Telerik Private NuGet Feed
This article explains how to add the private Telerik NuGet feed to your system. You can use it to obtain the Telerik UI for Blazor components.
Telerik now offers NuGet v3 API for our feed which is faster, lighter, and reduces the number of requests from NuGet clients. It is available at https://nuget.telerik.com/v3/index.json. We recommend switching to the v3 API since the old https://nuget.telerik.com/nuget server will be deprecated.
There are several approaches to set up the Telerik NuGet feed
For other issues after the setup, see the NuGet Feed Troubleshooting article.
For information on automated builds, CI and CD, see the CI, CD, Build Server article.
Visual Studio GUI
Here are the steps to add the Telerik NuGet Feed through Visual Studio
Clear the local NuGet caches to ensure no cached Telerik packages exist (it is important in the steps later where your credentials will be stored by Windows). You can run
dotnet nuget locals all --clearin your CLI.Open Visual Studio and go to Tools > NuGet Package Manager > Package Manager Settings > Package Sources.
Click the
+button at the top right hand side.Add the Telerik Feed URL
https://nuget.telerik.com/v3/index.jsonand choose a Name for that package source (such as "TelerikOnlineFeed").Click OK and close all Visual Studio instances.
-
Open a project that has a Telerik UI components library package referenced. For example, generate one through our New Project Wizard.
- Make sure to remove local
nuget.configfiles from the solution that contain information about Telerik packages.
- Make sure to remove local
From the Build menu select Rebuild Solution.
-
There will be a Windows prompt asking for credentials for the Telerik feed. Enter the email and password you use to log in to telerik.com.
- Make sure to select the Remember my password checkbox.
-
Your project should now build and restore all packages - including those from nuget.org and from Telerik.
- If you experience issues, see the NuGet Feed Troubleshooting article.
The following video explains how you can add the Telerik NuGet feed. If you prefer to do this yourself, follow the rest of this article.
The video focuses on using nuget.exe as a generic approach to do this, but if you have .NET Core 3.1 or .NET 5 (or later) you do not need it - the dotnet CLI command allows you to manage nuget feeds. You can find examples of that later in this article.
Manual Steps - CLI
To add the Telerik private NuGet feed, you can use the dotnet CLI. Ultimately, it creates a nuget.config file for you. You can get familiar with the concepts of configuring a NuGet feed source in the MSDN: nuget.config reference - Package source sections article.
The tooling does not fully support encrypted credentials for authenticated feeds, so you need to store them in plain text.
The command from the example below stores the password in clear text in the %AppData%\NuGet\NuGet.config file.
Use the CLI to add the Telerik NuGet feed (make sure to remove the new lines, they are here for readability)
dotnet nuget add source https://nuget.telerik.com/v3/index.json
--name TelerikOnlineFeed
--username <YOUR TELERIK ACCOUNT EMAIL HERE>
--password <YOUR PASSWORD HERE>
--store-password-in-clear-text
If you have already stored a token instead of storing the credentials as clear text, update the definition in the %AppData%\NuGet\NuGet.config file by using the command below.
Update Credentials for the Telerik NuGet feed (make sure to remove the new lines, they are here for readability)
dotnet nuget update source "TelerikOnlineFeed"
--source "https://nuget.telerik.com/v3/index.json"
--username <YOUR TELERIK ACCOUNT EMAIL HERE>
--password <YOUR PASSWORD HERE>
--store-password-in-clear-text
Store Encrypted Credentials
The ASP.NET Core NuGet tooling does not fully support encrypted credentials.
On Windows, if you add the feed through the Visual Studio dialog (Tools > NuGet Package Manager > Package Manager Settings > Package Sources), the credentials will be stored in the Windows Credential Manager and will be encrypted there, instead of being stored in plain text in the nuget.config file.
This is suitable only for local setup because such credentials can only be read on the same machine by the same user. You can read more about the options provided by the NuGet tooling in the packageSourceCredentials section of the nuget.config reference article at MSDN. Note the difference between the password and cleartextpassword options.
Nuget Config File
NuGet feeds and other settings can be stored in a nuget.config file. You can read more about it in the Nuget Config File - Package Sources article.
Make sure you are familiar with how such configurations work. The Common NuGet Configurations article is a reference document you can use.
To use a nuget.config file for the Telerik feed, you need to:
Ensure you have the relevant config file:
%AppData%\NuGet\NuGet.Config. You can create a new one by via the dotnet new command by callingdotnet new nugetconfig.-
Add the Telerik feed to it, and make sure to use plain-text credentials, because the .NET Core NuGet tooling does not fully support encrypted credentials. Here is an example of how your config file can look like:
nuget.config
<?xml version="1.0" encoding="utf-8"?> <configuration> <packageSources> <!--To inherit the global NuGet package sources remove the <clear/> line below --> <clear /> <add key="nuget" value="https://api.nuget.org/v3/index.json" /> <add key="telerik" value="https://nuget.telerik.com/v3/index.json" /> </packageSources> <packageSourceCredentials> <telerik> <add key="Username" value="your telerik account email" /> <add key="ClearTextPassword" value="your plain text password" /> </telerik> </packageSourceCredentials> </configuration>
Next Steps
Once you have the NuGet feed set up, follow the instructions to create either a Client-side Blazor app, or a Server-side Blazor app.
Further Reading
You may find useful the following Microsoft articles on securing your NuGet feed setup and supply chain as general best practices:
Lock down your dependencies using configurable trust policies - Blog Post
How to Scan NuGet Packages for Security Vulnerabilities - Blog Post
Best practices for a secure software supply chain - MSDN docs
Telerik is working on providing signed packages that you can verify, you can Follow the status of this enhancement here.