Description
Project
Windows Community Toolkit
Project Url
https://github.com/CommunityToolkit/Labs-Windows
Description
Around the end of March, consumers of our Azure Artifacts feed reported issues consuming packages from it in Visual Studio, issue in our repo is here.
warning NU1900: Error occurred while getting package vulnerability data: Response status code does not indicate success: 401 (Unauthorized).
A community member (thanks @beeradmoore) diagnosed this was due to the underlying VulnerabilityInfo/6.70 component of the NuGet server index.json, see that summary here: CommunityToolkit/Labs-Windows#662 (comment)
I think the issue is that https://pkgs.dev.azure.com/dotnet/696bc9fd-f160-4e97-a1bd-7cbbb3b58f66/_packaging/9c12ba9d-e4eb-4290-9266-e0fb1a871009/nuget/v3/vulnerabilities/index.json which is referenced in https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-Labs/nuget/v3/index.json requires a login.
If that isn't expected, it would be some Azure config change in the feed.
EDIT: From the urls linked in the main feed. I don't know nuget spec or what are meant to work or not.
EDIT 2:
When I try login via the web form it presents I get the error. Hopefully this helpful to find the right person to ping.
Selected user account does not exist in tenant '.NET Foundation' and cannot access the application '499b84ac-1321-427f-aa17-267ca6975798' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
MainLatest feed also hits up a different vulnerabilities/index.json but results in the same unauthorised.
There's no configuration we've changed in this period, and there's no settings or options we can see in the portal for any of this underlying configuration.
So either something changed in the main .NET Foundation tenant or some change happened within ADO that we weren't notified of.
Expectation: Users can access the Azure Artifacts feed without authentication, as before.
Due By
ASAP