Aspire.Hosting.Azure.Network
13.2.1
Prefix Reserved
See the version list below for details.
dotnet add package Aspire.Hosting.Azure.Network --version 13.2.1
NuGet\Install-Package Aspire.Hosting.Azure.Network -Version 13.2.1
<PackageReference Include="Aspire.Hosting.Azure.Network" Version="13.2.1" />
<PackageVersion Include="Aspire.Hosting.Azure.Network" Version="13.2.1" />
<PackageReference Include="Aspire.Hosting.Azure.Network" />
paket add Aspire.Hosting.Azure.Network --version 13.2.1
#r "nuget: Aspire.Hosting.Azure.Network, 13.2.1"
#:package Aspire.Hosting.Azure.Network@13.2.1
#addin nuget:?package=Aspire.Hosting.Azure.Network&version=13.2.1
#tool nuget:?package=Aspire.Hosting.Azure.Network&version=13.2.1
Aspire.Hosting.Azure.Network library
Provides extension methods and resource definitions for an Aspire AppHost to configure Azure Virtual Networks, Subnets, NAT Gateways, Public IP Addresses, Network Security Groups, and Private Endpoints.
Getting started
Prerequisites
- Azure subscription - create one for free
Install the package
Install the Aspire Azure Virtual Network Hosting library with NuGet:
dotnet add package Aspire.Hosting.Azure.Network
Configure Azure Provisioning for local development
Adding Azure resources to the Aspire application model will automatically enable development-time provisioning for Azure resources so that you don't need to configure them manually. Provisioning requires a number of settings to be available via .NET configuration. Set these values in user secrets in order to allow resources to be configured automatically.
{
"Azure": {
"SubscriptionId": "<your subscription id>",
"ResourceGroupPrefix": "<prefix for the resource group>",
"Location": "<azure location>"
}
}
NOTE: Developers must have Owner access to the target subscription so that role assignments can be configured for the provisioned resources.
Usage examples
Adding a Virtual Network
In the AppHost.cs file of AppHost, add a Virtual Network using the following method:
var vnet = builder.AddAzureVirtualNetwork("vnet");
By default, the virtual network will use the address prefix 10.0.0.0/16. You can specify a custom address prefix:
var vnet = builder.AddAzureVirtualNetwork("vnet", "10.1.0.0/16");
Adding Subnets
You can add subnets to your virtual network:
var vnet = builder.AddAzureVirtualNetwork("vnet");
var subnet = vnet.AddSubnet("subnet", "10.0.1.0/24");
Adding NAT Gateways
A NAT Gateway provides outbound internet connectivity with deterministic public IP addresses:
var natGateway = builder.AddNatGateway("nat");
var vnet = builder.AddAzureVirtualNetwork("vnet");
var subnet = vnet.AddSubnet("aca-subnet", "10.0.0.0/23")
.WithNatGateway(natGateway);
By default, a Public IP Address is automatically created. You can provide an explicit one for full control:
var pip = builder.AddPublicIPAddress("nat-pip");
var natGateway = builder.AddNatGateway("nat")
.WithPublicIPAddress(pip);
Use ConfigureInfrastructure for advanced settings like idle timeout or availability zones.
Adding Network Security Groups
Add security rules to control traffic flow on subnets using shorthand methods:
var vnet = builder.AddAzureVirtualNetwork("vnet");
var subnet = vnet.AddSubnet("web", "10.0.1.0/24")
.AllowInbound(port: "443", from: AzureServiceTags.AzureLoadBalancer, protocol: SecurityRuleProtocol.Tcp)
.DenyInbound(from: AzureServiceTags.Internet);
An NSG is automatically created when shorthand methods are used. Priority auto-increments (100, 200, 300...) and rule names are auto-generated.
For full control, create an explicit NSG with AzureSecurityRule objects:
var nsg = vnet.AddNetworkSecurityGroup("web-nsg")
.WithSecurityRule(new AzureSecurityRule
{
Name = "allow-https",
Priority = 100,
Direction = SecurityRuleDirection.Inbound,
Access = SecurityRuleAccess.Allow,
Protocol = SecurityRuleProtocol.Tcp,
DestinationPortRange = "443"
});
var subnet = vnet.AddSubnet("web-subnet", "10.0.1.0/24")
.WithNetworkSecurityGroup(nsg);
A single NSG can be shared across multiple subnets.
Adding Private Endpoints
Create a private endpoint to securely connect to Azure resources over a private network:
var vnet = builder.AddAzureVirtualNetwork("vnet");
var peSubnet = vnet.AddSubnet("private-endpoints", "10.0.2.0/24");
var storage = builder.AddAzureStorage("storage");
var blobs = storage.AddBlobs("blobs");
// Add a private endpoint for the blob storage
peSubnet.AddPrivateEndpoint(blobs);
When you add a private endpoint to an Azure resource:
- A Private DNS Zone is automatically created for the service (e.g.,
privatelink.blob.core.windows.net) - A Virtual Network Link connects the DNS zone to your VNet
- A DNS Zone Group is created on the private endpoint for automatic DNS registration
- The target resource is automatically configured to deny public network access
To override the automatic network lockdown, use ConfigureInfrastructure:
storage.ConfigureInfrastructure(infra =>
{
var storageAccount = infra.GetProvisionableResources()
.OfType<StorageAccount>()
.Single();
storageAccount.PublicNetworkAccess = StoragePublicNetworkAccess.Enabled;
});
Additional documentation
- https://learn.microsoft.com/azure/virtual-network/
- https://learn.microsoft.com/azure/nat-gateway/
- https://learn.microsoft.com/azure/private-link/
Feedback & contributing
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net8.0
- Aspire.Hosting.Azure (>= 13.2.1)
- AspNetCore.HealthChecks.Uris (>= 9.0.0)
- Azure.Core (>= 1.51.1)
- Azure.Identity (>= 1.18.0)
- Azure.Provisioning (>= 1.5.0)
- Azure.Provisioning.KeyVault (>= 1.1.0)
- Azure.Provisioning.Network (>= 1.0.0)
- Azure.Provisioning.PrivateDns (>= 1.0.0)
- Azure.ResourceManager.Resources (>= 1.11.2)
- Azure.Security.KeyVault.Secrets (>= 4.8.0)
- Google.Protobuf (>= 3.33.5)
- Grpc.AspNetCore (>= 2.76.0)
- Grpc.Net.ClientFactory (>= 2.76.0)
- Grpc.Tools (>= 2.78.0)
- Humanizer.Core (>= 2.14.1)
- JsonPatch.Net (>= 3.3.0)
- KubernetesClient (>= 18.0.13)
- Microsoft.Extensions.Configuration.Abstractions (>= 10.0.5)
- Microsoft.Extensions.Configuration.Binder (>= 10.0.5)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.5)
- Microsoft.Extensions.Diagnostics.HealthChecks (>= 8.0.25)
- Microsoft.Extensions.FileSystemGlobbing (>= 10.0.5)
- Microsoft.Extensions.Hosting (>= 10.0.5)
- Microsoft.Extensions.Hosting.Abstractions (>= 10.0.5)
- Microsoft.Extensions.Http (>= 10.0.5)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.5)
- Microsoft.Extensions.Options (>= 10.0.5)
- Microsoft.Extensions.Primitives (>= 10.0.5)
- ModelContextProtocol (>= 1.0.0)
- Newtonsoft.Json (>= 13.0.4)
- Polly.Core (>= 8.6.5)
- Semver (>= 3.0.0)
- StreamJsonRpc (>= 2.22.23)
- System.IO.Hashing (>= 10.0.3)
- System.Text.Json (>= 10.0.5)
NuGet packages (2)
Showing the top 2 NuGet packages that depend on Aspire.Hosting.Azure.Network:
| Package | Downloads |
|---|---|
|
Aspire.Hosting.Azure.Sql
Azure SQL Database resource types for Aspire. |
|
|
Aspire.Hosting.Azure.Kubernetes
Azure Kubernetes Service (AKS) resource types for Aspire. |
GitHub repositories
This package is not used by any popular GitHub repositories.