Skip to content
Aspire
Docs Try Aspire
Docs Try

Install Aspire CLI

macOS

curl -sSL https://aspire.dev/install.sh | bash

Linux

curl -sSL https://aspire.dev/install.sh | bash

Windows

irm https://aspire.dev/install.ps1 | iex
More installation options

AzureNetworkSecurityPerimeterExtensions Methods

Class Methods 3 members
Provides extension methods for adding Azure Network Security Perimeter resources to the application model.
AddNetworkSecurityPerimeter(IDistributedApplicationBuilder, string) Section titled AddNetworkSecurityPerimeter(IDistributedApplicationBuilder, string) extension IResourceBuilder<AzureNetworkSecurityPerimeterResource>
Adds an Azure Network Security Perimeter to the application model. 
public static class AzureNetworkSecurityPerimeterExtensions
{
    public static IResourceBuilder<AzureNetworkSecurityPerimeterResource> AddNetworkSecurityPerimeter(
        this IDistributedApplicationBuilder builder,
        string name)
    {
        // ...
    }
}
AzureNetworkSecurityPerimeterExtensions.cs#L38-L50

Parameters

builder IDistributedApplicationBuilder The builder for the distributed application.
name string The name of the Network Security Perimeter resource.

Returns

IResourceBuilder<AzureNetworkSecurityPerimeterResource> A reference to the ApplicationModel.IResourceBuilder`1.

Examples

This example adds a Network Security Perimeter and associates a storage resource:

var nsp = builder.AddNetworkSecurityPerimeter("my-nsp");
var storage = builder.AddAzureStorage("storage");
storage.WithNetworkSecurityPerimeter(nsp);
WithAccessRule(IResourceBuilder<AzureNetworkSecurityPerimeterResource>, AzureNspAccessRule) Section titled WithAccessRule(IResourceBuilder<AzureNetworkSecurityPerimeterResource>, AzureNspAccessRule) extension IResourceBuilder<AzureNetworkSecurityPerimeterResource>
Adds an access rule to the Network Security Perimeter. 
public static class AzureNetworkSecurityPerimeterExtensions
{
    public static IResourceBuilder<AzureNetworkSecurityPerimeterResource> WithAccessRule(
        this IResourceBuilder<AzureNetworkSecurityPerimeterResource> builder,
        AzureNspAccessRule rule)
    {
        // ...
    }
}
AzureNetworkSecurityPerimeterExtensions.cs#L83-L95

Parameters

builder IResourceBuilder<AzureNetworkSecurityPerimeterResource> The Network Security Perimeter resource builder.
rule AzureNspAccessRule The access rule configuration.

Returns

IResourceBuilder<AzureNetworkSecurityPerimeterResource> A reference to the ApplicationModel.IResourceBuilder`1 for chaining.

Examples

This example adds inbound and outbound access rules:

var nsp = builder.AddNetworkSecurityPerimeter("my-nsp")
    .WithAccessRule(new AzureNspAccessRule
    {
        Name = "allow-my-ip",
        Direction = NetworkSecurityPerimeterAccessRuleDirection.Inbound,
        AddressPrefixes = { "203.0.113.0/24" }
    })
    .WithAccessRule(new AzureNspAccessRule
    {
        Name = "allow-outbound-fqdn",
        Direction = NetworkSecurityPerimeterAccessRuleDirection.Outbound,
        FullyQualifiedDomainNames = { "*.blob.core.windows.net" }
    });
WithNetworkSecurityPerimeter(IResourceBuilder<T>, IResourceBuilder<AzureNetworkSecurityPerimeterResource>, NetworkSecurityPerimeterAssociationAccessMode, string?) Section titled WithNetworkSecurityPerimeter(IResourceBuilder<T>, IResourceBuilder<AzureNetworkSecurityPerimeterResource>, NetworkSecurityPerimeterAssociationAccessMode, string?) extension IResourceBuilder<T>
Associates an Azure PaaS resource with a Network Security Perimeter. 
public static class AzureNetworkSecurityPerimeterExtensions
{
    public static IResourceBuilder<T> WithNetworkSecurityPerimeter<T>(
        this IResourceBuilder<T> target,
        IResourceBuilder<AzureNetworkSecurityPerimeterResource> nsp,
        NetworkSecurityPerimeterAssociationAccessMode accessMode = NetworkSecurityPerimeterAssociationAccessMode.Enforced,
        string? associationName = null)
    {
        // ...
    }
}
AzureNetworkSecurityPerimeterExtensions.cs#L141-L158

Parameters

target IResourceBuilder<T> The target PaaS resource builder to associate.
nsp IResourceBuilder<AzureNetworkSecurityPerimeterResource> The Network Security Perimeter to associate with.
accessMode NetworkSecurityPerimeterAssociationAccessMode optional The access mode for the association. Defaults to NetworkSecurityPerimeterAssociationAccessMode.Enforced. Use NetworkSecurityPerimeterAssociationAccessMode.Learning to log violations without blocking traffic.
associationName string? optional An optional name for the association. If not provided, defaults to "{resourceName}-assoc".

Returns

IResourceBuilder<T> A reference to the target resource builder for chaining.

Remarks

In NetworkSecurityPerimeterAssociationAccessMode.Enforced mode, resources within the perimeter can communicate with each other, but public access is restricted to the rules defined in the perimeter profile.

In NetworkSecurityPerimeterAssociationAccessMode.Learning mode, traffic that would be blocked by the perimeter rules is logged but not denied. This is useful when onboarding resources to identify required access rules before switching to enforced mode.

Examples

This example associates storage and key vault resources with an NSP:

var nsp = builder.AddNetworkSecurityPerimeter("my-nsp");
var storage = builder.AddAzureStorage("storage");
var keyVault = builder.AddAzureKeyVault("kv");


storage.WithNetworkSecurityPerimeter(nsp);
keyVault.WithNetworkSecurityPerimeter(nsp, NetworkSecurityPerimeterAssociationAccessMode.Learning);
Connect with us

Community

SHA — 9c47f12 © Microsoft