Dotnet logo

.NET Tools

Essential productivity kit for .NET and game developers

How-To's

Credential providers for private NuGet feeds in Rider 2018.1 EAP

Many development teams make use of their own in-house or externally hosted NuGet repository, typically containing packages that can only be used and shared within the development team. With the latest Rider 2018.1 EAP build, we are improving support for authenticating against private NuGet feeds by displaying an authentication prompt and by supporting credential providers for popular NuGet hosting solutions such as MyGet and Visual Studio Team Services (VSTS).

Authentication prompt

Rider already supported working with private feeds. From the NuGet tool window under the Sources tab, we can edit or add a feed and add credentials in the form of a username/password combination.

Private NuGet feed support

The URL to private feeds is often shared with team members in a NuGet.config file that sits next to the solution file, so that everyone on the team can connect to such private feed. On the first load of such solution where package restore is required, Rider now will prompt for credentials:

Rider prompt for basic authentication

When credentials are correct, they are stored in Rider’s password store so that we don’t have to re-enter credentials each time we access a NuGet feed.

MyGet and Visual Studio Team Services credential providers

For many private NuGet servers, basic authentication works great. Some services provide alternative or additional means of authenticating, for example using an OAuth flow. Rider 2018.1 comes with built-in credential providers for MyGet and Visual Studio Team Services (VSTS), that allow authenticating against a well-known NuGet feed using a familiar user interface:

Credential provider for NuGet

Similarly with Visual Studio Team Services, Rider will allow authenticating using your VisualStudio.com credentials:

Visual Studio Team Services NuGet feed

Rider stores authentication details in its credential store. This means that unless the OAuth token can not be refreshed automatically or the token is revoked, Rider will remember credentials.

Building your own credential provider plugin

While Rider ships with several credential providers, it is also possible to add a custom credential provider. Rider 2018.1 introduces a new extension point for this: nugetCredentialProvider. All we have to do is register our credential provider in the plugin.xml manifest, and implement the NuGetCredentialProvider interface:

public interface NuGetCredentialProvider {
    public abstract fun getProviderResponse(
        project: com.intellij.openapi.project.Project,
        uri: java.net.URI,
        isRetry: kotlin.Boolean): NuGetCredentialProviderResponse?
}

All we have to do is check whether NuGet is retrying (which happens when authentication failed) and return either cached credentials or perform any logic required to retrieve credentials for the feed we are working with. We have published a boiler-plate NuGet credential provider plugin for Rider on GitHub in case you want to create your own.

Give the latest Rider 2018.1 EAP build a try! We’d love to hear your feedback!

image description