Table of Contents

Class SecurityExtensions

Namespace
Compendium.Adapters.AspNetCore.Security
Assembly
Compendium.Adapters.AspNetCore.dll

Extension methods for configuring security features in ASP.NET Core applications.

public static class SecurityExtensions
Inheritance
SecurityExtensions
Inherited Members

Fields

DefaultCorsPolicyName

The default CORS policy name for Compendium applications.

public const string DefaultCorsPolicyName = "CompendiumCorsPolicy"

Field Value

string

Methods

AddCompendiumCors(IServiceCollection, Action<CorsPolicyBuilder>, string)

Adds strict CORS policy for Compendium applications.

public static IServiceCollection AddCompendiumCors(this IServiceCollection services, Action<CorsPolicyBuilder> configure, string policyName = "CompendiumCorsPolicy")

Parameters

services IServiceCollection

The service collection.

configure Action<CorsPolicyBuilder>

Configuration delegate for CORS policy.

policyName string

Optional custom policy name. Defaults to "CompendiumCorsPolicy".

Returns

IServiceCollection

The service collection for chaining.

Remarks

Default policy:

  • No origins allowed (must be explicitly configured)
  • Only specified HTTP methods allowed
  • Only specified headers allowed
  • Credentials not allowed by default

AddCompendiumSecurityHeaders(IServiceCollection, Action<SecurityHeadersOptions>?)

Adds security headers middleware with the specified options.

public static IServiceCollection AddCompendiumSecurityHeaders(this IServiceCollection services, Action<SecurityHeadersOptions>? configure = null)

Parameters

services IServiceCollection

The service collection.

configure Action<SecurityHeadersOptions>

Optional configuration delegate.

Returns

IServiceCollection

The service collection for chaining.

AddCompendiumStrictCors(IServiceCollection, string[], string)

Adds a strict CORS policy for API scenarios with specific allowed origins.

public static IServiceCollection AddCompendiumStrictCors(this IServiceCollection services, string[] allowedOrigins, string policyName = "CompendiumCorsPolicy")

Parameters

services IServiceCollection

The service collection.

allowedOrigins string[]

The allowed origins.

policyName string

Optional custom policy name.

Returns

IServiceCollection

The service collection for chaining.

UseCompendiumCors(IApplicationBuilder, string)

Uses the Compendium CORS policy.

public static IApplicationBuilder UseCompendiumCors(this IApplicationBuilder app, string policyName = "CompendiumCorsPolicy")

Parameters

app IApplicationBuilder

The application builder.

policyName string

Optional custom policy name. Defaults to "CompendiumCorsPolicy".

Returns

IApplicationBuilder

The application builder for chaining.

UseCompendiumHsts(IApplicationBuilder, int)

Uses HSTS (HTTP Strict Transport Security) middleware. Should only be used in production environments.

public static IApplicationBuilder UseCompendiumHsts(this IApplicationBuilder app, int maxAgeInSeconds = 31536000)

Parameters

app IApplicationBuilder

The application builder.

maxAgeInSeconds int

The max age in seconds. Default: 31536000 (1 year).

Returns

IApplicationBuilder

The application builder for chaining.

Remarks

This is a convenience method that wraps ASP.NET Core's built-in HSTS middleware. For more control, configure HSTS via SecurityHeadersOptions instead.

UseCompendiumSecurityHeaders(IApplicationBuilder)

Uses the security headers middleware in the application pipeline. Should be registered early in the pipeline.

public static IApplicationBuilder UseCompendiumSecurityHeaders(this IApplicationBuilder app)

Parameters

app IApplicationBuilder

The application builder.

Returns

IApplicationBuilder

The application builder for chaining.

Edit this page