RCommon.Security 2.4.1

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package RCommon.Security --version 2.4.1
                    


                    

                
NuGet\Install-Package RCommon.Security -Version 2.4.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="RCommon.Security" Version="2.4.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="RCommon.Security" Version="2.4.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="RCommon.Security" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add RCommon.Security --version 2.4.1
                    


                    

                
#r "nuget: RCommon.Security, 2.4.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package RCommon.Security@2.4.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=RCommon.Security&version=2.4.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=RCommon.Security&version=2.4.1
                    


                            Install as a Cake Tool

RCommon.Security

Provides claims-based security abstractions for RCommon, including current user and current client identity access built on top of ClaimsPrincipal, with configurable claim type mappings and multi-tenancy support.

Features

  • Current user abstraction -- ICurrentUser exposes the authenticated user's ID, tenant ID, roles, and claims without depending on a specific auth framework
  • Current client abstraction -- ICurrentClient identifies the calling OAuth/API client from the client_id claim
  • ClaimsPrincipal accessor -- ICurrentPrincipalAccessor provides the current principal with support for temporary principal replacement via scoped IDisposable
  • AsyncLocal principal override -- CurrentPrincipalAccessorBase uses AsyncLocal<T> so overridden principals flow across async contexts
  • Configurable claim types -- ClaimTypesConst allows customizing which claim URIs map to user ID, tenant ID, client ID, roles, etc.
  • ClaimsIdentity extensions -- helper methods for finding user/tenant/client IDs and for safely adding or replacing claims
  • Tenant ID accessor -- ITenantIdAccessor provides runtime access to the current tenant ID for repository filtering; ClaimsTenantIdAccessor resolves it from claims, NullTenantIdAccessor is the default no-op
  • Authorization exception -- AuthorizationException with configurable severity, error codes, and fluent data attachment
  • Fluent builder API -- integrates with the AddRCommon() builder pattern for one-line DI registration

Installation

dotnet add package RCommon.Security

Usage

using RCommon;
using RCommon.Security.Users;
using RCommon.Security.Clients;

// Register security services in your DI setup
services.AddRCommon(config =>
{
    config.WithClaimsAndPrincipalAccessor();
});

// Inject ICurrentUser or ICurrentClient in your services
public class TenantService
{
    private readonly ICurrentUser _currentUser;
    private readonly ICurrentClient _currentClient;

    public TenantService(ICurrentUser currentUser, ICurrentClient currentClient)
    {
        _currentUser = currentUser;
        _currentClient = currentClient;
    }

    public string GetTenantId()
    {
        if (!_currentUser.IsAuthenticated)
            throw new UnauthorizedAccessException("User is not authenticated.");

        return _currentUser.TenantId
            ?? throw new InvalidOperationException("No tenant claim found.");
    }

    public string GetClientId()
    {
        return _currentClient.Id
            ?? throw new InvalidOperationException("No client identity found.");
    }

    public bool IsInRole(string role)
    {
        return _currentUser.Roles.Contains(role);
    }
}

Tenant ID Accessor

ITenantIdAccessor provides runtime access to the current tenant ID. When WithClaimsAndPrincipalAccessor() is called, the ClaimsTenantIdAccessor is registered, which resolves the tenant ID from the authenticated user's claims:

using RCommon.Security.Claims;

// ITenantIdAccessor is used by repositories to automatically filter and stamp entities
public class TenantAwareService
{
    private readonly ITenantIdAccessor _tenantIdAccessor;

    public TenantAwareService(ITenantIdAccessor tenantIdAccessor)
    {
        _tenantIdAccessor = tenantIdAccessor;
    }

    public string? GetCurrentTenant()
    {
        return _tenantIdAccessor.GetTenantId();
    }
}

The default NullTenantIdAccessor returns null, which causes all tenant filtering to be bypassed. This allows the application to operate without multitenancy configured.

Customizing Claim Types

// Override the default claim type URIs at startup if your identity provider uses custom claims
ClaimTypesConst.UserId = "sub";
ClaimTypesConst.TenantId = "tenant";
ClaimTypesConst.ClientId = "azp";

Key Types

Type Description
ICurrentUser Provides the authenticated user's ID, tenant ID, roles, and claim lookups
CurrentUser Default implementation that reads from the current ClaimsPrincipal
ICurrentClient Provides the authenticated client application's ID and authentication status
CurrentClient Default implementation that reads the client_id claim from the principal
ICurrentPrincipalAccessor Accesses the current ClaimsPrincipal and supports scoped replacement
ThreadCurrentPrincipalAccessor Default accessor that reads from Thread.CurrentPrincipal
CurrentPrincipalAccessorBase Abstract base using AsyncLocal<T> for async-safe principal overrides
ClaimTypesConst Configurable constants for standard claim type URIs (user ID, role, tenant, etc.)
AuthorizationException Exception for unauthorized requests with log level, error code, and fluent data API
ClaimsIdentityExtensions Extension methods for extracting user/tenant/client IDs and managing claims
ITenantIdAccessor Runtime accessor returning the current tenant ID (string?) for repository filtering
ClaimsTenantIdAccessor Claims-based implementation resolving tenant ID from ICurrentPrincipalAccessor
NullTenantIdAccessor Default no-op implementation returning null (tenant filtering bypassed)

Documentation

For full documentation, visit rcommon.com.

  • RCommon.Core - Core abstractions and builder infrastructure
  • RCommon.Web - ASP.NET Core integration with HttpContextCurrentPrincipalAccessor

License

Licensed under the Apache License, Version 2.0.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on RCommon.Security:

Package Downloads
RCommon.Persistence

A cohesive set of infrastructure libraries for dotnet that utilizes abstractions for event handling, persistence, unit of work, mediator, distributed messaging, event bus, CQRS, email, and more
RCommon.Web

A cohesive set of infrastructure libraries for dotnet that utilizes abstractions for event handling, persistence, unit of work, mediator, distributed messaging, event bus, CQRS, email, and more

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.4.1 23 2/18/2026
2.3.2-alpha.0.3 21 2/18/2026
2.3.2-alpha.0.2 23 2/18/2026
2.3.2-alpha.0.1 42 2/9/2026
2.3.1 86 2/5/2026
2.3.0 83 2/3/2026
2.2.2-alpha.0.1 382 12/11/2025
2.2.1-alpha.0.2 127 10/24/2025
2.2.1-alpha.0.1 119 10/24/2025
2.1.11-alpha.0.2 123 10/24/2025
2.1.11-alpha.0.1 92 7/18/2025
2.1.10 187 7/17/2025
2.1.9-alpha.0.1 136 7/17/2025
2.1.2.4 204 5/21/2025
2.1.2.3 196 5/1/2025
2.1.2.2 150 1/23/2025
2.1.2.1 145 1/17/2025
2.1.2 152 1/17/2025
2.1.1.4 145 1/7/2025
0.0.0-alpha.0 139 7/17/2025
Loading failed