Unauthorized: Access is denied due to invalid credentials. Please check the authentication parameters in SonarQube SonarScanner.MsBuild.exe

Question

I'm trying to setup a test environment to experiment with SonarQube. This are the steps I took so far:

• Downloaded and installed SonarQube. I am able to run it, navigate to http://localhost:9000

• Created a new project for a repo in Azure DevOps. Sonar is able to connect to it, read the repositories, etc.

• Donwloaded the latest version of SonarScanner.MsBuild runner. Unzipped and put the path into the %PATH% environment variable

• In sonar I created a new User Token and put in the SonarQube.Analysis.xml from the runner folder:

  <Property Name="sonar.host.url">http://localhost:9000</Property>
  <Property Name="sonar.login">admin</Property>
  <Property Name="sonar.password">sonar</Property>
  <Property Name="sonar.token">squ_7b.......601</Property>
  

• Back to Sonar, I created a new local run.

• Selected the option to Generate a project token and clicked Next

• Then Sonar is asking me to run the following command:

SonarScanner.MSBuild.exe begin /k:"TEST_PROJECT-local" /d:sonar.host.url="http://localhost:9000" /d:sonar.token="sqp_ec60....a7e1"

I can see the project token was create by Sonar. But when I run it, I get the following error:

SonarScanner for MSBuild 5.13
Using the .NET Framework version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
09:15:30.629  Updating build integration targets...
09:15:30.797  Unauthorized: Access is denied due to invalid credentials. Please check the authentication parameters.
09:15:30.8  Pre-processing failed. Exit code: 1

What am I missing?

Answer 1

Try deleting these 2 lines

<Property Name="sonar.login">admin</Property>
<Property Name="sonar.password">sonar</Property>

from your SonarQube.Analysis.xml file.

I was having the same problem and was able to resolve it by doing that. I think the issue is related to the scanner attempting to use login and password when they are present, but if the token is listed you should really just use that to authenticate.

Answer 2

I was having a similar issue, seeing the following in the logs:

SonarScanner for MSBuild 4.8
Using the .NET Framework version of the Scanner for MSBuild
Post-processing started.
12:44:09.281  12:44:09.281  This setting is not valid in the "end" phase in this version of the C# plugin: sonar.token
12:44:09.297  Post-processing failed. Exit code: 1
WARN: Unable to locate 'report-task.txt' in the workspace. Did the SonarScanner succeed?
ERROR: Execution of SonarScanner for MSBuild failed (exit code 1)

and

11:57:59.239  Failed to request and parse 'http://sonarqube.redacted.com/api/settings/values?component=SoftwareName': The remote server returned an error: (401) Unauthorized.
11:57:59.239  Could not authorize while connecting to the SonarQube server. Check your credentials and try again.
11:57:59.254  Pre-processing failed. Exit code: 1
ERROR: Execution of SonarScanner for MSBuild failed (exit code 1)

and seeing the following in a wireshark trace:

3051    222.906323  HTTP    187 GET /api/settings/values?component=SoftwareName HTTP/1.1 
3052    222.909389  HTTP    840 HTTP/1.1 401  

The root cause was the Jenkins "tools" not getting updated. I was able to delete the tools and then they reinstalled automatically to the latest versions. Since this Jenkins install was running on Windows, we removed this folder: C:\Program Files (x86)\Jenkins\Tools\hudson.plugins.sonar.MsBuildSQRunnerInstallation

References: https://www.jenkins.io/doc/book/managing/tools/

https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/ci-integration/jenkins-integration/

https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/jenkins-extension-sonarqube/