dotnet (ASPNETCORE) NuGet: warning NU1605

The Antares team works with clients from a vast array of industries, from public to private entities, ranging from small businesses to large corporate environments. Regardless of the client or project size, one of our consistent priorities is to integrate their current business processes or workflows into a new solution. Leveraging proven processes seems logical, but sometimes technology can get in the way of progress.

NuGet: warning NU1605

Recently, the A-Team was tasked with integrating a custom Authentication System within a new ASPNETCORE Web Api. Leveraging the existing Authentication System, the idea was that the team could focus elsewhere in the application and not have to redesign the application’s authentication components. It was the typical “Why fix something that already works?” scenario. Fortunately, the original Authentication System library was developed with .NET Standard as its target framework. However, when adding the package to the new Web Api project, warnings began to surface and ultimately cause the Web Api’s configuration to error on launch, specifically with error NU1605.


Problem: A project with the NuGet package Microsoft.AspNetCore.All detected a package downgrade

Fix: Reference the package directly from the project to select a different version

The Tell All…

After receiving this warning and eventually watching the Kestrel or IIS instance die while launching the new Web Api, it was evident that our tried and true authentication system components would not work out as planned. When reviewing the security solution’s original codebase, it appeared that the Authentication System leverages a NuGet package referencing Microsoft.AspNetCore.Authentication.Cookies 1.1.3, which did not match the new Web Api’s package reference 2.1.1. To overcome the version conflict, we specifically referenced the intended library directly. Following these steps, the A-Team was able to leverage the external reference to the Authentication System without having to modify the codebase:

  1. Identify the conflicting library (our case was Microsoft.AspNetCore.Authentication.Cookies v.1.1.3)
  2. Utilize NuGet’s website to download the correct version of the library required
    1. Search the conflicting library by name
    2. Select the matching library via the search results.
    3. Select the correct version matching the library that you are requiring.
    4. Download the required version of the file from the top left side of the page.
  3. Rename the downloaded NuGet file’s extension from its original .nupkg format to .zip and proceed with filename warning.
  4. Extract the archive file, and copy the folder to the Web Api project root.
  5. Exclude the solution folder from the project to prevent any unnecessary solution processes for that folder.
  6. Reference the newly copied library file within the project dependencies.
  7. Rebuild and notice the warnings disappear while reviewing the project’s dependencies.