How to fix proxy authentication issues in your development environment

I have written about proxy authentication before and although this annoying problem has been around, many tools still don’t support it well. Specially when it comes to NTLM flavor of it that has been developed by Microsoft long time ago and even many Microsoft tools did not support it until recently.

Proxy servers in my opinion are not the best tools to control internet access. Security benefit they bring us are not much compared to productivity they take away from developers.

In the past I have used many different techniques to overcome this issue (e.g. CNTLM, custom local proxy and more) but the best way that almost always works reliably and securely is to run Fiddler with its “Capture Traffic” turned off (unless you need it for other reasons) and point from your blocked app to it. This way:

  1. Fiddler won’t be capturing all the traffic and it will only proxy the traffic for the applications that are specifically pointing to it.
  2. It takes care of authentication on behalf of you without worrying to store your credentials somewhere that is not safe or having to update your credentials when they change.
  3. You can always close Fiddler when you want to cut the traffic

In the rest of this blog post I will show how you can configure every development tool that I know (and remember) to point to Fiddler as a proxy.

Keep in mind that it doesn’t have to be Fiddler, any other local proxy that can take care of authentication on behalf of the logged in user can do the same.

Please let me know if I have forgotten a developer tool or if you know how to configure another tool and what others to know it. I will add it to the list as soon as possible.

Nuget Package Manager

At this moment Nuget Package Manager does not understand proxy authentication and you need to change its configuration to use your local proxy server (Fiddler) to take care of authentication. The configuration file is located in

%USERPROFILE%\AppData\Roaming\NuGet\NuGet.Config

<configuration>
  <config>
    <add key="http_proxy" value="http://localhost:8888" />
  </config>
</configuration>

Node Package Manager (NPM)

At this moment Nuget Package Manager does not understand proxy authentication and you need to change its configuration to use your local proxy server (Fiddler) to take care of authentication.Run the following command to know if your NPM is using any proxy.

Run the following command to know your current proxy setting (if any).

npm config get proxy

To set Fiddler as your proxy setting use the following command.

npm config set proxy http://localhost:8888

You have the possibility to point to your corporate proxy server using the following syntax.

npm config set proxy http://{domain\username-url-encoded}:{password-url-encoded}@{proxy-domain-name}:{port}

But keep in mind that if you directly point to your corporate proxy, every time your password changes you need to run the above command again to update the setting.

Side: To URL encode your username or password you can use encodeURIComponent in your browser’s Console. For example:

>> encodeURIComponent('domain\\username')
"domain%5Cusername"
>> encodeURIComponent("P@ssw0rd!")
"P%40ssw0rd!"

Visual Studio’s Task Runner (NPM in Visual Studio)

Whatever I explained about configuring NPM’s proxy setting previously is still applicable here, but you need to keep in mind that Visual Studio uses its own local NPM and not the one you might have installed globally. This means that you need to run the above commands in “Developer Command Prompt for VS” and not in a standard command prompt.

Visual Studio Code

VS Code in its more recent versions supports proxy authentication and it can even help its extensions to use its proxy settings, but some extensions (e.g. NPM) still resist it (pun intended) and you might need to configure them independently. If for any reason you need to manualy set VS Code’s proxy please refer to: https://code.visualstudio.com/docs/setup/network

Git

Starting from version 1.7.10, Git supports NTLM proxy authentication. You can find the commit here. Although you still need to instruct Git to use your proxy, because it does not detect it from your OS. To do so, you can point to your proxy server’s URL and Git will do the rest. The following bash command is setting the proxy URL to Fiddler’s default URL, but you can use your company’s proxy server too. You can either point to Fiddler to take care of proxy authentication using the following command.

$ git config --global http.proxy http://localhost:8888

Or directly point to your corporate proxy and include your username. Git can remember your credentials using Windows Credential Manager, but you need to make sure that your Git client is configured to use the credential manager and you are using v. 2.8.0 or higher.

$ git config --global http.https://github.axa.com.proxy http://[proxyuser@]<proxyhost>:<port>

To make sure Git is using Windows Credential Manager run the following command.

$ git config --global credential.helper wincred
How to fix proxy authentication issues in your development environment