# AzureNetworkSecurityGroupExtensions Methods

- Package: [Aspire.Hosting.Azure.Network](/reference/api/csharp/aspire.hosting.azure.network.md)
- Type: [AzureNetworkSecurityGroupExtensions](/reference/api/csharp/aspire.hosting.azure.network/azurenetworksecuritygroupextensions.md)
- Kind: `Methods`
- Members: `2`

Provides extension methods for adding Azure Network Security Group resources to the application model.

## AddNetworkSecurityGroup(IDistributedApplicationBuilder, string)

- Name: `AddNetworkSecurityGroup(IDistributedApplicationBuilder, string)`
- Modifiers: `extension`
- Returns: `IResourceBuilder<AzureNetworkSecurityGroupResource>`
- Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureNetworkSecurityGroupExtensions.cs#L43-L55)

Adds an Azure Network Security Group to the application model.

```csharp
public static class AzureNetworkSecurityGroupExtensions
{
    public static IResourceBuilder<AzureNetworkSecurityGroupResource> AddNetworkSecurityGroup(
        this IDistributedApplicationBuilder builder,
        string name)
    {
        // ...
    }
}
```

## Parameters

- `builder` (`IDistributedApplicationBuilder`)
  The builder for the distributed application.
- `name` (`string`)
  The name of the Network Security Group resource.

## Returns

`IResourceBuilder<AzureNetworkSecurityGroupResource>` -- A reference to the `ApplicationModel.IResourceBuilder`1`.

## Examples

This example adds a Network Security Group with a security rule:

```csharp
var nsg = builder.AddNetworkSecurityGroup("web-nsg")
    .WithSecurityRule(new AzureSecurityRule
    {
        Name = "allow-https",
        Priority = 100,
        Direction = SecurityRuleDirection.Inbound,
        Access = SecurityRuleAccess.Allow,
        Protocol = SecurityRuleProtocol.Tcp,
        DestinationPortRange = "443"
    });
```

## ATS metadata

### ATS export

- Available to Polyglot AppHosts through the Aspire Type System.

## WithSecurityRule(IResourceBuilder<AzureNetworkSecurityGroupResource>, AzureSecurityRule)

- Name: `WithSecurityRule(IResourceBuilder<AzureNetworkSecurityGroupResource>, AzureSecurityRule)`
- Modifiers: `extension`
- Returns: `IResourceBuilder<AzureNetworkSecurityGroupResource>`
- Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureNetworkSecurityGroupExtensions.cs#L94-L106)

Adds a security rule to the Network Security Group.

```csharp
public static class AzureNetworkSecurityGroupExtensions
{
    public static IResourceBuilder<AzureNetworkSecurityGroupResource> WithSecurityRule(
        this IResourceBuilder<AzureNetworkSecurityGroupResource> builder,
        AzureSecurityRule rule)
    {
        // ...
    }
}
```

## Parameters

- `builder` (`IResourceBuilder<AzureNetworkSecurityGroupResource>`)
  The Network Security Group resource builder.
- `rule` ([AzureSecurityRule](/reference/api/csharp/aspire.hosting.azure.network/azuresecurityrule.md))
  The security rule configuration.

## Returns

`IResourceBuilder<AzureNetworkSecurityGroupResource>` -- A reference to the `ApplicationModel.IResourceBuilder`1` for chaining.

## Examples

This example adds multiple security rules to a Network Security Group:

```csharp
var nsg = builder.AddNetworkSecurityGroup("web-nsg")
    .WithSecurityRule(new AzureSecurityRule
    {
        Name = "allow-https",
        Priority = 100,
        Direction = SecurityRuleDirection.Inbound,
        Access = SecurityRuleAccess.Allow,
        Protocol = SecurityRuleProtocol.Tcp,
        DestinationPortRange = "443"
    })
    .WithSecurityRule(new AzureSecurityRule
    {
        Name = "deny-all-inbound",
        Priority = 4096,
        Direction = SecurityRuleDirection.Inbound,
        Access = SecurityRuleAccess.Deny,
        Protocol = SecurityRuleProtocol.Asterisk,
        DestinationPortRange = "*"
    });
```

## ATS metadata

### ATS export

- Available to Polyglot AppHosts through the Aspire Type System.