ForgeTrust.RazorWire.Auth.AspNetCore 0.2.0-preview.2

This is a prerelease version of ForgeTrust.RazorWire.Auth.AspNetCore.
dotnet add package ForgeTrust.RazorWire.Auth.AspNetCore --version 0.2.0-preview.2
                    
NuGet\Install-Package ForgeTrust.RazorWire.Auth.AspNetCore -Version 0.2.0-preview.2
                    
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="ForgeTrust.RazorWire.Auth.AspNetCore" Version="0.2.0-preview.2" />
                    
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="ForgeTrust.RazorWire.Auth.AspNetCore" Version="0.2.0-preview.2" />
                    
Directory.Packages.props
<PackageReference Include="ForgeTrust.RazorWire.Auth.AspNetCore" />
                    
Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add ForgeTrust.RazorWire.Auth.AspNetCore --version 0.2.0-preview.2
                    
#r "nuget: ForgeTrust.RazorWire.Auth.AspNetCore, 0.2.0-preview.2"
                    
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package ForgeTrust.RazorWire.Auth.AspNetCore@0.2.0-preview.2
                    
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=ForgeTrust.RazorWire.Auth.AspNetCore&version=0.2.0-preview.2&prerelease
                    
Install as a Cake Addin
#tool nuget:?package=ForgeTrust.RazorWire.Auth.AspNetCore&version=0.2.0-preview.2&prerelease
                    
Install as a Cake Tool

ForgeTrust.RazorWire.Auth.AspNetCore

ForgeTrust.RazorWire.Auth.AspNetCore connects RazorWire auth projection helpers to host-owned ASP.NET Core policies through ForgeTrust.AppSurface.Auth.AspNetCore.

Use this package when an ASP.NET Core host already configured authentication, authorization policies, AppSurface auth mapping, and RazorWire, and you want rw:auth-view or rw:auth-gate to render passive UI states from those host policy results.

This package is not authentication, sign-in UI, sign-out UI, OIDC, cookies, ASP.NET Identity, policy creation, middleware insertion, redirects, challenges, forbids, or DevAuth. It only registers an IRazorWireAuthResultProvider that delegates to IAppSurfaceAspNetCorePolicyEvaluator.

When these helpers appear on routes exported by RazorWire, static export forces a public anonymous/fallback projection and fails with RWEXPORT010 before protected allowed content or auth diagnostics are written. See Static Auth Projection.

Release Guidance

AppSurface ships as a coordinated package family. Before installing this package from a prerelease feed, check the package chooser and release hub for current release risk, migration guidance, and readiness.

Quickstart

using ForgeTrust.AppSurface.Auth.AspNetCore;
using ForgeTrust.RazorWire;
using ForgeTrust.RazorWire.Auth.AspNetCore;

builder.Services.AddRazorWire();
builder.Services.AddAppSurfaceAspNetCoreAuth(options => options.MapSubjectClaim("sub"));
builder.Services.AddRazorWireAspNetCoreAuth();

builder.Services.AddAuthorization(options =>
{
    options.AddAppSurfacePolicy(
        "docs.publish",
        policy => policy.RequireAuthenticatedUser().RequireClaim("role", "publisher"));
});

Then project the same host policy in a Razor view:

<rw:auth-view policy="docs.publish">
    <rw:auth-allowed>
        <button type="submit">Publish</button>
    </rw:auth-allowed>
    <rw:auth-anonymous>
        <rw:login-link href="/login" return-url-policy="current-path">Sign in</rw:login-link>
    </rw:auth-anonymous>
    <rw:auth-forbidden>
        You do not have permission to publish this page.
    </rw:auth-forbidden>
</rw:auth-view>

Always enforce the policy on the endpoint or action too:

app.MapPost("/docs/publish", PublishAsync)
   .RequireSurfacePolicy("docs.publish");

API Reference

  • AddRazorWireAspNetCoreAuth() registers IRazorWireAuthResultProvider as a scoped provider backed by IAppSurfaceAspNetCorePolicyEvaluator.

Pitfalls

  • UI projection is not authorization. Hidden UI does not protect endpoints.
  • Register host authentication, authorization, AppSurface auth mapping, and RazorWire before relying on projected states.
  • Use ForgeTrust.AppSurface.Auth.AspNetCore.DevAuth only for local Development proof. Render AppSurfaceDevAuthMarker separately from rw:auth-view.
  • Do not put production identity payloads, secrets, tokens, raw emails, or arbitrary auth metadata in projected UI.
Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.2.0-preview.2 47 7/3/2026