Telerik Private NuGet Feed
This article explains how to add the private Telerik NuGet feed to your system. You can use it to obtain the Telerik UI for Blazor components.
There are several approaches to set up the Telerik NuGet feed
For other issues after the setup, see the NuGet Feed Troubleshooting article.
For information on automated builds, CI and CD, see the CI, CD, Build Server article.
Video Tutorial - Visual Studio
The following video explains how you can add the Telerik NuGet feed. If you prefer to do this yourself, follow the rest of this article.
Manual Steps - CLI
To add the Telerik private NuGet feed, you can use the dotnet
CLI. Ultimately, it creates a nuget.config
file for you. You can get familiar with the concepts of configuring a NuGet feed source in the MSDN: nuget.config reference - Package source sections article.
The tooling does not fully support encrypted credentials for authenticated feeds, so you need to store them in plain text.
The command from the example below stores the password in clear text in the %AppData%\NuGet\NuGet.config
file.
Use the CLI to add the Telerik NuGet feed (make sure to remove the new lines, they are here for readability)
dotnet nuget add source https://nuget.telerik.com/nuget
--name TelerikOnlineFeed
--username <YOUR TELERIK ACCOUNT EMAIL HERE>
--password <YOUR PASSWORD HERE>
--store-password-in-clear-text
If you have already stored a token instead of storing the credentials as clear text, update the definition in the %AppData%\NuGet\NuGet.config
file by using the command below.
Update Credentials for the Telerik NuGet feed (make sure to remove the new lines, they are here for readability)
dotnet nuget update source "TelerikOnlineFeed"
--source "https://nuget.telerik.com/nuget"
--username <YOUR TELERIK ACCOUNT EMAIL HERE>
--password <YOUR PASSWORD HERE>
--store-password-in-clear-text
Store Encrypted Credentials
The ASP.NET Core NuGet tooling does not fully support encrypted credentials.
On Windows, if you add the feed through the Visual Studio dialog (Tools > NuGet Package Manager > Package Manager Settings > Package Sources), the credentials will be stored in the Windows Credential Manager and will be encrypted there, instead of being stored in plain text in the nuget.config
file.
This is suitable only for local setup because such credentials can only be read on the same machine by the same user. You can read more about the options provided by the NuGet tooling in the packageSourceCredentials section of the nuget.config reference article at MSDN. Note the difference between the password
and cleartextpassword
options.
Nuget Config File
NuGet feeds and other settings can be stored in a nuget.config
file. You can read more about it in the Nuget Config File - Package Sources article.
Make sure you are familiar with how such configurations work. The Common NuGet Configurations article is a reference document you can use.
To use a nuget.config
file for the Telerik feed, you need to:
Ensure you have the relevant config file:
%AppData%\NuGet\NuGet.Config
. You can create a new one by via the dotnet new command by callingdotnet new nugetconfig
.-
Add the Telerik feed to it, and make sure to use plain-text credentials, because the .NET Core NuGet tooling does not fully support encrypted credentials. Here is an example of how your config file can look like:
nuget.config
<?xml version="1.0" encoding="utf-8"?> <configuration> <packageSources> <!--To inherit the global NuGet package sources remove the <clear/> line below --> <clear /> <add key="nuget" value="https://api.nuget.org/v3/index.json" /> <add key="telerik" value="https://nuget.telerik.com/nuget" /> </packageSources> <packageSourceCredentials> <telerik> <add key="Username" value="your telerik account email" /> <add key="ClearTextPassword" value="your plain text password" /> </telerik> </packageSourceCredentials> </configuration>
Next Steps
Once you have the NuGet feed set up, follow the instructions to create either a Client-side Blazor app, or a Server-side Blazor app.
Further Reading
You may find useful the following Microsoft articles on securing your NuGet feed setup and supply chain as general best practices:
Lock down your dependencies using configurable trust policies - Blog Post
How to Scan NuGet Packages for Security Vulnerabilities - Blog Post
Best practices for a secure software supply chain - MSDN docs
Telerik is working on providing signed packages that you can verify, you can Follow the status of this enhancement here.