Installing a nuget package from a source other than NuGet.org

There are times when you need to take a dependency on a non official version of MSAL:

• an MSAL developer hands has put in a fix for a bug and would like you to validate it
• you are making changes to MSAL on your own, package MSAL and want to try it out with an app

Install a package from a different source

Easiest is to use local folder as a nuget source - see details in this SO post (from my experience you don't need to use nuget init and nuget add for simple scenarios like this)

You can also configure the package manager to consume packages from MyGet

What not to do

• do not unzip the nupkg file (yes, it's just a zip) and take a reference to the dll itself - there are many DLLs in the package and you might use the wrong one.
• do not try to copy-paste and rename the new package over an existing package in the NuGet cache - you'll have problems moving away from the non-official version back to an official version / clearing out the cache etc.

Check the signatures

You should check that a package is signed, in this case MSAL has to be signed by Microsoft. NuGet and MyGet will display this, and you can always check a package with this amazing tool. Microsoft will always sign both packages and DLLs inside packages, even for non-official releases.