Telerik Private NuGet Feed

This article explains how to add the private Telerik NuGet feed to your system. You can use it to obtain the Telerik UI for Blazor components.

There are several approaches to set up the Telerik NuGet feed

• Video Tutorial - Visual Studio

• Manual Steps - CLI

• Nuget Config File

For other issues after the setup, see the NuGet Feed Troubleshooting article.

For information on automated builds, CI and CD, see the CI, CD, Build Server article.

Video Tutorial - Visual Studio

The following video explains how you can add the Telerik NuGet feed. If you prefer to do this yourself, follow the rest of this article.

Manual Steps - CLI

To add the Telerik private NuGet feed, you can use the dotnet CLI. Ultimately, it creates a nuget.config file for you. You can get familiar with the concepts of configuring a NuGet feed source in the MSDN: nuget.config reference - Package source sections article.

The tooling does not fully support encrypted credentials for authenticated feeds, so you need to store them in plain text.

The command from the example below stores the password in clear text in the %AppData%\NuGet\NuGet.config file.

dotnet nuget add source https://nuget.telerik.com/nuget 
--name TelerikOnlineFeed 
--username <YOUR TELERIK ACCOUNT EMAIL HERE> 
--password <YOUR PASSWORD HERE> 
--store-password-in-clear-text

If you have already stored a token instead of storing the credentials as clear text, update the definition in the %AppData%\NuGet\NuGet.config file by using the command below.

dotnet nuget update source "TelerikOnlineFeed" 
--source "https://nuget.telerik.com/nuget" 
--username <YOUR TELERIK ACCOUNT EMAIL HERE> 
--password <YOUR PASSWORD HERE> 
--store-password-in-clear-text

Store Encrypted Credentials

The ASP.NET Core NuGet tooling does not fully support encrypted credentials.

On Windows, if you add the feed through the Visual Studio dialog (Tools > NuGet Package Manager > Package Manager Settings > Package Sources), the credentials will be stored in the Windows Credential Manager and will be encrypted there, instead of being stored in plain text in the nuget.config file.

This is suitable only for local setup because such credentials can only be read on the same machine by the same user. You can read more about the options provided by the NuGet tooling in the packageSourceCredentials section of the nuget.config reference article at MSDN. Note the difference between the password and cleartextpassword options.

Nuget Config File

NuGet feeds and other settings can be stored in a nuget.config file. You can read more about it in the Nuget Config File - Package Sources article.

Make sure you are familiar with how such configurations work. The Common NuGet Configurations article is a reference document you can use.

To use a nuget.config file for the Telerik feed, you need to:

1. Ensure you have the relevant config file: %AppData%\NuGet\NuGet.Config. You can create a new one by via the dotnet new command by calling dotnet new nugetconfig.

2. Add the Telerik feed to it, and make sure to use plain-text credentials, because the .NET Core NuGet tooling does not fully support encrypted credentials. Here is an example of how your config file can look like:

   nuget.config

   <?xml version="1.0" encoding="utf-8"?>
   <configuration>
    <packageSources>
       <!--To inherit the global NuGet package sources remove the <clear/> line below -->
       <clear />
       <add key="nuget" value="https://api.nuget.org/v3/index.json" />
       <add key="telerik" value="https://nuget.telerik.com/nuget" />
    </packageSources>
    <packageSourceCredentials>
       <telerik>
         <add key="Username" value="your telerik account email" />
         <add key="ClearTextPassword" value="your plain text password" />
      </telerik>
    </packageSourceCredentials>
   </configuration>
   

Next Steps

Once you have the NuGet feed set up, follow the instructions to create either a Client-side Blazor app, or a Server-side Blazor app.

Further Reading

You may find useful the following Microsoft articles on securing your NuGet feed setup and supply chain as general best practices:

• Lock down your dependencies using configurable trust policies - Blog Post

• How to Scan NuGet Packages for Security Vulnerabilities - Blog Post

• Best practices for a secure software supply chain - MSDN docs

Telerik is working on providing signed packages that you can verify, you can Follow the status of this enhancement here.

See Also

• What You Need To Install
• Get Started with Client-side Blazor
• Get Started with Server-side Blazor
• NuGet Feed Troubleshooting
• CI, CD, Build Server