Using Authenticated Nuget Feeds from WSL

So, you have a dotnet project that you used to develop on Windows. And now you want to see how it’ll work on Linux via WSL. Just type dotnet run and that’s it, right? Yes, but no. In case you have a Nuget feed that uses authentication (e.g. at work) you’ll need to work around it for a bit.

The Authentication Config

You can find the basics of Nuget authentication in the official docs:

• Consuming packages from authenticated feeds | Microsoft Learn
• nuget.config File Reference | Microsoft Learn

Here we’ll see how to properly apply this knowledge for your own good.

Enabling the Auth

If your feed is hosted under Azure DevOps (ADO) which is pretty much possible, you’ll probably want to use a Personal Access Token (PAT) rather than your password. The only permission for the token that you need is to read packages.

Why So Difficult

No idea. I tried different ways of restoring packages from an authenticated feed, and nothing worked, including the dotnet restore --interactive.

In the example below note the ValidAuthenticationTypes section. It must be exactly this: basic,negotiate. This way the package server will accept your PAT and will return the packages.

The security risk is obvious: don’t keep your passwords or tokens in plain text. How to do so is written in the official docs and I’m leaving it as an exercise for the reader.

Example

<?xml version="1.0" encoding="utf-8"?>
<configuration>[nuget-auth](nuget-auth.md)
  <packageSources>
    <clear />
    <!-- NOT a real Nuget feed -->
    <add key="emopack" value="https://nuget.emocoder.xyz/feed/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <emopack>
      <add key="Username" value="" />
      <add key="ClearTextPassword" value="" />
      <add key="ValidAuthenticationTypes" value="basic,negotiate" />
    </emopack>
  </packageSourceCredentials>
</configuration>