Connect to an Azure Artifacts feed (dotnet)

Azure DevOps Services | Azure DevOps Server | Azure DevOps Server 2022

Azure Artifacts enables developers to seamlessly publish packages to feeds and share them privately or publicly, depending on the feed’s visibility settings. This guide walks you through setting up your project and authenticating with your Azure Artifacts feed.

Prerequisites

Set up the Azure Artifacts Credential Provider

To authenticate with your feed, you must first install the Azure Credential Provider. Using the tool installer included with dotnet, you can install the credential provider from the CLI using the following command:

dotnet tool install --global Microsoft.Artifacts.CredentialProvider.NuGet.Tool

If your repository-level nuget.config is configured to use only Azure Artifacts sources, run the install command from outside that directory, or explicitly set nuget.org as the source:

dotnet tool install --global Microsoft.Artifacts.CredentialProvider.NuGet.Tool --source https://api.nuget.org/v3/index.json

Optionally, pin the tool to a major version (for example, in container images where reproducibility matters):

dotnet tool install --global Microsoft.Artifacts.CredentialProvider.NuGet.Tool --version 2.* --source https://api.nuget.org/v3/index.json

The first time you perform an operation that requires authentication, you should authenticate by either:

• Running with --interactive so dotnet can prompt you to authenticate.
• Providing credentials through environment variables (for example, in unattended scenarios).

If interactive authorization is available, navigate to your project directory and run:

dotnet restore --interactive

This command signs you in and acquires a token. After sign-in succeeds, you can run authenticated commands without --interactive until the token expires. See Session token cache locations for more details.

Connect to a feed

Authenticate using Service Principals

You can use a service principal to authenticate with your Azure Artifacts feed. To do this, set the ARTIFACTS_CREDENTIALPROVIDER_FEED_ENDPOINTS environment variable as shown below.

This variable should define the feed URL, the service principal’s application (client) ID, and either the certificate subject name or the path to the certificate file (only one of these two is required).

$env:ARTIFACTS_CREDENTIALPROVIDER_FEED_ENDPOINTS = @'{
    "endpointCredentials": [
        {
            "endpoint": "<FEED_URL>",
            "clientId": "<SERVICE_PRINCIPAL_APPLICATION_(CLIENT)_ID>",
            "clientCertificateSubjectName": "<SERVICE_PRINCIPAL_CERTIFICATE_NAME>",
            "clientCertificateFilePath": "<SERVICE_PRINCIPAL_CERTIFICATE_PATH>"
        }
    ]
}
'@

export ARTIFACTS_CREDENTIALPROVIDER_FEED_ENDPOINTS='{
    "endpointCredentials": [
        {
            "endpoint": "<FEED_URL>",
            "clientId": "<SERVICE_PRINCIPAL_APPLICATION_(CLIENT)_ID>",
            "clientCertificateSubjectName": "<SERVICE_PRINCIPAL_CERTIFICATE_NAME>",
            "clientCertificateFilePath": "<SERVICE_PRINCIPAL_CERTIFICATE_PATH>"
        }
    ]
}'

Related content

• Publish NuGet packages (dotnet)

• Restore NuGet packages (dotnet)

• Publish NuGet packages with Azure Pipelines (YAML/Classic)