I have multiple repositories:
and a group repository called:
which brings all of the above together.
This is all on the server "DepServer".
When I try to do a "nuget restore" when the client has access to nuget-dotnet (the group repository) only I get the following:
WARNING: Error downloading 'MyPackage.1.2.3' from 'https://DepServer:8443/repository/nuget-dotnet-firstparty/MyPackage/1.2.3'.
The HTTP request to 'GET https://DepServer:8443/repository/nuget-dotnet-firstparty/MyPackage/1.2.3' has timed out after 100000ms
Now, the client has no references to "nuget-dotnet-firstparty", and so no security access set up for it. But it shouldn't need it, because it has access to the group.
I couldn't work out why it was that it was having this issue, so I went looking through the information on the server via the nuget protocol. What I found was:
Each entry has a link with a title of V2FeedPackage an an href of "Packages(Id='MyPackage',Version='1.2.3')"
Following one of those URLs shows that a line with - content type="application/zip" and a src of "https://DepServer:8443/repository/nuget-dotnet-firstparty/MyPackage/1.2.3"
However, as the client has no access to the "nuget-dotnet-firstparty" repository, only to the group repository, that's when the error occurs.
Responses from group requests should only reference urls to the group repo, not group members.