visual-studioiisnuget-packagehttp-status-code-403nuget-server

Visual Studio 2015/2017 local NuGet feed HTTP 403


We've created a local NuGet feed with Nuget.Server. It is a simple ASP.NET application that is hosted on an IIS web server that is part of our local company network.

The url of the feed looks like this:

https://abc.company.com/packages/nuget

The ISS authentication is enabled as followed:

enter image description here

The .NET authrization looks like this:

enter image description here If I call the above mentioned feed url with Postman or Fiddler I get the following response:

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<service xml:base="https://abc.company.com/packages/nuget/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns="http://www.w3.org/2007/app">
    <workspace>
        <atom:title>Default</atom:title>
        <collection href="Packages">
            <atom:title>Packages</atom:title>
        </collection>
    </workspace>
</service>

If I now add the URL in the Visual Studio NuGet package sources: enter image description here and then choose the newly created package source the following screen appears where I enter my domain credentials (domain\user), but nothing happens:

enter image description here

As described before, when I access the site with any Browser (IE, Chrome, Edge) I don't have to enter my credentials and Fiddler/Postman do also not require any credentials.

On the VS PackageManager Output I get the following error message:

[Local] The V2 feed at 'https://abc.company.com/packages/nuget/Search()?$filter=IsAbsoluteLatestVersion&searchTerm=''&targetFramework='net462'&includePrerelease=true&$skip=0&$top=26' returned an unexpected status code '403 Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.  )'.

When I call this URL with a browser I don't get any errors.

What is wrong in this setup?


Solution

  • The problem was caused by our company proxy, that was also taken into account when opening internal sites. So I've added the following environment variable:

    NO_PROXY
    

    as value I've added the company internal domain:

    NO_PROXY = "abc.company.com"
    

    No it works locally and on our build agents.