Azure Artifacts – External Authentication

Hello everyone,

These days I came across an interesting situation that took me a few hours to resolve and I will document it here for future reference and to help others.

In one of the projects I work on we have some packages in a private feed in Azure Artifacts , when we use Azure Devops pipelines the authentication works automatically, in Visual Studio we can authenticate with our email, in a terminal we can use dotnet restore –interactive to authenticate, but how do we do it when we are inside a container or using other pipelines like bitbucket or gitlab?

Azure Artifacts Credential Provider

Fortunately we have a utility called Azure Artifacts Credential Provider that makes it easy to acquire a token to automatically authenticate the environment and automate our process.

The documentation has all the steps for the most diverse environments, here in the article I will focus only on building a docker container.

The first step is to have a nuget.config file with the feed we want to authenticate. This file needs to be copied into the container.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <packageSources>
    <add key="public" value="https://api.nuget.org/v3/index.json" />
    <add key="customfeed" value="https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json"  />
  </packageSources>
</configuration>

In our dockerfile we need to install Credentials Provider and copy the nuget.config file into the container.

FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
WORKDIR /app

# Instala o Credential Provider
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh  | sh

# Copy csproj and restore as distinct layers
COPY *.csproj .
# Copia o arquivo nuget.config para dentro do container
COPY ./nuget.config .
# Define um argumento de build para passarmos o token
ARG FEED_ACCESSTOKEN
# O endereço do endpoing precisa ser o mesmo definido no seu nuget.config
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"${FEED_ACCESSTOKEN}\"}]}"
RUN dotnet restore

# Copy and publish app and libraries
COPY . .
RUN dotnet publish -c Release -o out --no-restore


FROM mcr.microsoft.com/dotnet/runtime:5.0 AS runtime
WORKDIR /app/
COPY --from=build /app/out ./
ENTRYPOINT ["dotnet", "dotnetapp.dll"]

To build our container we will need to pass an argument called FEED_ACCESSTOKEN which is its PAT.If you don’t have a PAT yet or don’t know how to create one, use the following link to create one: 

https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens- to-authenticate?view=azure-devops&tabs=preview-page

# build the container
docker build --build-arg FEED_ACCESSTOKEN=SeuPersonalAccessToken .

That’s it, now we can create our containers both on the local machine and on the build servers.

This blog is part of Azure Week. Check it out for more great content!

About the Author:

Passionated about software development specially asp.net and azure

Reference

dos Santos, R (2021). Azure Artifacts – External Authentication. Available at: https://rafaeldossantos.net/azure-artifacts-external-authentication/ [Accessed: 8th July 2021].

Share this on...

Rate this Post:

Share: