Fixing NuGet error: Unable to load the service index for source - 401 Unauthorized

Tobias Zimmergren
Tobias Zimmergren
💡🤖TIP: Check out the guidance for AI adoption on Azure!

Setting up an entirely new project and getting things off the ground is usually the quickest part of our development process for a project. However, not its not uncommon to stumble into various issues with NuGet, if you're a dotnet dev.

Something I've ran into several times is when running dotnet restore or dotnet add package <name>, the tool throws and error with Unauthorized. Similar to the below message.

dotnet restore
  Determining projects to restore...
  All projects are up-to-date for restore.
DragonFruit -v  0.3.0-alpha.20574.7
  Determining projects to restore...
  Writing C:\Users\tobia\AppData\Local\Temp\tmpE602.tmpinfo : Adding PackageReference for package 'System.CommandLine.DragonFruit' into project 'C:\code\zimmergren.cli\zimmergren.cli.csproj'.
  info : Restoring packages for C:\code\zimmergren.cli\zimmergren.cli.csproj...
  info :   GET https://api.nuget.org/v3-flatcontainer/system.commandline.dragonfruit/index.json
  error: Unable to load the service index for source https://pkgs.dev.azure.com/redacted_org/_packaging/Core/nuget/v3/index.json.
  error:   Response status code does not indicate success: 401 (Unauthorized).

Notice how we receive an Unauthorized 401 error on the redacted_org url, which is a private repository that I have access to.

I don't want to pull anything from a private repo for my new console app. However, the package restore process decides it needs to check the access to the private/protected repository regardless.

Solution 1. Use a NuGet config file.

To work around this, I am creating a new nuget.config file and populating it with the basic content it needs for my project to work.

Should you encounter a more long-term solution to this, please drop a comment or email to share, and I'll be happy to update so more devs can avoid these issues.

Here's the basic nuget.config file that I'm adding to the root of my project:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="NuGet Public" value="https://api.nuget.org/v3/index.json" />
  </packageSources>   
</configuration>

Immediately after the change, the add and restore commands works, and my development continues.

Solution 2. Verify that your Personal Access Token hasn't expired

If you are pulling packages from private repositories, or you want to solve the problem independently of your specific project, you could look into the tokens you use for the private repositories.

In Azure DevOps, we have something called Personal Access Tokens. In the case of expired tokens, you may also encounter the aforementioned error.

As commented by Tom Brown, refreshing or setting up a new PAT (Personal Access Token) can also be a way to achieve success. Thanks for sharing, Tom.

When you've got a new/regenerated token, you can tell NuGet to make use of the username + token to get access to your private NuGet repository.

nuget.exe sources add -Name "Tobias Private Feed" -Source "https://your-private-repository.url" -username irrelevant -password YOUR_TOKEN_VALUE_HERE

Solution 3. Run dotnet restore in Interactive mode

User db commented that they solved it using the dotnet restore --interactive command when they were using Visual Studio Code. Perhaps this is another way to work around the issue.

Try running the restore like this:

dotnet restore --interactive

If this solution works for you, feel free to add a comment letting everyone know 🙏

Thanks for reading. These are simple workarounds, but I hope it can save someone the time of troubleshooting.

Development

Tobias Zimmergren Twitter

Hi, I'm Tobias! 👋 I write about Microsoft Azure, security, cybersecurity, compliance, cloud architecture, Microsoft 365, and general tech!

Reactions and mentions


Hi, I'm Tobias 👋

Tobias Zimmergren profile picture

Find out more about me.

Recent comments

Mastodon