AppSurfaceAuthContext Context { get; }
Source
Gets the mapped AppSurface auth context.
AspNetCore
AppSurfaceAspNetCoreAuthContextSnapshot
SourceCaptures the result of mapping the current ASP.NET Core request principal into an AppSurface auth context.
Remarks
Anonymous callers resolve successfully with AppSurfaceAuthContext.Anonymous. A non-null Failure means the adapter could not safely map the request, for example because there is no current HTTP request or an authenticated principal did not contain a configured subject claim.
Context
Failure
AppSurfaceAuthResult? Failure { get; }
Source
Gets the setup failure when the context could not be mapped safely.
Succeeded
bool Succeeded { get; }
Source
Gets a value indicating whether the current request principal mapped successfully.
IAppSurfaceAspNetCorePolicyEvaluator
SourceEvaluates host-owned ASP.NET Core authorization policies and maps the outcome to AppSurface auth results.
Remarks
This service does not create policies, register schemes, challenge responses, forbid responses, redirect callers, or mutate cookies. It evaluates policies registered by the host and returns a passive AppSurface result for downstream AppSurface surfaces.
AuthorizeAsync
Task<AppSurfaceAuthResult> AuthorizeAsync(string policyName, object? resource = null, CancellationToken cancellationToken = default)
Source
Evaluates a named ASP.NET Core authorization policy for the current HTTP request.
Parameters
policyNameNon-empty host-owned policy name.resourceOptional authorization resource passed to ASP.NET Core policy evaluation. When null, the currentHttpContextis used.cancellationTokenToken observed before and during policy lookup.
Returns
A passive AppSurface auth result for the policy decision.
Exceptions
ArgumentExceptionpolicyNameis null, empty, or whitespace.
Remarks
ASP.NET Core authorization execution itself does not expose a cancellation-token overload. Cancellation is observed before policy lookup, during asynchronous policy lookup, and immediately before policy evaluation. Exceptions from host policy providers or handlers are allowed to propagate so host bugs are not hidden as denials.
AppSurfaceAspNetCoreAuthContextAccessor
SourceProvides the request-scoped AppSurface auth context mapped from the current ASP.NET Core HttpContext.
Remarks
The accessor is intentionally passive: it reads the host-populated HttpContext.User and does not authenticate, challenge, forbid, redirect, or register host schemes. The mapped snapshot is memoized for the lifetime of the accessor scope so repeated module code sees a stable view of the request. Resolve it only from an ASP.NET Core request scope; outside a request it returns a missing-services snapshot instead of throwing.
GetCurrentContext
AppSurfaceAspNetCoreAuthContextSnapshot GetCurrentContext()
Source
Gets the current request auth context snapshot, memoizing the result for the accessor scope.
Returns
A successful anonymous or authenticated snapshot when a request principal can be mapped; otherwise a snapshot carrying a safe missing-services or missing-subject setup failure.
Remarks
A missing HttpContext is reported as AppSurfaceAuthReason.MissingServices so consumers can distinguish host setup/order issues from authorization denials.
AppSurfaceAspNetCoreAuthOptions
SourceConfigures how ASP.NET Core request principals are mapped into AppSurface auth contracts.
Remarks
These options do not configure authentication schemes, authorization policies, cookies, bearer tokens, identity providers, middleware, challenges, or forbids. ASP.NET Core remains the source of truth for those behaviors. The adapter only decides which already-authenticated claim represents the stable AppSurface subject identifier.
MapSubjectClaim
AppSurfaceAspNetCoreAuthOptions MapSubjectClaim(string claimType)
Source
Gives a claim type first priority when resolving the stable AppSurface subject identifier.
Parameters
claimTypeClaim type that carries the host-owned stable subject id.
Returns
The current options instance so calls can be chained from registration lambdas.
Remarks
This method maps the subject identifier only. It does not map display names, emails, roles, permissions, scopes, or authorization truth. Host-owned ASP.NET Core policies remain responsible for permission decisions.
SubjectClaimTypes
IReadOnlyList<string> SubjectClaimTypes { get; }
Source
Gets the ordered claim types used to resolve the stable AppSurface subject identifier.
Remarks
Only authenticated ASP.NET Core identities are inspected. Claims on unauthenticated identities are ignored even when they use one of these claim types.
AppSurfaceAspNetCoreAuthModule
SourceRegisters the ASP.NET Core adapter for AppSurface auth contracts.
Remarks
This module composes the neutral AppSurfaceAuthModule and registers adapter services only. It does not configure ASP.NET Core authentication schemes, authorization policies, middleware, challenges, forbids, redirects, cookies, identity providers, endpoint filters, RazorWire UI, or Minimal API helpers.
ConfigureServices
void ConfigureServices(StartupContext context, IServiceCollection services)
Source
Registers ASP.NET Core AppSurface auth adapter services.
Parameters
contextStartup context for the current AppSurface composition pass.servicesService collection that receives adapter registrations.
RegisterDependentModules
void RegisterDependentModules(ModuleDependencyBuilder builder)
Source
Registers the neutral AppSurface auth module dependency.
Parameters
builderModule dependency builder for the current startup graph.
AppSurfaceAspNetCoreAuthContextMapper
SourceMaps an ASP.NET Core ClaimsPrincipal into an AppSurface auth context snapshot.
Remarks
Only authenticated identities are considered. Anonymous principals map to an anonymous success snapshot, while an authenticated principal without a configured stable subject claim maps to a missing-subject setup failure. This keeps AppSurface from silently treating a misconfigured authenticated request as either anonymous or allowed.
Map
AppSurfaceAspNetCoreAuthContextSnapshot Map(ClaimsPrincipal? principal)
Source
Converts an ASP.NET Core principal into a neutral AppSurface auth-context snapshot.
Parameters
principalThe principal populated by ASP.NET Core authentication middleware.
Returns
An anonymous snapshot for null or unauthenticated principals, an authenticated snapshot when a configured subject claim is present, or a missing-subject failure snapshot for authenticated principals without a subject.
ResolveSubject
string? ResolveSubject(IReadOnlyList<ClaimsIdentity> identities)
Source
Resolves the first non-blank stable subject value using configured claim-type precedence.
Parameters
identitiesAuthenticated identities whose claims are safe to inspect.
Returns
The first matching subject value, or null when none is present.
IAppSurfaceAspNetCoreAuthContextAccessor
SourceProvides scoped access to the current ASP.NET Core request mapped into AppSurface auth contracts.
Remarks
Resolve and use this service after ASP.NET Core authentication middleware has populated the current HttpContext.User. The mapping is lazy and memoized for the scoped service instance.
GetCurrentContext
AppSurfaceAspNetCoreAuthContextSnapshot GetCurrentContext()
Source
Gets the current request's AppSurface auth context mapping snapshot.
Returns
A mapping snapshot. Anonymous callers resolve successfully; setup failures are exposed through AppSurfaceAspNetCoreAuthContextSnapshot.Failure.
AppSurfaceAspNetCoreAuthServiceCollectionExtensions
SourceRegisters the ASP.NET Core AppSurface auth adapter.
AddAppSurfaceAspNetCoreAuth
IServiceCollection AddAppSurfaceAspNetCoreAuth(this IServiceCollection services, Action<AppSurfaceAspNetCoreAuthOptions>? configure = null)
Source
Adds AppSurface auth mapping services for an ASP.NET Core host.
Parameters
servicesService collection that receives adapter registrations.configureOptional adapter options callback.
Returns
The same service collection for chaining.
Remarks
The adapter registers IHttpContextAccessor, AppSurface auth options, adapter options, and scoped adapter services. It intentionally does not call AddAuthentication, register authentication schemes, call AddAuthorization, create policies, add middleware, challenge, forbid, redirect, or mutate cookies. Host applications must keep those choices in their ASP.NET Core security setup.
AppSurfaceAspNetCoreAuthDiagnostics
SourceBuilds safe diagnostic metadata dictionaries for ASP.NET Core auth adapter setup failures.
Remarks
Diagnostics identify missing services, policy names, and stable adapter diagnostic codes. They must not include raw claims, tokens, email addresses, display names, or other request-user secrets.
MissingService
IReadOnlyDictionary<string, string> MissingService(Type serviceType, string diagnosticCode, string? policyName = null)
Source
Builds metadata for a missing ASP.NET Core service dependency.
Parameters
serviceTypeThe service type that was required but unavailable.diagnosticCodeA stable adapter diagnostic code describing the missing dependency.policyNameOptional policy name associated with the setup failure.
Returns
A safe metadata dictionary for an auth setup-failure result.
Policy
IReadOnlyDictionary<string, string> Policy(string diagnosticCode, string policyName)
Source
Builds metadata for a policy lookup or policy-related setup failure.
Parameters
diagnosticCodeA stable adapter diagnostic code describing the policy failure.policyNameThe requested ASP.NET Core authorization policy name.
Returns
A safe metadata dictionary for an auth setup-failure result.
AppSurfaceAspNetCoreAuthMetadataKeys
SourceDefines safe diagnostic metadata keys emitted by the ASP.NET Core auth adapter.
Remarks
These keys are for setup diagnostics only. The adapter does not copy raw claims, tokens, emails, display names, or identity-provider payloads into result metadata.
AppSurfaceAspNetCorePolicyEvaluator
SourceEvaluates host-owned ASP.NET Core authorization policies and returns neutral AppSurface auth results.
Remarks
This evaluator does not register or own schemes, policies, middleware, challenges, forbids, redirects, cookies, OIDC, or Identity. It resolves the host policy services from the current request, delegates authentication and authorization to ASP.NET Core, and maps the resulting principal through AppSurfaceAspNetCoreAuthContextMapper. Missing request services, missing policies, missing authentication setup, and authenticated principals without a subject are reported as setup failures with safe diagnostics; host handler exceptions still propagate.
AuthorizeAsync
Task<AppSurfaceAuthResult> AuthorizeAsync(string policyName, object? resource = null, CancellationToken cancellationToken = default)
Source
Evaluates a named ASP.NET Core authorization policy and maps the outcome to an AppSurface result.
Parameters
policyNameThe non-blank host policy name to evaluate.resourceOptional resource passed to ASP.NET Core authorization handlers. When omitted, the currentHttpContextis used, matching common ASP.NET Core request-policy behavior.cancellationTokenCancellation observed before and during policy lookup.
Returns
AppSurfaceAuthOutcome.Allowed for successful authorization, AppSurfaceAuthOutcome.Challenge for unauthenticated policy outcomes, AppSurfaceAuthOutcome.Forbid for authenticated denials, or a setup-failure result for missing host services, missing policies, or missing stable subject claims.
Remarks
Call this after the host has configured normal authentication and authorization services and middleware. ASP.NET Core policy evaluation does not accept a cancellation token, so handler execution is not cancellable through this adapter. Invalid operation exceptions that indicate missing framework authentication setup are converted to missing-services results; other host exceptions propagate.
MissingServices
AppSurfaceAuthResult MissingServices(Type missingService, string diagnosticCode, string policyName, string message)
Source
Creates a missing-services setup failure with safe ASP.NET Core auth adapter diagnostics.
Parameters
missingServiceThe service type that was expected from host setup.diagnosticCodeStable diagnostic code for the missing setup condition.policyNamePolicy name being evaluated when the setup failure occurred.messageUser-facing failure message that avoids request secrets.
Returns
A neutral setup-failure auth result.
ResolveRequiredService
ServiceResolution<TService> ResolveRequiredService<TService>(IServiceProvider requestServices, string diagnosticCode, string policyName, string message)
Source
Resolves a required request service and converts known missing-framework-service failures into setup failures.
Type Parameters
TServiceThe request service contract required for policy evaluation.
Parameters
requestServicesCurrent request service provider.diagnosticCodeStable diagnostic code to use if the service cannot be resolved.policyNamePolicy name being evaluated.messageUser-facing failure message that avoids request secrets.
Returns
A service resolution containing either the resolved service or a missing-services failure.
IsMissingServiceResolutionFailure
bool IsMissingServiceResolutionFailure(InvalidOperationException exception)
Source
Determines whether an InvalidOperationException represents missing DI setup.
Parameters
exceptionThe exception thrown while resolving a request service.
Returns
true when the exception is a known missing-service resolution failure.
IsMissingAuthenticationSetupFailure
bool IsMissingAuthenticationSetupFailure(InvalidOperationException exception)
Source
Determines whether an authentication exception represents missing host authentication setup.
Parameters
exceptionThe exception thrown by ASP.NET Core policy authentication.
Returns
true when the exception indicates missing authentication services or handlers.
ServiceResolution<TService>
SourceRepresents either a resolved request service or the setup failure produced when resolution failed.
Type Parameters
TServiceThe request service contract being resolved.
Service
TService Service { get; }
Source
Gets the resolved service when resolution succeeded.
Failure
AppSurfaceAuthResult? Failure { get; }
Source
Gets the setup failure when resolution failed.