Using multiple private nuget feeds from azure artifacts can be a bit complicated at times. Let's see how we can follow step by step solution to get this task done in a YAML based azure pipeline.

The ENV variable VSS_NUGET_EXTERNAL_FEED_ENDPOINTS is an array of nuget sources which provides credentials for accessing those feeds. So, you don't need provide them in the nuget.config

Add this in your Dockerfile to use multiple sources.

ARG FEED_ACCESSTOKEN
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh  | sh
COPY ./nuget.config .
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://pkgs.dev.azure.com/DemoOrg/_packaging/demo.somefeed/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"${FEED_ACCESSTOKEN}\"}, {\"endpoint\":\"https://pkgs.dev.azure.com/DemoOrg/_packaging/demo.anotherfeed/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"${FEED_ACCESSTOKEN}\"}]}"
RUN dotnet restore

Azure Pipelines (yaml)

Use the following steps in your pipelines to authenticate the private nuget feeds in azure artifacts.

    steps:
    - task: NuGetAuthenticate@1
      displayName: 'Authenticate to NuGet'

    - task: Docker@2
      displayName: 'build container'
      inputs:
        command: 'build'
        dockerfile: '**/Dockerfile'
        arguments: '--build-arg FEED_ACCESSTOKEN=$(VSS_NUGET_ACCESSTOKEN)'

The NuGetAuthenticate@1 task creates two environment variables VSS_NUGET_URI_PREFIXES and VSS_NUGET_ACCESSTOKEN) that can be used instead of a PAT (Personal Access Token).

Read More and Azure Artifacts Credentials Provider https://github.com/Microsoft/artifacts-credprovider#environment-variables