Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Preview] Unable to restore packages from feeds with encrypted passwords on windows

See original GitHub issue

Describe the bug

After the recent update of VS Preview (I got the telemetry prompt earlier today), I’m not able to restore packages from feeds that use an encrypted password.

To Reproduce

Make sure some password-protected feeds are registered and they use encrypted password
Prepare a project that requests something from the feed
Run dotnet nuget locals all --clear just in case to make sure the restore operation is needed
Run dotnet restore

Exceptions (if any)

  Retrying 'FindPackagesByIdAsyncCore' for source 'https://nuget.xyz.com/repository/nuget-prod/FindPackagesById()?id='Package'&semVerLevel=2.0.0'.
  Password decryption is not supported on .NET Core for this platform. The following feed uses an encrypted password: 'repo-name'. You can use a clear text password as a workaround.
    Windows Data Protection API (DPAPI) is not supported on this platform.

Detailed exception.

Further technical details

Windows 10 21H2
SDK 6.0.200-preview.21617.4

Workaround

Use global.json and downgrade to 6.0.100.

Issue Analytics

State:
Created 2 years ago
Reactions:42
Comments:64 (10 by maintainers)

Top GitHub Comments

24reactions

saurlacommented, Feb 21, 2022

I debugged this issue with dotnet restore -v diag command. Here is the most inner exception in the stack trace:

System.PlatformNotSupportedException: Windows Data Protection API (DPAPI) is not supported on this platform.
    at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
    at NuGet.Configuration.EncryptionUtility.DecryptString(String encryptedString)
    at NuGet.Configuration.PackageSourceCredential.get_Password()

So the problem seems to be the System.Security.Cryptography.ProtectedData.dll. The dotnet installation contains the non platform specific version of the DLL at the root level (C:\Program Files\dotnet\sdk\6.0.200\System.Security.Cryptography.ProtectedData.dll). The implementation of this DLL just throws the System.PlatformNotSupportedException since the ProtectedData is only supported on Windows platform.

The Windows platform specific DLL is found under the runtimes directory (C:\Program Files\dotnet\sdk\6.0.200\runtimes\win\lib\netstandard2.0\System.Security.Cryptography.ProtectedData.dll).

For some reason the dotnet executable is using the non platform specific version of the DLL and not the Windows platform specific version.

I was able to workaround the issue by removing the non platform specific DLL at C:\Program Files\dotnet\sdk\6.0.200\System.Security.Cryptography.ProtectedData.dll. After this, the dotnet started using the correct one from C:\Program Files\dotnet\sdk\6.0.200\runtimes\win\lib\netstandard2.0\System.Security.Cryptography.ProtectedData.dll and restore started working again.

EDIT: Environment where I tested is Windows Server 2016.

13reactions

rainersigwaldcommented, Mar 15, 2022

The MSBuild-side revert is merged to daily builds of the 6.0.2xx SDK, and the next patch release of the .NET SDK should have the fix.