Authenticating feeds in Visual Studio with NuGet credential providers
The NuGet Visual Studio Extension 3.6+ supports credential providers, which enable NuGet to work with authenticated feeds. After you install a NuGet credential provider for Visual Studio, the NuGet Visual Studio extension will automatically acquire and refresh credentials for authenticated feeds as necessary.
A sample implementation can be found in the VsCredentialProvider sample.
Within Visual Studio, NuGet uses an internal VsCredentialProviderImporter which also scans for plug-in credential providers. These plug-in credential providers must be discoverable as a MEF Export of type IVsCredentialProvider.
Starting with 4.8+ NuGet in Visual Studio supports the new cross platform authentication plugins as well, but they are not the recommended approach for performance reasons.
Note
NuGet credential providers for Visual Studio must be installed as a regular Visual Studio extension and will require Visual Studio 2017 or above.
NuGet credential providers for Visual Studio work only in Visual Studio (not in dotnet restore or nuget.exe). For credential providers with nuget.exe, see nuget.exe Credential Providers. For credential providers in dotnet and msbuild see NuGet cross platform plugins
Creating a NuGet credential provider for Visual Studio
The NuGet Visual Studio Extension 3.6+ implements an internal CredentialService that is used to acquire credentials. The CredentialService has a list of built-in and plug-in credential providers. Each provider is tried sequentially until credentials are acquired.
During credential acquisition, the credential service will try credential providers in the following order, stopping as soon as credentials are acquired:
- Credentials will be fetched from NuGet configuration files (using the built-in
SettingsCredentialProvider). - If the package source is on Visual Studio Team Services, the
VisualStudioAccountProviderwill be used. - All other plug-in Visual Studio credential providers will be tried sequentially.
- Try to use all NuGet cross platform credential providers sequentially.
- If no credentials have been acquired yet, the user will be prompted for credentials using a standard basic authentication dialog.
Implementing IVsCredentialProvider.GetCredentialsAsync
To create a NuGet credential provider for Visual Studio, create a Visual Studio Extension that exposes a public MEF Export implementing the IVsCredentialProvider type, and adheres to the principles outlined below.
public interface IVsCredentialProvider
{
Task<ICredentials> GetCredentialsAsync(
Uri uri,
IWebProxy proxy,
bool isProxyRequest,
bool isRetry,
bool nonInteractive,
CancellationToken cancellationToken);
}
A sample implementation can be found in the VsCredentialProvider sample.
Each NuGet credential provider for Visual Studio must:
- Determine whether it can provide credentials for the targeted URI before initiating credential acquisition. If the provider cannot supply credentials for the targeted source, then it should return
null. - If the provider does handle requests for the targeted URI, but cannot supply credentials, an exception should be thrown.
A custom NuGet credential provider for Visual Studio must implement the IVsCredentialProvider interface available in the NuGet.VisualStudio package.
GetCredentialAsync
| Input Parameter | Description |
|---|---|
| Uri uri | The package source Uri for which credentials are being requested. |
| IWebProxy proxy | Web proxy to use when communicating on the network. Null if there is no proxy authentication configured. |
| bool isProxyRequest | True if this request is to get proxy authentication credentials. If the implementation is not valid for acquiring proxy credentials, then null should be returned. |
| bool isRetry | True if credentials were previously requested for this Uri, but the supplied credentials did not allow authorized access. |
| bool nonInteractive | If true, the credential provider must suppress all user prompts and use default values instead. |
| CancellationToken cancellationToken | This cancellation token should be checked to determine if the operation requesting credentials has been cancelled. |
Return value: A credentials object implementing the System.Net.ICredentials interface.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for