ForgeTrust.RazorWire.Auth.AspNetCore
0.2.0-preview.2
dotnet add package ForgeTrust.RazorWire.Auth.AspNetCore --version 0.2.0-preview.2
NuGet\Install-Package ForgeTrust.RazorWire.Auth.AspNetCore -Version 0.2.0-preview.2
<PackageReference Include="ForgeTrust.RazorWire.Auth.AspNetCore" Version="0.2.0-preview.2" />
<PackageVersion Include="ForgeTrust.RazorWire.Auth.AspNetCore" Version="0.2.0-preview.2" />
<PackageReference Include="ForgeTrust.RazorWire.Auth.AspNetCore" />
paket add ForgeTrust.RazorWire.Auth.AspNetCore --version 0.2.0-preview.2
#r "nuget: ForgeTrust.RazorWire.Auth.AspNetCore, 0.2.0-preview.2"
#:package ForgeTrust.RazorWire.Auth.AspNetCore@0.2.0-preview.2
#addin nuget:?package=ForgeTrust.RazorWire.Auth.AspNetCore&version=0.2.0-preview.2&prerelease
#tool nuget:?package=ForgeTrust.RazorWire.Auth.AspNetCore&version=0.2.0-preview.2&prerelease
ForgeTrust.RazorWire.Auth.AspNetCore
ForgeTrust.RazorWire.Auth.AspNetCore connects RazorWire auth projection helpers to host-owned ASP.NET Core policies through ForgeTrust.AppSurface.Auth.AspNetCore.
Use this package when an ASP.NET Core host already configured authentication, authorization policies, AppSurface auth mapping, and RazorWire, and you want rw:auth-view or rw:auth-gate to render passive UI states from those host policy results.
This package is not authentication, sign-in UI, sign-out UI, OIDC, cookies, ASP.NET Identity, policy creation, middleware insertion, redirects, challenges, forbids, or DevAuth. It only registers an IRazorWireAuthResultProvider that delegates to IAppSurfaceAspNetCorePolicyEvaluator.
When these helpers appear on routes exported by RazorWire, static export forces a public anonymous/fallback projection and
fails with RWEXPORT010 before protected allowed content or auth diagnostics are written. See
Static Auth Projection.
Release Guidance
AppSurface ships as a coordinated package family. Before installing this package from a prerelease feed, check the package chooser and release hub for current release risk, migration guidance, and readiness.
Quickstart
using ForgeTrust.AppSurface.Auth.AspNetCore;
using ForgeTrust.RazorWire;
using ForgeTrust.RazorWire.Auth.AspNetCore;
builder.Services.AddRazorWire();
builder.Services.AddAppSurfaceAspNetCoreAuth(options => options.MapSubjectClaim("sub"));
builder.Services.AddRazorWireAspNetCoreAuth();
builder.Services.AddAuthorization(options =>
{
options.AddAppSurfacePolicy(
"docs.publish",
policy => policy.RequireAuthenticatedUser().RequireClaim("role", "publisher"));
});
Then project the same host policy in a Razor view:
<rw:auth-view policy="docs.publish">
<rw:auth-allowed>
<button type="submit">Publish</button>
</rw:auth-allowed>
<rw:auth-anonymous>
<rw:login-link href="/login" return-url-policy="current-path">Sign in</rw:login-link>
</rw:auth-anonymous>
<rw:auth-forbidden>
You do not have permission to publish this page.
</rw:auth-forbidden>
</rw:auth-view>
Always enforce the policy on the endpoint or action too:
app.MapPost("/docs/publish", PublishAsync)
.RequireSurfacePolicy("docs.publish");
API Reference
AddRazorWireAspNetCoreAuth()registersIRazorWireAuthResultProvideras a scoped provider backed byIAppSurfaceAspNetCorePolicyEvaluator.
Pitfalls
- UI projection is not authorization. Hidden UI does not protect endpoints.
- Register host authentication, authorization, AppSurface auth mapping, and RazorWire before relying on projected states.
- Use
ForgeTrust.AppSurface.Auth.AspNetCore.DevAuthonly for local Development proof. RenderAppSurfaceDevAuthMarkerseparately fromrw:auth-view. - Do not put production identity payloads, secrets, tokens, raw emails, or arbitrary auth metadata in projected UI.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- CliWrap (>= 3.10.1)
- ForgeTrust.AppSurface.Auth.AspNetCore (>= 0.2.0-preview.2)
- ForgeTrust.RazorWire (>= 0.2.0-preview.2)
- Microsoft.AspNetCore.Mvc.Razor.Extensions (>= 6.0.36)
- Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation (>= 10.0.2)
- Microsoft.CodeAnalysis.Analyzers (>= 3.11.0)
- Microsoft.CodeAnalysis.CSharp (>= 5.0.0)
- Microsoft.CodeAnalysis.Razor (>= 6.0.36)
- Microsoft.Extensions.DependencyModel (>= 10.0.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 0.2.0-preview.2 | 47 | 7/3/2026 |