DRN.Framework.Hosting 0.7.0-preview058

Prefix Reserved
.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher.
This is a prerelease version of DRN.Framework.Hosting.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package DRN.Framework.Hosting --version 0.7.0-preview058
                    


                    

                
NuGet\Install-Package DRN.Framework.Hosting -Version 0.7.0-preview058
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="DRN.Framework.Hosting" Version="0.7.0-preview058" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="DRN.Framework.Hosting" Version="0.7.0-preview058" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="DRN.Framework.Hosting" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add DRN.Framework.Hosting --version 0.7.0-preview058
                    


                    

                
#r "nuget: DRN.Framework.Hosting, 0.7.0-preview058"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package DRN.Framework.Hosting@0.7.0-preview058
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=DRN.Framework.Hosting&version=0.7.0-preview058&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=DRN.Framework.Hosting&version=0.7.0-preview058&prerelease
                    


                            Install as a Cake Tool

DRN.Framework.Hosting

master develop Quality Gate Status

Security Rating Maintainability Rating Reliability Rating Vulnerabilities Bugs Lines of Code

DRN.Framework.Hosting provides the application shell for DRN web applications. It abstracts away the boilerplate of configuring reliable, secure, and observable ASP.NET Core applications.

Table of Contents

TL;DR

  • Secure by Default: Enforces MFA, strict CSP with Nonces, and HSTS automatically.
  • Opinionated Startup: DrnProgramBase creates a predictable lifecycle for all services.
  • Type-Safe Routing: Replaces "magic strings" with typed Endpoint and Page accessors.
  • Frontend Synergy: Includes TagHelpers for Vite integration and secure asset loading.

Directory Structure

DRN.Framework.Hosting/
├── DrnProgram/       # DrnProgramBase, options, conventions
├── Endpoints/        # EndpointCollectionBase, EndpointForBase
├── Auth/             # Policies, MFA configuration
├── Middlewares/      # HttpScopeLogger, security middlewares
├── TagHelpers/       # Razor TagHelpers (Script, CSP, etc.)
└── wwwroot/          # Static files (JS/CSS)

QuickStart

1. Basic Program

All DRN web apps inherit from DrnProgramBase<TProgram> to inherit the lifecycle hooks and default behaviors.

using DRN.Framework.Hosting.DrnProgram;

namespace Sample.Hosted;

public class Program : DrnProgramBase<Program>, IDrnProgram
{
    // Entry Point
    public static async Task Main(string[] args) => await RunAsync(args);

    // Service Registration
    protected override Task AddServicesAsync(WebApplicationBuilder builder, IAppSettings appSettings, IScopedLog scopedLog)
    {
        builder.Services.AddSampleInfraServices();
        builder.Services.AddSampleApplicationServices();
        return Task.CompletedTask;
    }
}

2. Testing Integration

You can easily test your application using DRN.Framework.Testing.

[Theory, DataInline]
public async Task StatusController_Should_Return_Status(DrnTestContext context, ITestOutputHelper outputHelper)
{
  // Arrange: Create authenticated client for the Program
  var client = await context.ApplicationContext.CreateClientAsync<Program>(outputHelper);
  var status = await client.GetFromJsonAsync<ConfigurationDebugViewSummary>("Status");
  status?.ApplicationName.Should().Be("Sample.Hosted");
}

Lifecycle & Execution Flow

DrnProgramBase orchestrates the application startup to ensure security headers, logging scopes, and validation logic run in the correct order.

graph TD
    Start["RunAsync()"] --> CAB["CreateApplicationBuilder()"]
    
    subgraph "1. Builder Phase"
    CAB --> CSO["ConfigureSwaggerOptions()"]
    CAB --> CDSH["ConfigureDefaultSecurityHeaders()"]
    CAB --> ASA["AddServicesAsync()"]
    end

    ASA --> ABC["ApplicationBuilderCreatedAsync"]
    ABC --> Build["builder.Build()"]
    
    subgraph "2. Application Phase"
    Build --> CA["ConfigureApplication()"]
    CA --> CAPS["ConfigureApplicationPipelineStart() (HSTS/Headers)"]
    CA --> LOG["HttpScopeMiddleware (TraceId)"]
    CA --> UR["UseRouting()"]
    CA --> UA["UseAuthorization()"]
    CA --> MAE["MapApplicationEndpoints()"]
    end

    MAE --> ABA["ApplicationBuiltAsync"]
    ABA --> VE["ValidateEndpoints()"]
    VE --> VSA["ValidateServicesAsync()"]
    VSA --> Run["application.RunAsync()"]

DrnProgramBase Deep Dive

This section details every overrideable hook and internal behavior of the base class.

1. Configuration Hooks (Protected Virtual)

Override these methods to customize specific subsystems without breaking the overall logical flow.

Method Argument Purpose
ConfigureSwaggerOptions DrnProgramSwaggerOptions Customize OpenAPI metadata text (Title, Desc).
ConfigureMvcBuilder IMvcBuilder Add ApplicationParts, JSON options, or Runtime compilation.
ConfigureMvcOptions MvcOptions Customize global MVC filters or conventions.
ConfigureAuthorizationOptions AuthorizationOptions Critical: Defines Policies (MFA, MFAExempt) and Default/Fallback policies.
ConfigureResponseCachingOptions ResponseCachingOptions Customize HTTP response caching behavior.
ConfigureDefaultSecurityHeaders HeaderPolicyCollection Define global headers (FrameOptions, ContentTypeOptions).
ConfigureDefaultCsp CspBuilder Define the generic Content Security Policy (Nonces are auto-handled).
ConfigureSecurityHeaderPolicyBuilder SecurityHeaderPolicyBuilder Define advanced conditional CSP policies (e.g. for Swagger UI vs App).
ConfigureCookiePolicy CookiePolicyOptions Customize GDPR consent logic and cookie security attributes.
ConfigureMFARedirection Returns MfaRedirectionConfig Define where users go when MFA is required vs setup needed.

2. Pipeline Hooks

These methods insert middleware into key slots of the request pipeline.

Method Order Uses
ConfigureApplicationPipelineStart 1 UseForwardedHeaders, UseHostFiltering, UseCookiePolicy, UseSecurityHeaders.
ConfigureApplicationPreScopeStart 2 UseStaticFiles. Runs before Logging/Scope.
ConfigureApplicationPostScopeStart 3 Runs immediately after HttpScopeMiddleware (TraceId available).
ConfigureApplicationPreAuthentication 5 UseRequestLocalization. Runs before Auth logic.
ConfigureApplicationPostAuthentication 8 MfaRedirectionMiddleware. Runs after Identity is established.
ConfigureApplicationPostAuthorization 10 UseSwaggerUI. Runs after access is confirmed.

3. Internal Wiring (Automatic)

  • Service Validation: Calls ValidateServicesAsync to scan [Attribute]-registered services and ensure they are resolvable at startup.
  • Secure JSON: Enforces HtmlSafeWebJsonDefaults to prevent XSS via JSON serialization.
  • Endpoint Accessor: Registers IEndpointAccessor for typed access to EndpointCollectionBase.

4. Properties

Property Default Purpose
AppBuilderType DrnDefaults Controls builder creation. Use Slim for minimal APIs.
DrnProgramSwaggerOptions (Object) Toggles Swagger generation. Defaults to IsDevEnvironment.
NLogOptions (Object) Controls NLog bootstrapping (e.g., replace logger factory).

Configuration

Configuration Precedence: Environment > Secrets > AppSettings. Always use User Secrets for local connection strings to avoid committing credentials.

Layering

  1. appsettings.json
  2. appsettings.{Environment}.json
  3. User Secrets (Development only)
  4. Environment Variables (ASPNETCORE_, DOTNET_)
  5. Mounted Directories (e.g. /app/config)
  6. Command Line Arguments

Reference Configurations

NLog (Logging)

Standard configuration for Console and Graylog output.

{
  "NLog": {
    "throwConfigExceptions": true,
    "targets": {
      "async": true,
      "console": {
        "type": "Console",
        "layout": "${longdate}|${level:uppercase=true}|${logger}|${message} ${exception:format=tostring}"
      }
    },
    "rules": [
      { "logger": "*", "minLevel": "Info", "writeTo": "console" }
    ]
  }
}
Kestrel (Server)
{
  "Kestrel": {
    "EndpointDefaults": { "Protocols": "Http1" },
    "Endpoints": {
      "All": { "Url": "http://*:5988" }
    }
  }
}

Security Features

DRN Hosting enforces "Security by Default":

MFA Enforcement: By default, ALL routes require MFA unless explicitly opted-out. Any new controller without [AllowAnonymous] is secure by default (Fail-Closed).

1. MFA by Default (Fail-Closed)

The FallbackPolicy is set to require MFA. Any controller not marked with [AllowAnonymous] or [Authorize(Policy = AuthPolicy.MfaExempt)] will reject requests without a verified MFA session. Configured in ConfigureAuthorizationOptions by setting FallbackPolicy.

2. Content Security Policy (CSP)

  • Nonce-based: A cryptographic nonce is generated per request.
  • TagHelpers: The NonceTagHelper automatically injecting nonce="{current_nonce}" into scripts and styles.

3. Strict Headers

  • Strict-Transport-Security (HSTS)
  • X-Frame-Options: DENY
  • X-Content-Type-Options: nosniff
  • Referrer-Policy: strict-origin-when-cross-origin

4. GDPR Compliance

  • Built-in consent cookie SameSite=Strict.

Opting-Out

// Public landing page
[AllowAnonymous]
public class HomeController : Controller { ... }

// Login Page (Single Factor Allowed)
[Authorize(Policy = AuthPolicy.MfaExempt)]
public class LoginController : Controller { ... }

Endpoint Management

Avoid "magic strings" for routes. Use EndpointCollectionBase and PageCollectionBase for type-safe endpoint references.

// Usage in Code
ApiEndpoint endpoint = Get.Endpoint.User.Login;
string url = endpoint.Path();

Razor TagHelpers

TagHelper Target Purpose
ViteScriptTagHelper <script src="buildwww/..." /> Resolves Vite manifest entries.
NonceTagHelper <script>, <style> Auto-adds CSP nonce.
CsrfTokenTagHelper hx-post Adds CSRF tokens to HTMX requests.
AuthorizedOnlyTagHelper <div authorized-only> Renders only for authenticated users.

Local Development Infrastructure

Use DRN.Framework.Testing to provision infrastructure (Postgres, RabbitMQ) during local development.

Setup

  1. Add Conditional Reference:

    <ItemGroup Condition="'$(Configuration)' == 'Debug'">
    <ProjectReference Include="..\DRN.Framework.Testing\DRN.Framework.Testing.csproj" />
</ItemGroup>

  2. Configure Startup Actions:

    #if DEBUG
public class SampleProgramActions : DrnProgramActions
{
    public override async Task ApplicationBuilderCreatedAsync<TProgram>(
        TProgram program, WebApplicationBuilder builder,
        IAppSettings appSettings, IScopedLog scopedLog)
    {
        // Auto-starts containers if not running
        await builder.LaunchExternalDependenciesAsync(scopedLog, appSettings);
    }
}
#endif

Global Usings

Standard global usings for Hosted applications:

global using DRN.Framework.Hosting.DrnProgram;
global using DRN.Framework.Hosting.Endpoints;
global using DRN.Framework.Utils.DependencyInjection;
global using Microsoft.AspNetCore.Mvc;

Semper Progressivus: Always Progressive

Commit Info

Author: Duran Serkan KILIÇ
Date: 2026-01-25 19:57:06 +0300
Hash: f166fafb824fc08532b5c8d4c1f34b8786eb2300

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on DRN.Framework.Hosting:

Package Downloads
DRN.Framework.Testing

DRN.Framework.Testing package encapsulates testing dependencies and provides practical, effective helpers such as resourceful data attributes and test context. This package enables a new encouraging testing technique called as DTT(Duran's Testing Technique). With DTT, any developer can write clean and hassle-free unit and integration tests without complexity. ## Commit Info Author: Duran Serkan KILIÇ Date: 2026-03-26 21:45:03 +0300 Hash: 30e1be57f4eb7a89ca3ee1b45ce745fee9428273

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.9.1 91 3/26/2026
0.9.0 82 3/25/2026
0.9.0-preview001 89 3/22/2026
0.8.0 104 3/14/2026
0.7.0 94 3/8/2026
0.7.0-preview067 93 3/7/2026
0.7.0-preview066 102 2/28/2026
0.7.0-preview065 98 2/25/2026
0.7.0-preview064 99 2/22/2026
0.7.0-preview063 99 2/21/2026
0.7.0-preview062 97 2/11/2026
0.7.0-preview061 122 2/7/2026
0.7.0-preview060 103 1/28/2026
0.7.0-preview059 115 1/26/2026
0.7.0-preview058 113 1/25/2026
0.7.0-preview057 104 1/25/2026
0.7.0-preview056 110 1/10/2026
0.7.0-preview055 286 12/16/2025
0.7.0-preview054 201 12/13/2025
0.7.0-preview053 142 12/12/2025
Loading failed

Not every version includes changes, features or bug fixes. This project can increment version to keep consistency with other DRN.Framework projects.  

## Version 0.7.0

My family celebrates the enduring legacy of Mustafa Kemal Atatürk's enlightenment ideals.

### New Features

* IdentityControllerBase classes added which are controller version of Identity Api endpoints.
* DrnProgramBase
 * ConfigureSecurityHeaders virtual method added.
 * ConfigureApplicationPreScopeStart will add security headers configured by ConfigureSecurityHeaders

## Version 0.6.0

My family celebrates the enduring legacy of Mustafa Kemal Atatürk's enlightenment ideals. This release is dedicated to the memory of Mustafa Kemal Atatürk, founder of the Republic of Türkiye, and to his vision for a modern, enlightened, democratic nation. In his eternal rest, he continues to guide us through his ideals of freedom, progress, and national sovereignty.

### New Features

* DrnProgramBase
 * MvcBuilder configuration separated into virtual method
 * RazorRuntimeCompilation support added
 * Exception is no longer swallowed by DrnProgramBase to fail integration tests gracefully
* Multifactor Authentication
 * Mfa detail added to scopedlog with ScopedUserMiddleware
 * Mfa and Mfa exempt policies added with AuthPolicy helper class
 * DrnProgramBase.ConfigureAuthorizationOptions enforces Mfa by default
   * MfaExempt policy can be used with Authorize attribute to bypass mfa
   * ConfigureMFARedirection and ConfigureMFAExemption virtual methods added to DrnProgramBase
* PageCollectionBase and EndpointCollectionBase classes added to manage page and endpoint references

### Breaking Changes

* DrnProgramBase refactored
 * Static properties removed to improve application stability during integration tests
 * New overridable virtual methods added to improve configurability
 * Overridable virtual method parameters changed to accept instance parameters since static properties does not exist anymore.

## Version 0.5.0

My family celebrates the enduring legacy of Mustafa Kemal Atatürk's enlightenment ideals. This release is dedicated to August 30 Victory Day, a day that marks the decisive victory achieved by the Turkish people against imperialism during the Turkish War of Independence, leading to the establishment of the Republic of Türkiye.

### New Features

* ScopedUserMiddleware
 * sets IScopedUser with current user belongs to the request scope
 * updates IScopedLog with UserId and UserAuthenticated info
* HttpScopeHandler
 * Initializes ScopeContext with TraceId, IScopedLog and IScopedUser
 * DrnException handling as default application exception handling
 * DrnExceptions can be used to short circuit the processing pipeline
 * FlurlHttpException handling as default gateway exception handling
 * In Development environment - HttpResponse returns ScopedLog as developer exception result
 * l5d-client-id is added to scoped log by default
* HttpRequestLogger
 * Request and response logs improvements
* DrnProgramBase
 * HostOptions become configurable with Configuration.GetSection("HostOptions")
 * overrideable ConfigureSwaggerOptions
 * Added swagger support by default in development environment

### Breaking Changes

* DrnProgramBase
 * DrnProgramOptions - Removed

## Version 0.4.0

My family celebrates the enduring legacy of Mustafa Kemal Atatürk's enlightenment ideals. This release is dedicated to 19 May Commemoration of Atatürk, Youth and Sports Day.

### Breaking Changes

* HttpScopeLogger is renamed as HttpScopeHandler

### New Features

* EndpointsApiExplorer - added to service collection by DrnProgramBase to support OpenAPI Specification
* NexusClient - added for initial service discovery and remote configuration management development
* DrnProgramBase has new overridable configuration methods
 * ConfigureApplicationPreScopeStart
 * ConfigureApplicationPostScopeStart
 * MapApplicationEndpoints

## Version 0.3.0

My family celebrates the enduring legacy of Mustafa Kemal Atatürk's enlightenment ideals. This release is dedicated to 23 April National Sovereignty and Children's Day.

### New Features

* DrnProgramBase and IDrnProgram - added to minimize development efforts with sensible defaults
* HttpScopeLogger and HttpRequestLogger middlewares - added to support structured logging

---

**Semper Progressivus: Always Progressive**  
 
## Commit Info  
Author: Duran Serkan KILIÇ  
Date: 2026-01-25 19:57:06 +0300  
Hash: f166fafb824fc08532b5c8d4c1f34b8786eb2300