PermissionGate 1.0.0

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package PermissionGate --version 1.0.0
                    


                    

                
NuGet\Install-Package PermissionGate -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="PermissionGate" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="PermissionGate" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="PermissionGate" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add PermissionGate --version 1.0.0
                    


                    

                
#r "nuget: PermissionGate, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package PermissionGate@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=PermissionGate&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=PermissionGate&version=1.0.0
                    


                            Install as a Cake Tool

PermissionGate

Declarative authorization components and an imperative service for ASP.NET Core Blazor, built on top of IAuthorizationService.

⚠️ Security notice — UI only <Can>, <Cannot>, and IPermissionGate control what users see, not what they can do. They are not a substitute for server-side authorization. Always protect your API endpoints and server-side actions with proper authorization attributes or middleware.

Live demo

An interactive Blazor WebAssembly demo lives in samples/PermissionGate.Sample and is published to GitHub Pages:

https://agriffard.github.io/PermissionGate/

Switch between sample users (Guest / Viewer / Editor / Admin) and watch <Can>, <Cannot>, and IPermissionGate react live. Run it locally with:

dotnet run --project samples/PermissionGate.Sample

Installation

dotnet add package PermissionGate

Register the service in your DI container (requires AddAuthorizationCore and a CascadingAuthenticationState):

// Program.cs
builder.Services.AddAuthorizationCore();
builder.Services.AddPermissionGate();

Add the cascading authentication state to your App.razor (or Routes.razor):

<CascadingAuthenticationState>
    <Router AppAssembly="@typeof(App).Assembly">
        ...
    </Router>
</CascadingAuthenticationState>

Components

<Can> — render when authorized

Shows ChildContent when the user satisfies the specified requirements. The optional Else parameter renders when the user is denied.

@* Policy *@
<Can Policy="EditPost">
    <button>Edit</button>
</Can>

@* Policy with an Else branch *@
<Can Policy="EditPost">
    <button>Edit</button>
    <Else>
        <span>Read-only</span>
    </Else>
</Can>

@* Roles — any matching role is sufficient *@
<Can Roles="Admin, Editor">
    <NavLink href="/admin">Admin panel</NavLink>
</Can>

@* Multiple policies — all must pass (default) *@
<Can Policies="@(new[] { "Read", "Write" })" Mode="GateMode.All">
    <button>Save</button>
</Can>

@* Multiple policies — any one passing is sufficient *@
<Can Policies="@(new[] { "Approve", "Manage" })" Mode="GateMode.Any">
    <button>Approve</button>
</Can>

@* Access the AuthenticationState via @context *@
<Can Policy="ViewProfile">
    Hello, @context.User.Identity?.Name!
</Can>

@* Resource-based authorization *@
<Can Policy="EditPost" Resource="@myPost">
    <button>Edit</button>
</Can>

<Cannot> — render when denied

The inverse of <Can>. Shows ChildContent when the user does not satisfy the requirements.

<Cannot Policy="ManageUsers">
    <span>You do not have permission to manage users.</span>
</Cannot>

<Cannot Roles="Admin">
    <p>Upgrade your account to access this feature.</p>
</Cannot>

Parameters (both components)

Parameter Type Description
Policy string? A single authorization policy name
Policies string[]? Multiple policy names, evaluated with Mode
Mode GateMode GateMode.All (default) or GateMode.Any
Roles string? Comma-separated role names (any matching role passes)
Resource object? Resource forwarded to IAuthorizationService
ChildContent RenderFragment<AuthenticationState> Content to render when condition is met
Else RenderFragment? (<Can> only) Rendered when denied
Authorizing RenderFragment? Shown while the auth state is loading

At least one of Policy, Policies, or Roles must be specified.

Imperative service

Inject IPermissionGate for programmatic checks in C# code:

@inject IPermissionGate Gate

@code {
    protected override async Task OnInitializedAsync()
    {
        if (await Gate.CanAsync("EditPost"))
        {
            // show edit UI
        }

        // Multiple policies — all must pass
        bool canReadAndWrite = await Gate.CanAllAsync(new[] { "Read", "Write" });

        // Multiple policies — any must pass
        bool canApproveOrManage = await Gate.CanAnyAsync(new[] { "Approve", "Manage" });

        // Role check
        bool isAdmin = await Gate.IsInRoleAsync("Admin");

        // Resource-based
        bool canEdit = await Gate.CanAsync("EditPost", resource: myPost);
    }
}

IPermissionGate API

Method Description
CanAsync(policy, resource?) Returns true when the current user satisfies policy
CanAllAsync(policies, resource?) Returns true when all policies pass
CanAnyAsync(policies, resource?) Returns true when at least one policy passes
IsInRoleAsync(role) Returns true when the current user is in role

GateMode enum

Value Description
All All specified policies must pass (default)
Any At least one policy must pass

Prerequisites

  • .NET 10 or later
  • Microsoft.AspNetCore.Components.Authorization (transitively included)
  • Authorization policies registered via AddAuthorizationCore() / AddAuthorization()
  • CascadingAuthenticationState in the Blazor component tree

License

MIT

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 86 5/30/2026