TeamCity and publishing NUGet packages to private repositories

Recently I had to figure out how to publish a NUGet package to a private password-protected repository as part of a TeamCity CI build process. NUGet, for those who are not aware, is a tool for managing .NET software in a convenient manner. It is similar in its purpose to Maven, the Java packaging framework. The implementation details are, of course, quite different.

TeamCity (version 9 in my case) provides support for handling NUGet packages, including fetching dependencies (relevant to the build process), as well as packaging and actual publishing out of the box. However, it is impossible to publish artefacts to those private repositories, which require username/password authentication.

The problem boils down to the fact that TeamCity NUGet publishing configuration page doesn’t allow you to specify a username and a password. This is very inconvenient. Fortunately, there is a workaround. NUGet can store credentials locally and use them when asked to push a new package. So this is how you could make publishing of new NUGet packages to password-protected private repositories:

• Log into the Windows agent under the same username as the one that runs the TeamCity process. If you are not sure what this user is, check the Services console. If this user happens to be SYSTEM, you should provably change it to a real user. If you do change the user, don’t forget to restart the service as well, otherwise it won’t pick up the change. Limit the access rights as it makes sense. Don’t forget to check TeamCity documentation with regards to user’s permission requirements requirements
• Run this command:

nuget sources Add -Name <your-source-name> -Source [your-source] -UserName [username] -Password [password]

Once done, any subsequent invocation of nuget push with the same source will use the stored credentials

• Repeat the procedure for all Windows agents

Once finished, your TeamCity should be able to publish NUGet artefacts successfully. If things continue to fail, check the build log. As mentioned above, the windows user under which you have stored the credentials must be the same as the one that runs the TeamCity Agent service.