I can invoke Find-Module
without the -Credential
argument and it works just fine. This is because:
- the module in question is found on an on-prem NuGet repo in the Windows Domain
- the default authentication is NTLM
Now I really want to use PAT, which forces me to pass the -Credential
argument. However, in order to work the authentication must be switched to Basic. And this is where I am stuck.
I know how to configure the NuGet source with the PAT credentials (and ValidAuthenticationTypes
= basic
), so I am able to use nuget.exe with PAT. But I specifically need Find-Module
(and Install-Module
) to work.
This happens both on Windows Powershell and on PS Core. Here is Get-Module
output on PS Core:
C:\Users\p11f70f> get-module
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Manifest 7.0.0.0 Microsoft.PowerShell.Management {Add-Content, Clear-Content, Clear-Item, Clear-It…
Manifest 7.0.0.0 Microsoft.PowerShell.Security {ConvertFrom-SecureString, ConvertTo-SecureString…
Manifest 7.0.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Ob…
Script 1.4.8.1 PackageManagement {Find-Package, Find-PackageProvider, Get-Package,…
Script 1.0.0 Posh-Git {Add-PoshGitToProfile, Expand-GitCommand, Format-…
Script 2.2.5 PowerShellGet {Find-Command, Find-DscResource, Find-Module, Fin…
Script 2.1.0 PSReadLine {Get-PSReadLineKeyHandler, Get-PSReadLineOption, …
C:\Users\p11f70f>
CodePudding user response:
Using ILSpy I traced the execution of the Find-Module
and my conclusion is that it is impossible to make it work with PAT if the server prefers NTLM.
This is quite frastrating, because some PS flows use in-house logic to interact with the NuGet server (like Find-Module
and Install-Module
) yet other flows fallback to dotnet.exe nuget
or nuget.exe
(like Publish-Module
)
The latter recognize the PAT credentials saved in the $env:APPData\NuGet\NuGet.config
file and the most importantly respect the validAuthenticationTypes
property which forces them to override NTLM with Basic authentication.
The in-house PS logic does nothing of the kind. Moreover, it gets poisoned by the saved PAT credentials, which would be used with NTLM, which is totally wrong.
What a mess.