# AzureVirtualNetworkExtensions Methods - Package: [Aspire.Hosting.Azure.Network](/reference/api/csharp/aspire.hosting.azure.network.md) - Type: [AzureVirtualNetworkExtensions](/reference/api/csharp/aspire.hosting.azure.network/azurevirtualnetworkextensions.md) - Kind: `Methods` - Members: `11` Provides extension methods for adding Azure Virtual Network resources to the application model. ## AddAzureVirtualNetwork(IDistributedApplicationBuilder, string, string?) - Name: `AddAzureVirtualNetwork(IDistributedApplicationBuilder, string, string?)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs) Adds an Azure Virtual Network resource to the application model. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder AddAzureVirtualNetwork( this IDistributedApplicationBuilder builder, string name, string? addressPrefix = null) { // ... } } ``` ## Parameters - `builder` (`IDistributedApplicationBuilder`) The builder for the distributed application. - `name` (`string`) The name of the Azure Virtual Network resource. - `addressPrefix` (`string?`) `optional` The address prefix for the virtual network (e.g., "10.0.0.0/16"). If null, defaults to "10.0.0.0/16". ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## Examples This example creates a virtual network with a subnet for private endpoints: ```csharp var vnet = builder.AddAzureVirtualNetwork("vnet"); var subnet = vnet.AddSubnet("pe-subnet", "10.0.1.0/24"); ``` ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AddAzureVirtualNetwork(IDistributedApplicationBuilder, string, IResourceBuilder) - Name: `AddAzureVirtualNetwork(IDistributedApplicationBuilder, string, IResourceBuilder)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs) Adds an Azure Virtual Network resource to the application model with a parameterized address prefix. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder AddAzureVirtualNetwork( this IDistributedApplicationBuilder builder, string name, IResourceBuilder addressPrefix) { // ... } } ``` ## Parameters - `builder` (`IDistributedApplicationBuilder`) The builder for the distributed application. - `name` (`string`) The name of the Azure Virtual Network resource. - `addressPrefix` (`IResourceBuilder`) The parameter resource containing the address prefix for the virtual network (e.g., "10.0.0.0/16"). ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## Examples This example creates a virtual network with a parameterized address prefix: ```csharp var vnetPrefix = builder.AddParameter("vnetPrefix"); var vnet = builder.AddAzureVirtualNetwork("vnet", vnetPrefix); var subnet = vnet.AddSubnet("pe-subnet", "10.0.1.0/24"); ``` ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AddSubnet(IResourceBuilder, string, string, string?) - Name: `AddSubnet(IResourceBuilder, string, string, string?)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs) Adds an Azure Subnet to the Virtual Network. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder AddSubnet( this IResourceBuilder builder, string name, string addressPrefix, string? subnetName = null) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Virtual Network resource builder. - `name` (`string`) The name of the subnet resource. - `addressPrefix` (`string`) The address prefix for the subnet (e.g., "10.0.1.0/24"). - `subnetName` (`string?`) `optional` The subnet name in Azure. If null, the resource name is used. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## Examples This example adds a subnet to a virtual network: ```csharp var vnet = builder.AddAzureVirtualNetwork("vnet"); var subnet = vnet.AddSubnet("my-subnet", "10.0.1.0/24"); ``` ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AddSubnet(IResourceBuilder, string, IResourceBuilder, string?) - Name: `AddSubnet(IResourceBuilder, string, IResourceBuilder, string?)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs) Adds an Azure Subnet to the Virtual Network with a parameterized address prefix. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder AddSubnet( this IResourceBuilder builder, string name, IResourceBuilder addressPrefix, string? subnetName = null) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The Virtual Network resource builder. - `name` (`string`) The name of the subnet resource. - `addressPrefix` (`IResourceBuilder`) The parameter resource containing the address prefix for the subnet (e.g., "10.0.1.0/24"). - `subnetName` (`string?`) `optional` The subnet name in Azure. If null, the resource name is used. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## Examples This example adds a subnet with a parameterized address prefix: ```csharp var subnetPrefix = builder.AddParameter("subnetPrefix"); var vnet = builder.AddAzureVirtualNetwork("vnet"); var subnet = vnet.AddSubnet("my-subnet", subnetPrefix); ``` ## ATS metadata ### Ignored by ATS - Excluded from automatic Polyglot export. ## AllowInbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?) - Name: `AllowInbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs#L431) Adds an inbound allow rule to the subnet's Network Security Group. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder AllowInbound( this IResourceBuilder builder, string? port = null, string? from = null, string? to = null, SecurityRuleProtocol? protocol = null, int? priority = null, string? name = null) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The subnet resource builder. - `port` (`string?`) `optional` The destination port range (e.g., "443", "80-443"). Defaults to "*" (any). - `from` (`string?`) `optional` The source address prefix (e.g., "AzureLoadBalancer", "Internet", "10.0.0.0/8"). Defaults to "*" (any). - `to` (`string?`) `optional` The destination address prefix. Defaults to "*" (any). - `protocol` (`SecurityRuleProtocol?`) `optional` The network protocol. Defaults to `SecurityRuleProtocol.Asterisk` (any). - `priority` (`int?`) `optional` The rule priority (100-4096). If not specified, auto-increments from 100 by 100. - `name` (`string?`) `optional` The rule name. If not specified, auto-generated from parameters. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1` for chaining. ## Remarks If no Network Security Group has been associated with the subnet, one is automatically created. ## Examples This example allows HTTPS traffic from the Azure Load Balancer: ```csharp var subnet = vnet.AddSubnet("web", "10.0.1.0/24") .AllowInbound(port: "443", from: AzureServiceTags.AzureLoadBalancer, protocol: SecurityRuleProtocol.Tcp) .DenyInbound(from: AzureServiceTags.Internet); ``` ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System. ## AllowOutbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?) - Name: `AllowOutbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs#L487) Adds an outbound allow rule to the subnet's Network Security Group. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder AllowOutbound( this IResourceBuilder builder, string? port = null, string? from = null, string? to = null, SecurityRuleProtocol? protocol = null, int? priority = null, string? name = null) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The subnet resource builder. - `port` (`string?`) `optional` The destination port range (e.g., "443", "80-443"). Defaults to "*" (any). - `from` (`string?`) `optional` The source address prefix. Defaults to "*" (any). - `to` (`string?`) `optional` The destination address prefix (e.g., "Internet", "VirtualNetwork"). Defaults to "*" (any). - `protocol` (`SecurityRuleProtocol?`) `optional` The network protocol. Defaults to `SecurityRuleProtocol.Asterisk` (any). - `priority` (`int?`) `optional` The rule priority (100-4096). If not specified, auto-increments from 100 by 100. - `name` (`string?`) `optional` The rule name. If not specified, auto-generated from parameters. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1` for chaining. ## Remarks If no Network Security Group has been associated with the subnet, one is automatically created. ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System. ## DenyInbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?) - Name: `DenyInbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs#L459) Adds an inbound deny rule to the subnet's Network Security Group. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder DenyInbound( this IResourceBuilder builder, string? port = null, string? from = null, string? to = null, SecurityRuleProtocol? protocol = null, int? priority = null, string? name = null) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The subnet resource builder. - `port` (`string?`) `optional` The destination port range (e.g., "443", "80-443"). Defaults to "*" (any). - `from` (`string?`) `optional` The source address prefix (e.g., "Internet", "VirtualNetwork", "10.0.0.0/8"). Defaults to "*" (any). - `to` (`string?`) `optional` The destination address prefix. Defaults to "*" (any). - `protocol` (`SecurityRuleProtocol?`) `optional` The network protocol. Defaults to `SecurityRuleProtocol.Asterisk` (any). - `priority` (`int?`) `optional` The rule priority (100-4096). If not specified, auto-increments from 100 by 100. - `name` (`string?`) `optional` The rule name. If not specified, auto-generated from parameters. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1` for chaining. ## Remarks If no Network Security Group has been associated with the subnet, one is automatically created. ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System. ## DenyOutbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?) - Name: `DenyOutbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs#L515) Adds an outbound deny rule to the subnet's Network Security Group. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder DenyOutbound( this IResourceBuilder builder, string? port = null, string? from = null, string? to = null, SecurityRuleProtocol? protocol = null, int? priority = null, string? name = null) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The subnet resource builder. - `port` (`string?`) `optional` The destination port range (e.g., "443", "80-443"). Defaults to "*" (any). - `from` (`string?`) `optional` The source address prefix. Defaults to "*" (any). - `to` (`string?`) `optional` The destination address prefix (e.g., "Internet", "VirtualNetwork"). Defaults to "*" (any). - `protocol` (`SecurityRuleProtocol?`) `optional` The network protocol. Defaults to `SecurityRuleProtocol.Asterisk` (any). - `priority` (`int?`) `optional` The rule priority (100-4096). If not specified, auto-increments from 100 by 100. - `name` (`string?`) `optional` The rule name. If not specified, auto-generated from parameters. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1` for chaining. ## Remarks If no Network Security Group has been associated with the subnet, one is automatically created. ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System. ## WithDelegatedSubnet(IResourceBuilder, IResourceBuilder) - Name: `WithDelegatedSubnet(IResourceBuilder, IResourceBuilder)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs#L308-L322) Configures the resource to use the specified subnet with appropriate service delegation. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder WithDelegatedSubnet( this IResourceBuilder builder, IResourceBuilder subnet) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The resource builder. - `subnet` (`IResourceBuilder`) The subnet to associate with the resource. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1`. ## Remarks This method automatically configures the subnet with the appropriate service delegation for the target resource type (e.g., "Microsoft.App/environments" for Azure Container Apps). ## Examples This example configures an Azure Container App Environment to use a subnet: ```csharp var vnet = builder.AddAzureVirtualNetwork("vnet"); var subnet = vnet.AddSubnet("aca-subnet", "10.0.0.0/23"); var env = builder.AddAzureContainerAppEnvironment("env") .WithDelegatedSubnet(subnet); ``` ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System. ## WithNatGateway(IResourceBuilder, IResourceBuilder) - Name: `WithNatGateway(IResourceBuilder, IResourceBuilder)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs#L350-L354) Associates a NAT Gateway with the subnet. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder WithNatGateway( this IResourceBuilder builder, IResourceBuilder natGateway) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The subnet resource builder. - `natGateway` (`IResourceBuilder`) The NAT Gateway to associate with the subnet. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1` for chaining. ## Remarks A NAT Gateway provides outbound internet connectivity for resources in the subnet. A subnet can have at most one NAT Gateway. ## Examples This example creates a subnet with an associated NAT Gateway: ```csharp var natGateway = builder.AddNatGateway("nat"); var vnet = builder.AddAzureVirtualNetwork("vnet"); var subnet = vnet.AddSubnet("aca-subnet", "10.0.0.0/23") .WithNatGateway(natGateway); ``` ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System. ## WithNetworkSecurityGroup(IResourceBuilder, IResourceBuilder) - Name: `WithNetworkSecurityGroup(IResourceBuilder, IResourceBuilder)` - Modifiers: `extension` - Returns: `IResourceBuilder` - Source: [GitHub](https://github.com/microsoft/aspire/blob/cbc352350f1a9bafbaff10d14a2c8de4ac186a48/src/Aspire.Hosting.Azure.Network/AzureVirtualNetworkExtensions.cs#L383-L395) Associates a Network Security Group with the subnet. ```csharp public static class AzureVirtualNetworkExtensions { public static IResourceBuilder WithNetworkSecurityGroup( this IResourceBuilder builder, IResourceBuilder nsg) { // ... } } ``` ## Parameters - `builder` (`IResourceBuilder`) The subnet resource builder. - `nsg` (`IResourceBuilder`) The Network Security Group to associate with the subnet. ## Returns `IResourceBuilder` -- A reference to the `ApplicationModel.IResourceBuilder`1` for chaining. ## Exceptions - `InvalidOperationException` -- Thrown when the subnet already has security rules added via shorthand methods ( [AzureVirtualNetworkExtensions.AllowInbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?)](/reference/api/csharp/aspire.hosting.azure.network/azurevirtualnetworkextensions/methods.md#allowinbound-iresourcebuilder-azuresubnetresource-string-string-string-securityruleprotocol-int-string), [AzureVirtualNetworkExtensions.DenyInbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?)](/reference/api/csharp/aspire.hosting.azure.network/azurevirtualnetworkextensions/methods.md#denyinbound-iresourcebuilder-azuresubnetresource-string-string-string-securityruleprotocol-int-string), [AzureVirtualNetworkExtensions.AllowOutbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?)](/reference/api/csharp/aspire.hosting.azure.network/azurevirtualnetworkextensions/methods.md#allowoutbound-iresourcebuilder-azuresubnetresource-string-string-string-securityruleprotocol-int-string), [AzureVirtualNetworkExtensions.DenyOutbound(IResourceBuilder, string?, string?, string?, SecurityRuleProtocol?, int?, string?)](/reference/api/csharp/aspire.hosting.azure.network/azurevirtualnetworkextensions/methods.md#denyoutbound-iresourcebuilder-azuresubnetresource-string-string-string-securityruleprotocol-int-string)). Use either shorthand methods or an explicit NSG, not both. ## Examples This example creates a subnet with an associated Network Security Group: ```csharp var nsg = builder.AddNetworkSecurityGroup("web-nsg"); var vnet = builder.AddAzureVirtualNetwork("vnet"); var subnet = vnet.AddSubnet("web-subnet", "10.0.1.0/24") .WithNetworkSecurityGroup(nsg); ``` ## ATS metadata ### ATS export - Available to Polyglot AppHosts through the Aspire Type System.