Nis2Shield.AspNetCore
1.1.4
dotnet add package Nis2Shield.AspNetCore --version 1.1.4
NuGet\Install-Package Nis2Shield.AspNetCore -Version 1.1.4
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Nis2Shield.AspNetCore" Version="1.1.4" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Nis2Shield.AspNetCore" Version="1.1.4" />
<PackageReference Include="Nis2Shield.AspNetCore" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Nis2Shield.AspNetCore --version 1.1.4
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Nis2Shield.AspNetCore, 1.1.4"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Nis2Shield.AspNetCore@1.1.4
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Nis2Shield.AspNetCore&version=1.1.4
#tool nuget:?package=Nis2Shield.AspNetCore&version=1.1.4
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
NIS2 .NET Shield
๐ก๏ธ Security-First Middleware for ASP.NET Core NIS2 Compliance
Companies subject to NIS2 Directive need demonstrable compliance. This middleware provides:
- Forensic logging with HMAC-SHA256 integrity and PII encryption (Art. 21.2.h)
- Rate limiting to prevent DoS/Brute Force attacks (Art. 21.2.e)
- Session Guard to detect hijacking via IP/User-Agent validation (Art. 21.2.a)
- Multi-SIEM Presets: Native connectors for Splunk, Datadog, Elasticsearch
Part of the NIS2 Shield Ecosystem: Use with
@nis2shield/react-guard,@nis2shield/angular-guard, or@nis2shield/vue-guardfor client-side protection andnis2shield/infrastructurefor a full-stack implementation.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Frontend โ
โ @nis2shield/{react,angular,vue}-guard โ
โ โโโ SessionWatchdog (idle detection) โ
โ โโโ AuditBoundary (crash reports) โ
โ โโโ โ POST /api/nis2/telemetry/ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Backend (NIS2 Adapter) โ
โ **Nis2Shield.AspNetCore** โ
โ โโโ ForensicLogger (HMAC signed logs) โ
โ โโโ RateLimiter, SessionGuard, TorBlocker โ
โ โโโ โ SIEM (Elasticsearch, Splunk, Datadog) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Infrastructure โ
โ nis2shield/infrastructure โ
โ โโโ Centralized Logging (ELK/Splunk) โ
โ โโโ Audited Deployment (Terraform/Helm) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ฆ Installation
dotnet add package Nis2Shield.AspNetCore
โ๏ธ Quick Start
Program.cs
var builder = WebApplication.CreateBuilder(args);
// 1. Register NIS2 Shield
builder.Services.AddNis2Shield(builder.Configuration);
var app = builder.Build();
// 2. Activate Middleware (before Auth)
app.UseNis2Shield();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
appsettings.json
{
"Nis2": {
"Enabled": true,
"IntegrityKey": "your-hmac-secret-key",
"Logging": {
"Enabled": true,
"AnonymizeIp": true,
"EncryptPii": true
},
"ActiveDefense": {
"RateLimitEnabled": true,
"RateLimitThreshold": 100,
"RateLimitWindowSeconds": 60,
"BlockTorExitNodes": true
},
"SessionGuard": {
"Enabled": true,
"SubnetTolerance": 24,
"AllowUserAgentChange": false
}
}
}
๐ Features
Forensic Logging
- Standardized logs (
NIS2-JSON-SCHEMA v1.0) with HMAC-SHA256 integrity signature - Automatic PII field encryption (GDPR compliant)
- IP anonymization for privacy compliance
Active Defense
- Rate Limiting: Sliding window protection against application-level DoS attacks
- Session Guard: Session hijacking prevention via IP/User-Agent fingerprinting
- Tor Blocker: Automatic blocking of Tor exit nodes
Multi-SIEM Integration
- Elasticsearch: Bulk API with daily index rotation
- Splunk: HTTP Event Collector (HEC) support
- Datadog: Logs API v2 integration
Webhook Notifications
- Real-time alerts to Slack, Microsoft Teams, Discord
- Configurable event filtering
๐ Recipes
Banking App with Strict Security
builder.Services.AddNis2Shield(options =>
{
options.IntegrityKey = Environment.GetEnvironmentVariable("NIS2_HMAC_KEY")!;
// Rate Limiting
options.ActiveDefense.RateLimitEnabled = true;
options.ActiveDefense.RateLimitThreshold = 50;
options.ActiveDefense.RateLimitWindowSeconds = 60;
// Session Guard - strict mode
options.SessionGuard.Enabled = true;
options.SessionGuard.SubnetTolerance = 32; // exact IP match
options.SessionGuard.AllowUserAgentChange = false;
});
Healthcare API with Full PII Protection
builder.Services.AddNis2Shield(options =>
{
options.IntegrityKey = Environment.GetEnvironmentVariable("NIS2_HMAC_KEY")!;
options.Logging.EncryptPii = true;
options.Logging.AnonymizeIp = true;
options.Logging.PiiFields = new List<string> { "email", "patient_id", "ssn" };
});
Enterprise with Splunk HEC
{
"Nis2": {
"IntegrityKey": "your-hmac-key",
"Siem": {
"Enabled": true,
"Provider": "Splunk",
"Endpoint": "https://splunk.company.com:8088/services/collector",
"ApiKey": "your-hec-token",
"IndexName": "nis2-security"
}
}
}
Slack Alert for Security Events
{
"Nis2": {
"Webhooks": {
"Enabled": true,
"Targets": [
{
"Name": "Security Alerts",
"Url": "https://hooks.slack.com/services/xxx/yyy/zzz",
"Provider": "Slack",
"Events": ["rate_limit_exceeded", "tor_node_blocked", "session_hijack_detected"]
}
]
}
}
}
๐งช Testing
dotnet test
๐ก๏ธ Security & Updates
Subscribe to our Security Mailing List to receive immediate alerts about:
- Critical vulnerabilities (CVEs)
- NIS2/DORA regulatory logic updates
- Major breaking changes
For reporting vulnerabilities, see SECURITY.md.
๐ License
MIT License - see LICENSE for details.
๐ค Related Projects
| Project | Technology | Package |
|---|---|---|
| django-nis2-shield | Django | pip install django-nis2-shield |
| nis2-spring-shield | Spring Boot | Maven Central |
| @nis2shield/express-middleware | Express | npm install @nis2shield/express-middleware |
| @nis2shield/react-guard | React | npm install @nis2shield/react-guard |
Documentation ยท NuGet ยท Changelog
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net8.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.