaltesorgenfrei commented 2 years ago

@craigktreasure This one is related: https://developercommunity.visualstudio.com/t/Artifacts-Credentials-Provider-still-run/1530280?space=21 And this one: https://developercommunity.visualstudio.com/t/dotnet-restore---interactive:-Infinite-a/1459952?space=21

But they are closing the issues over there because it is not related to Visual Studio

craigktreasure commented 2 years ago

Thanks for the links. So, they're kicking issues to another site and closing them because they're not related. That's too bad.

maxpower720 commented 1 year ago

This definitely feels like we're Milton Waddams in Office Space right now trying to resolve our missing paycheck, getting kicked between the same two departments and nobody wants to take responsibility for it. I guess my fastest way to resolution might be to fork a new branch and attempt to fix it myself.