Why do NuGet push commands authenticate yet still return a 401 response code?


When performing a NuGet push command, you notice your command ultimately fails due to a 401 response even though the repository manager request log suggests authentication succeeded. - - [02/Feb/2021:11:46:16 -0400] "PUT /repository/nuget-hosted/ HTTP/1.1" 401 - 0 1 "NuGet Command Line/5.8.1 (Unix" [qtp47753675-300] - admin [02/Feb/2021:11:46:16 -0400] "PUT /repository/nuget-hosted/ HTTP/1.1" 401 - 0 4 "NuGet Command Line/5.8.1 (Unix" [qtp47753675-71]

Notice on the second request the admin user is authenticated yet the response is still 401.

The client sees:

Unauthorized http://localhost:8081/repository/nuget-hosted/ 140ms

You have added the repository as a NuGet source, with valid basic credentials, for example like this:

nuget sources add -Source http://localhost:8081/repository/nuget-hosted/ -Name nuget-hosted -Username admin -Password admin123

Your push command is also specifying a NuGet API Key for the push:

nuget push -Source http://localhost:8081/repository/nuget-hosted/ SONATYPE.TEST.1.0.0.nupkg -ApiKey cb3fd52f-0f4a-3aab-b470-9343f415acaf


The first 401 response is a Basic Authentication challenge response, indicating to the client that some credentials are required in order to access this resource.

The client looks for Basic auth credentials matching the realm and upon finding them supplies them as part of the challenge response PUT request. This successfully authenticates the admin user and thus when the response is logged into the repository manager request.log, the admin user id is included as the third field.

However there is a still a problem  - the API Key is wrong and thus authentication using the API key causes repository manager to still return a 401 status code.


NuGet package pushes required a valid NuGet API KEY in order to succeed.

The user performing the push should get their valid Nuget API Key value by signing into the NXRM UI, then clicking their userid at the top right menu item to view their profile. Then choose NuGet API Key menu item on the left. Click Access API Key. Enter user credentials when prompted and obtain the actual valid NuGet API key shown. Use the valid API Key when performing the push commands.

Have more questions? Submit a request


Article is closed for comments.