Authentication dialog after upgrading to 2.0

Topics: General
Jun 20, 2012 at 11:46 PM

I upgraded to 2.0 today and now when I try to view my internal NuGet servers I am prompted to login.  No credentials seem to work.  Are server changes required to support the 2.0 client?

Developer
Jun 20, 2012 at 11:56 PM

Do you think you could get us Fiddler traces for this? We changed a couple of things with our proxy \ feed authentication and it might have messed up something.

Jun 21, 2012 at 12:37 AM

GET http://ccpadststgen733/shrrep/nuget HTTP/1.0
User-Agent: NuGet/2.0.30619.9119 (Microsoft Windows NT 6.1.7601 Service Pack 1)
Host: ccpadststgen733


HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Wed, 20 Jun 2012 23:33:59 GMT
Connection: close
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>

Developer
Jun 21, 2012 at 1:14 AM

Making sure - does this repro with an older NuGet? For instance could you run

.\nuget.exe install NuGet.CommandLine -Version 1.8.40002

.\NuGet.CommandLine.40002\tools\nuget.exe list -Source http://ccpadststgen733/shrrep/nuget 

If so, are there any other requests that precede or succeed this? This shouldn't be the only one.

Jun 21, 2012 at 1:21 AM

Here is full session (with negotiation content stripped):

 

GET /ExtRep/nuget HTTP/1.0
User-Agent: NuGet/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Host: hostname123

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 21 Jun 2012 00:08:50 GMT
Connection: close
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

------------------------------------------------------------------
GET /ExtRep/nuget HTTP/1.0
User-Agent: NuGet/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Authorization: Negotiate ...
Host: hostname123

HTTP/1.1 307 Temporary Redirect
Cache-Control: private
Content-Length: 1841
Content-Type: text/html; charset=UTF-8
Location: http://hostname123/ExtRep/nuget/
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: false
X-Powered-By: ASP.NET
WWW-Authenticate: Negotiate ...
Date: Thu, 21 Jun 2012 00:08:54 GMT
Connection: close

------------------------------------------------------------------
GET /ExtRep/nuget/ HTTP/1.0
User-Agent: NuGet/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Host: hostname123

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 21 Jun 2012 00:08:54 GMT
Connection: close
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

------------------------------------------------------------------
GET /ExtRep/nuget/ HTTP/1.0
User-Agent: NuGet/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Authorization: Negotiate ...
Host: hostname123

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 404
Content-Type: application/xml;charset=utf-8
Server: Microsoft-IIS/7.5
DataServiceVersion: 1.0;
X-AspNet-Version: 4.0.30319
Persistent-Auth: false
X-Powered-By: ASP.NET
WWW-Authenticate: Negotiate ...
Date: Thu, 21 Jun 2012 00:08:56 GMT
Connection: close

------------------------------------------------------------------
GET /ExtRep/nuget/$metadata HTTP/1.0
User-Agent: NuGet/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Host: hostname123

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 21 Jun 2012 00:08:56 GMT
Connection: close
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

------------------------------------------------------------------
GET /ExtRep/nuget/$metadata HTTP/1.0
User-Agent: NuGet/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Host: hostname123

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 21 Jun 2012 00:09:20 GMT
Connection: close
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

------------------------------------------------------------------
GET /ExtRep/nuget/$metadata HTTP/1.0
User-Agent: NuGet/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Authorization: Negotiate ...
Host: hostname123

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 3332
Content-Type: application/xml;charset=utf-8
Server: Microsoft-IIS/7.5
DataServiceVersion: 2.0;
X-AspNet-Version: 4.0.30319
Persistent-Auth: false
X-Powered-By: ASP.NET
WWW-Authenticate: Negotiate ...
Date: Thu, 21 Jun 2012 00:09:20 GMT
Connection: close

------------------------------------------------------------------
GET /ExtRep/nuget/Search()/$count?$filter=IsLatestVersion&searchTerm=''&targetFramework='net40-Client'&includePrerelease=false HTTP/1.1
DataServiceVersion: 2.0;NetFx
MaxDataServiceVersion: 2.0;NetFx
User-Agent: NuGet Add Package Dialog/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Accept-Charset: UTF-8
Accept: text/plain
Host: hostname123
Accept-Encoding: gzip, deflate

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 21 Jun 2012 00:09:20 GMT
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

------------------------------------------------------------------
GET /ExtRep/nuget/Search()/$count?$filter=IsLatestVersion&searchTerm=''&targetFramework='net40-Client'&includePrerelease=false HTTP/1.1
DataServiceVersion: 2.0;NetFx
MaxDataServiceVersion: 2.0;NetFx
User-Agent: NuGet Add Package Dialog/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Accept-Charset: UTF-8
Accept: text/plain
Accept-Encoding: gzip, deflate,gzip, deflate
Authorization: Negotiate ...
Host: hostname123

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 2
Content-Type: text/plain;charset=utf-8
Server: Microsoft-IIS/7.5
DataServiceVersion: 2.0;
X-AspNet-Version: 4.0.30319
Persistent-Auth: false
X-Powered-By: ASP.NET
WWW-Authenticate: Negotiate ...
Date: Thu, 21 Jun 2012 00:09:25 GMT

------------------------------------------------------------------
GET /ExtRep/nuget/Search()?$filter=IsLatestVersion&$orderby=DownloadCount%20desc,Id&$skip=0&$top=30&searchTerm=''&targetFramework='net40-Client'&includePrerelease=false HTTP/1.1
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 2.0;NetFx
User-Agent: NuGet Add Package Dialog/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Accept: application/atom+xml,application/xml
Accept-Charset: UTF-8
Host: hostname123
Accept-Encoding: gzip, deflate

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 21 Jun 2012 00:09:25 GMT
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

------------------------------------------------------------------
GET /ExtRep/nuget/Search()?$filter=IsLatestVersion&$orderby=DownloadCount%20desc,Id&$skip=0&$top=30&searchTerm=''&targetFramework='net40-Client'&includePrerelease=false HTTP/1.1
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 2.0;NetFx
User-Agent: NuGet Add Package Dialog/2.0.30619.9119 (Microsoft Windows NT 6.1.7600.0)
Accept: application/atom+xml,application/xml
Accept-Charset: UTF-8
Accept-Encoding: gzip, deflate,gzip, deflate
Authorization: Negotiate ...
Host: hostname123

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 71821
Content-Type: application/atom+xml;charset=utf-8
Server: Microsoft-IIS/7.5
DataServiceVersion: 2.0;
X-AspNet-Version: 4.0.30319
Persistent-Auth: false
X-Powered-By: ASP.NET
WWW-Authenticate: Negotiate ...
Date: Thu, 21 Jun 2012 00:09:25 GMT

------------------------------------------------------------------

Jun 21, 2012 at 1:25 AM

This is from same server that SlackJaw mentioned above. It works for me when I type my domain credentials. Is it possible to reuse current user identity without showing popup?  Also, I have to retype credentials every time I restart VS. Credentials are reused only within one session. Is this expected behavior?

Developer
Jun 21, 2012 at 4:47 PM

@ivho, confirming - this is a regression from the older version of NuGet. Is this correct? Secondly, do you perchance have an environment variable named HTTP_PROXY set up?

Developer
Jun 21, 2012 at 4:49 PM

Nevermind. I think something's broken in 2.0. Other people are reporting this issue - http://nuget.codeplex.com/workitem/2359

Jul 19, 2012 at 6:40 AM

This also looks related to the 404 Not Found issue people have been seeing when attempting to push to a server.