Rig.TUnit.Security.Policies 0.1.0-beta.2

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher.
This is a prerelease version of Rig.TUnit.Security.Policies. 
dotnet add package Rig.TUnit.Security.Policies --version 0.1.0-beta.2
                    


                    

                
NuGet\Install-Package Rig.TUnit.Security.Policies -Version 0.1.0-beta.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Rig.TUnit.Security.Policies" Version="0.1.0-beta.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Rig.TUnit.Security.Policies" Version="0.1.0-beta.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Rig.TUnit.Security.Policies" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Rig.TUnit.Security.Policies --version 0.1.0-beta.2
                    


                    

                
#r "nuget: Rig.TUnit.Security.Policies, 0.1.0-beta.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Rig.TUnit.Security.Policies@0.1.0-beta.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Rig.TUnit.Security.Policies&version=0.1.0-beta.2&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Rig.TUnit.Security.Policies&version=0.1.0-beta.2&prerelease
                    


                            Install as a Cake Tool

Rig.TUnit.Security.Policies

Policy-based authorisation testing — real IAuthorizationService in-process so production AuthorizationHandler<T> runs unchanged.

What this package is

Runs your ASP.NET Core AuthorizationHandler<TRequirement> implementations inside a real IAuthorizationService — no test bypass, no [AllowAnonymous] shortcut. PolicyFixture constructs the DI container with policies you declare, and PolicyAssert.Policy(…).Allows (principal) / .Denies(principal) executes the full pipeline and asserts the decision.

When to use it

  • Unit-testing policy definitions — does "AdminOnly" actually require the role you think it does?
  • Verifying custom AuthorizationHandler<T> behaviour end-to-end.
  • Regression-testing policy changes after a claims-transformation refactor.
  • Not for: full HTTP integration — layer with Rig.TUnit.WebAPI and send real requests.

Prerequisites

  • .NET 10 SDK
  • Project under test uses ASP.NET Core authorisation (package reference: Microsoft.AspNetCore.Authorization).

Quick start

using System.Security.Claims;
using Rig.TUnit.Security.Policies.Fixtures;

await using var fx = new PolicyFixture(
    new PolicyFixtureOptions(),
    policies => policies.AddPolicy("AdminOnly", p => p.RequireRole("admin")));
await fx.InitializeAsync();

Options

Property Type Default Description
DefaultScheme string "Test" Scheme name surfaced on the fixture's ConnectionString
RequiredClaims string[] [] Claims auto-asserted on every principal
LogDecisions bool false Emit structured log per allow/deny

Fixture + helper APIs

  • Rig.TUnit.Security.Policies.Fixtures.PolicyFixture
  • Rig.TUnit.Security.Policies.Options.PolicyFixtureOptions
  • Rig.TUnit.Security.Policies.Builder.PoliciesRigBuilder
  • Rig.TUnit.Security.Policies.Assertions.PolicyAssert

Per-test isolation

PolicyFixture owns its DI container per-test; policies registered in one fixture do not leak into another. Safe under full parallelism.

Parallelism + performance

  • Fixture construction: ~5 ms (DI container + policy registry).
  • Per-assertion: ~100 µs (IAuthorizationService.AuthorizeAsync).
  • Safe under full parallelism.

Troubleshooting

  • AuthorizationResult.Failed on an expected-allow — confirm the ClaimsPrincipal has a non-null IsAuthenticated identity; anonymous principals fail most policies.
  • Handler never invoked — ensure RequireAssertion or RequireRole is on the policy; a policy without any requirement succeeds by default.

See docs/troubleshooting.md#policies.

Provider quirks + edge cases

  • AuthorizationOptions.DefaultPolicy is respected — tests without an explicit policy fall through to it.
  • Multiple AuthorizationHandler<T> for the same requirement all run; any context.Succeed(…) grants — tests asserting "no handler ran" must track this carefully.

Benchmarks

See PolicyBenchmarks.cs; baseline in benchmarks/baseline-005.json.

License

MIT. See LICENSE.

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Rig.TUnit.Security.Policies:

Package Downloads
Rig.TUnit.All

Meta-package containing every Rig.TUnit.* package. DISCOURAGED — prefer per-feature or per-stack meta-packages (Rig.TUnit, Rig.TUnit.Microservices).

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.1.0-beta.2 62 4/27/2026
0.0.0-alpha.0.14 69 4/26/2026