Rider keeps my prompting for my credentials in private nuget feeds

Hi,

we using a lot of internal nuget feeds out of azure devops in different solutions. As architect I need to switch these projects really often. Rider keeps me prompting for my credentials for every project each time I open it. At these ends, I authenticated myself again and again with the same credentials.

If I am using nuget.exe or visual studio I do not need to authenticated. And colleagues of mine also using Rider do not have this problem.

As we using SSO with Active Directory to Azure Devops and my windows account and the the account at azure devops are the same It would be nice if Rider would just take my user credentials and authenticate to the feed. Is this possible?

I already played around with the User Credential Provider settings of rider but didnt found any combination that works for me.

6
28 comments

Hi,

If you set credentials for the feed in NuGet tool window / Sources tab, can this help?

 

K.R.

Sofia

1

Hi,

thanks for your replay. Unfortunately this does not work for me, its keep prompting me the credential window.

1

Here is what the log tells me

12:39:19|     [CredentialProvider]Found AAD Authority from 401 headers: https://login.windows.net/82913d90-8716-4025-a8e8-4f8dfa42b719
12:39:19|     [CredentialProvider]VstsCredentialProvider - Using AAD authority: https://login.windows.net/82913d90-8716-4025-a8e8-4f8dfa42b719
12:39:19|     [CredentialProvider]VstsCredentialProvider - Not running bearer token provider 'ADAL Cache'
12:39:19|     [CredentialProvider]VstsCredentialProvider - Attempting to acquire bearer token using provider 'ADAL Windows Integrated Authentication'
12:39:19|     [CredentialProvider]VstsCredentialProvider - Attempting to acquire bearer token using provider 'ADAL UI'
12:39:19|     [CredentialProvider]VstsCredentialProvider - Bearer token provider 'ADAL Windows Integrated Authentication' failed with exception:\nMicrosoft.IdentityModel.Clients.ActiveDirectory.AdalException: multiple_matching_tokens_detected: The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more arguments (e.g. UserId)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache.LoadSingleItemFromCache(CacheQueryData cacheQueryData, RequestContext requestContext)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache.LoadFromCacheCommon(CacheQueryData cacheQueryData, RequestContext requestContext)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache.<LoadFromCacheAsync>d__57.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__60.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__40.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions.<AcquireTokenAsync>d__0.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei NuGetCredentialProvider.CredentialProviders.Vsts.AdalTokenProvider.<AcquireTokenWithWindowsIntegratedAuth>d__9.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\AdalTokenProvider.cs:Zeile 122.
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei NuGetCredentialProvider.CredentialProviders.Vsts.WindowsIntegratedAuthBearerTokenProvider.<GetTokenAsync>d__8.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\BearerTokenProviders.cs:Zeile 58.
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider.<HandleRequestAsync>d__8.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\VstsCredentialProvider.cs:Zeile 117.
    ErrorCode: multiple_matching_tokens_detected

0

Hi,

According to the stack above, this is very similar to the problem described here: https://stackoverflow.com/questions/32000185/multiple-matching-tokens-detected-with-adal. Could you please try the solution from https://stackoverflow.com/a/51858994/10900931? Can this help?

1

Hi,

thanks for your replay. Unfortunately this does not work for me. Here is the log:

08:12:35| Querying credential providers for: https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json (isRetry: False)
08:12:37|     [CredentialProvider.081237]Handling 'Request' 'Initialize'. Time elapsed in ms: 2 - Payload: {"ClientVersion":"6.0.0","Culture":"de-DE","RequestTimeout":"00:00:05"}
08:12:37|     [CredentialProvider.081237]Sending response: 'Request' 'Initialize'. Time elapsed in ms: 3
08:12:37|     [CredentialProvider.081237]Sending response: 'Request' 'GetOperationClaims'. Time elapsed in ms: 14
08:12:37|     [CredentialProvider.081237]Running in plug-in mode
08:12:37|     [CredentialProvider.081237]Command-line v0.1.28+103227dd070f2b048ce0ae9bc259f12d509d85e2: "C:\Users\difkubis\.nuget\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe" -Plugin
08:12:37|     [CredentialProvider.081237]Handling 'Request' 'GetOperationClaims'. Time elapsed in ms: 1 - Payload: {}
08:12:37|     [CredentialProvider.081237]Time elapsed in milliseconds after sending response 'Request' 'Initialize': 5
08:12:37|     [CredentialProvider.081237]Time elapsed in milliseconds after sending response 'Request' 'GetOperationClaims': 19
08:12:37|     [CredentialProvider.081237]Handling 'Request' 'SetLogLevel'. Time elapsed in ms: 2 - Payload: {"LogLevel":"Debug"}
08:12:37|     [CredentialProvider]Sending response: 'Request' 'SetLogLevel'. Time elapsed in ms: 3
08:12:37|     [CredentialProvider]Time elapsed in milliseconds after sending response 'Request' 'SetLogLevel': 12
08:12:37|     [CredentialProvider]Handling 'Request' 'SetCredentials'. Time elapsed in ms: 3 - Payload: {"PackageSourceRepository":"/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json"}
08:12:37|     [CredentialProvider]Sending response: 'Request' 'SetCredentials'. Time elapsed in ms: 5
08:12:37|     [CredentialProvider]Time elapsed in milliseconds after sending response 'Request' 'SetCredentials': 6
08:12:37|     [CredentialProvider]Handling 'Request' 'GetAuthenticationCredentials'. Time elapsed in ms: 3 - Payload: {"Uri":"https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json","IsRetry":false,"IsNonInteractive":false,"CanShowDialog":true}
08:12:37|     [CredentialProvider]Creating a progress reporter with interval: 00:00:02
08:12:37|     [CredentialProvider]Handling auth request, Uri: https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json, IsRetry: False, IsNonInteractive: False, CanShowDialog: True
08:12:37|     [CredentialProvider]URI: https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:37|     [CredentialProvider]VstsBuildTaskServiceEndpointCredentialProvider - This credential provider must be run under the Team Build tasks for NuGet with external endpoint credentials. Appropriate environment variable needs to be set.
08:12:37|     [CredentialProvider]Skipping NuGetCredentialProvider.CredentialProviders.VstsBuildTaskServiceEndpoint.VstsBuildTaskServiceEndpointCredentialProvider, cannot provide credentials for https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:37|     [CredentialProvider]VstsBuildTaskCredentialProvider - This credential provider must be run under the Team Build tasks for NuGet. Appropriate environment variables must be set.
08:12:37|     [CredentialProvider]Skipping NuGetCredentialProvider.CredentialProviders.VstsBuildTask.VstsBuildTaskCredentialProvider, cannot provide credentials for https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:37|     [CredentialProvider]GET https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:38|     [CredentialProvider]VstsCredentialProvider - Detected a hosted Azure DevOps Service.
08:12:38|     [CredentialProvider]Using NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider to try to get credentials for https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json.
08:12:38|     [CredentialProvider]IsRetry: False
08:12:38|     [CredentialProvider]Found cached SessionToken for https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:38|     [CredentialProvider]Sending response: 'Request' 'GetAuthenticationCredentials'. Time elapsed in ms: 706
08:12:38|     [CredentialProvider]Time elapsed in milliseconds after sending response 'Request' 'GetAuthenticationCredentials': 710
08:12:38| Querying credential providers for: https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json (isRetry: True)
08:12:38|     [CredentialProvider]Handling 'Request' 'GetAuthenticationCredentials'. Time elapsed in ms: 0 - Payload: {"Uri":"https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json","IsRetry":true,"IsNonInteractive":false,"CanShowDialog":true}
08:12:38|     [CredentialProvider]Creating a progress reporter with interval: 00:00:02
08:12:38|     [CredentialProvider]Handling auth request, Uri: https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json, IsRetry: True, IsNonInteractive: False, CanShowDialog: True
08:12:38|     [CredentialProvider]URI: https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:38|     [CredentialProvider]VstsBuildTaskServiceEndpointCredentialProvider - This credential provider must be run under the Team Build tasks for NuGet with external endpoint credentials. Appropriate environment variable needs to be set.
08:12:38|     [CredentialProvider]Skipping NuGetCredentialProvider.CredentialProviders.VstsBuildTaskServiceEndpoint.VstsBuildTaskServiceEndpointCredentialProvider, cannot provide credentials for https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:38|     [CredentialProvider]Skipping NuGetCredentialProvider.CredentialProviders.VstsBuildTask.VstsBuildTaskCredentialProvider, cannot provide credentials for https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:38|     [CredentialProvider]VstsBuildTaskCredentialProvider - This credential provider must be run under the Team Build tasks for NuGet. Appropriate environment variables must be set.
08:12:38|     [CredentialProvider]GET https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:38|     [CredentialProvider]Using NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider to try to get credentials for https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json.
08:12:38|     [CredentialProvider]VstsCredentialProvider - Detected a hosted Azure DevOps Service.
08:12:38|     [CredentialProvider]IsRetry: True
08:12:38|     [CredentialProvider]Invalidating SessionToken cache for https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:38|     [CredentialProvider]GET https://pkgs.dev.azure.com/ZEISSgroup-SMT/50_NGCM_Algorithmen/_packaging/NGCM_Algo/nuget/v3/index.json
08:12:39|     [CredentialProvider]Found AAD Authority from 401 headers: https://login.windows.net/82913d90-8716-4025-a8e8-4f8dfa42b719
08:12:39|     [CredentialProvider]VstsCredentialProvider - Using AAD authority: https://login.windows.net/82913d90-8716-4025-a8e8-4f8dfa42b719
08:12:39|     [CredentialProvider]VstsCredentialProvider - Not running bearer token provider 'ADAL Cache'
08:12:39|     [CredentialProvider]VstsCredentialProvider - Attempting to acquire bearer token using provider 'ADAL Windows Integrated Authentication'
08:12:39|     [CredentialProvider]VstsCredentialProvider - Bearer token provider 'ADAL Windows Integrated Authentication' failed with exception:\nMicrosoft.IdentityModel.Clients.ActiveDirectory.AdalException: multiple_matching_tokens_detected: The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more arguments (e.g. UserId)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache.LoadSingleItemFromCache(CacheQueryData cacheQueryData, RequestContext requestContext)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache.LoadFromCacheCommon(CacheQueryData cacheQueryData, RequestContext requestContext)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache.<LoadFromCacheAsync>d__57.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__60.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__40.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions.<AcquireTokenAsync>d__0.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei NuGetCredentialProvider.CredentialProviders.Vsts.AdalTokenProvider.<AcquireTokenWithWindowsIntegratedAuth>d__9.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\AdalTokenProvider.cs:Zeile 122.
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei NuGetCredentialProvider.CredentialProviders.Vsts.WindowsIntegratedAuthBearerTokenProvider.<GetTokenAsync>d__8.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\BearerTokenProviders.cs:Zeile 58.
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider.<HandleRequestAsync>d__8.MoveNext() in E:\A\_work\1091\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\VstsCredentialProvider.cs:Zeile 117.
    ErrorCode: multiple_matching_tokens_detected

0

Hello,

Thank you for keeping me posted on the results.

Let's try clearing Rider's caches then. It can be done via `File | Invalidate Caches ` menu. Can this help?

K.R.

Sofia

 

3

Also, please try to clear session token cache from: %UserProfile%\AppData\Local\MicrosoftCredentialProvider.

0

Sorry for my late reply, I was on holiday.

This seems to fix the problem. Thank you.

 

 

0

I have the same problem. It have worked for months, but after upgrading to 2023.1 I get the "VSTS Device Code Authentication". It seems to work with the above suggestions, but after restarting Rider it comes back. 

0

Thanks for the feedback and great that you are working on it!

0

I have this aswell, have always had lots of problems with nuget feeds in Rider, while cli (dotnet restore) and visual studio always worked straight out of the box.

Which of the solutions did work for you?

0

I downgraded to the previous version.

0

Hi, there is a private build available with a fix.

https://youtrack.jetbrains.com/issue/RIDER-91953/Rider-keeps-showing-me-the-VSTS-Device-Code-Authentication-dialog-and-fails-to-get-token#focus=Comments-27-7264704.0-0

We would appreciate if you try it and let us know about the results.

Thank you in advance.

0

With the EAP I get a lot of error report prompts which I have sent. I needed to do the vsts devicelogin with code a few times, I could fetch nuget info but cannot upgrade a package, getting this error: 

0

@Mattias Örtenblad,

Is it still an issue in the latest 2023.1.1? Could you please give it a try and if you experience Package restore failed, then please create a separate issue on YouTrack for that and attach all the logs (collected with menu Help | Collect Logs).

Thank you.

0

The 2023.1.1 version does not solve this issue. But waht is worse, after installing update to 2023.1.1 i totaly lost ability to run older version of rider.
Going to uninstall and try to look for older version installer.

0

Hello Byps128,

We are sorry to hear that installing Rider 2023.1.1 didn't help you. It is likely the issue you face has a different rootcause and needs a dedicated investigation.

If you wish and have an opportunity to reproduce the issue one more time, we would appreciate it if you could do the following:

  • Enable NuGet* trace scenarios via Help | Diagnostic Tools | Choose Trace Scenarios;
  • Reproduce the issue. It would be brilliant if you could record a screencast that demonstrates the problem;
  • Collect logs via Help | Collect Logs;
  • Disable the trace scenarios you enabled;
  • Submit support ticket via Help | Contact Support and attach the screencast together with archive generated to it.

So that we could investigate and troubleshoot your case.

Have a nice day!

0

I am also facing this issue in mx linux and in ubuntu wsl linux. I have sent the logs and no feedback it.

0
Hello Balasubramanian,

Do you have your request ID? It should be in the email you received when you submitted your request.

Have a nice day!
0

I'm still having major problems with this. Every time I do anything with our azure feed I'm prompted with the ADAL UI flow popup multiple times for the same feed. In this example I first restored packages and then installed one package and was prompted to login 10 times! And the same will happen again if I open a new solution using the same feed.

 

Is there a solution for this? 

What credential provider should I use?

1

I have the same issue. Whenever I open/reopen Rider (2023.2), I get prompted with the VSTS popup. What's worst is that Rider can't restore the packages anymore; it times out. Every time, I have to cancel Rider's restore after getting the token and manually run dotnet restore. Only then Rider can find the packages

0

On Windows I had this issue as well, and I was able to solve it by calling the credential manager from the command line: C:\Users\[your name]\.nuget\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe -I true -U “https://pkgs.dev.azure.com/[your org]/[your project]/_packaging/[your feed]/nuget/v3/index.json”.

I am not entirely sure whether I had to restart things after that, but after the weekend it is still working, so high hopes …

0

Hello Aug,

Thank you for sharing your experience with us. I am glad to hear that solution worked for you.

Have a nice day!

0

Thank you Aug

I'm afraid it didn't work for me though. The command presented me with the DeviceFlow and returned a user/password (see image), not sure what to do with those credentials. 

DeviceFlow:

What are your settings here?

 

1

I have NuGet/.NET CLI plugins

0

This setting worked for me! :D

0

Please sign in to leave a comment.