Problem
Some versions of the nuget clients using the NuGet v2 API make an anonymous ( uncredentialed ) request to verify a repository exists, before pushing content to it.
If Anonymous Access is disabled in your Nexus Repository 3 instance then this check will fail, preventing successful push of your NuGet package.
On the NuGet client you will be prompted for credentials even though you already configured a valid API key for the repository.
How to Allow an Anonymous Request to the Root of your NuGet v2 API Hosted Repository
You can implement limited anonymous access which only grants read access to the root of the NuGet repository without access to any of its content. This allows the anonymous check to pass and will let the NuGet push operation to continue as normal with its API Key.
- Create a content selector with search expression:
format=="nuget" and path=="/" - Create a content selector privilege for the above content selector with read access.
- Create a role and grant the above privilege and no other privileges.
- Create a user and grant the above role and no others. This will be the new anonymous user. It should not have the nx-anonymous role if you want to keep access restricted. Only the content selector privilege is needed.
- Configure Anonymous Access to set the anonymous user to the one created above and check the Enabled box.
- nuget push should now work.
Additional Resources
For additional help creating content selectors please check here:
https://help.sonatype.com/en/content-selectors.html
Additional help with configuring anonymous access is available here:
https://help.sonatype.com/en/anonymous-access.html