Rig.TUnit.Security 0.1.0-beta.2

This is a prerelease version of Rig.TUnit.Security.

dotnet add package Rig.TUnit.Security --version 0.1.0-beta.2

NuGet\Install-Package Rig.TUnit.Security -Version 0.1.0-beta.2

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Rig.TUnit.Security" Version="0.1.0-beta.2" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Rig.TUnit.Security" Version="0.1.0-beta.2" />
                    

                            Directory.Packages.props

<PackageReference Include="Rig.TUnit.Security" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Rig.TUnit.Security --version 0.1.0-beta.2

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Rig.TUnit.Security, 0.1.0-beta.2"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Rig.TUnit.Security@0.1.0-beta.2

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Rig.TUnit.Security&version=0.1.0-beta.2&prerelease
                    

                            Install as a Cake Addin

#tool nuget:?package=Rig.TUnit.Security&version=0.1.0-beta.2&prerelease
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Rig.TUnit.Security

Security family-base: ISecurityRig, SecurityFixtureBase, SecurityAssert with HTTP 401/403 helpers.

What this package is

The shared contract for the Security family (.Jwt, .Mtls, .OAuth, .Policies). Defines the assertion surface every security test expects — SecurityAssert.HttpIsUnauthorized(response), HttpIsForbidden(response), ClaimsPrincipalIsAuthenticated(principal) — so test code looks identical whether you're using JWT, mTLS, OAuth, or ASP.NET Core Policies.

Install one of the leaves directly for concrete testing.

When to use it

Authoring a new security-fixture type.
Writing provider-agnostic security assertions.
Not for: concrete security testing — install a leaf package.

Prerequisites

.NET 10 SDK

Quick start

using Rig.TUnit.Security;

var response = await client.SendAsync(request);
await SecurityAssert.HttpIsUnauthorized(response);

Options

Property	Type	Default	Description
`DefaultScheme`	`string`	`"Test"`	Authentication scheme for fixtures that register one
`ValidateIssuer`	`bool`	`true`	Propagate to JwtBearerOptions when paired with `.Jwt`
`ValidateAudience`	`bool`	`true`	Same for audience
`ClockSkew`	`TimeSpan`	`5m`	Leeway on `exp` / `nbf`

Fixture + helper APIs

Rig.TUnit.Security.ISecurityRig
Rig.TUnit.Security.Fixtures.SecurityFixtureBase
Rig.TUnit.Security.Assertions.SecurityAssert

Per-test isolation

Security fixtures typically own ephemeral key material (JWT signing keys, certificate chains) per-test, keyed by IsolationKey. Each leaf details the specifics.

Parallelism + performance

§9 — N/A: family-base; per-provider. JWT signing is cheap; mTLS

certificate generation is expensive (~20 ms) and cached per fixture.

Troubleshooting

SecurityAssert.HttpIsUnauthorized fails on expected-401 — check the API's [Authorize] wiring actually runs before your handler; a missing app.UseAuthorization() lets requests through as 200.

See docs/troubleshooting.md.

Provider quirks + edge cases

Every security leaf integrates with the real JwtBearerHandler / CertificateAuthentication middleware — no test-only bypass. That is deliberate; bypassed auth is not a valid security test.

Benchmarks

§12 — N/A: family-base; concrete leaves have individual

*Benchmarks.cs entries under tests/Rig.TUnit.Benchmarks/.

License

MIT. See LICENSE.

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- Bogus (>= 35.6.1)
- Microsoft.Extensions.Configuration (>= 10.0.0)
- Microsoft.Extensions.Configuration.Binder (>= 10.0.0)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.0)
- Microsoft.Extensions.Options (>= 10.0.0)
- Microsoft.Extensions.Options.DataAnnotations (>= 10.0.0)
- Rig.TUnit.Core (>= 0.1.0-beta.2)
- TUnit.Core (>= 1.34.5)

NuGet packages (5)

Showing the top 5 NuGet packages that depend on Rig.TUnit.Security:

Package	Downloads
Rig.TUnit.Security.Policies TUnit fixture for ASP.NET Core authorisation policies - claim-based, role-based, and resource-based assertions.	97
Rig.TUnit.All Meta-package containing every Rig.TUnit.* package. DISCOURAGED — prefer per-feature or per-stack meta-packages (Rig.TUnit, Rig.TUnit.Microservices).	87
Rig.TUnit.Security.Jwt TUnit fixture for issuing test JWTs and a JWKS endpoint backed by an in-memory signing key.	87
Rig.TUnit.Security.OAuth TUnit fixture for OAuth flows (auth-code+PKCE, client-credentials) against an in-process IdentityServer or stub provider.	87
Rig.TUnit.Security.Mtls TUnit fixture for mutual-TLS scenarios - test CAs, leaf certs, and revocation list assertions.	80

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
0.1.0-beta.2	47	4/27/2026
0.0.0-alpha.0.14	49	4/26/2026