Stratara.Identity.AspNetCore
3.1.3
dotnet add package Stratara.Identity.AspNetCore --version 3.1.3
NuGet\Install-Package Stratara.Identity.AspNetCore -Version 3.1.3
<PackageReference Include="Stratara.Identity.AspNetCore" Version="3.1.3" />
<PackageVersion Include="Stratara.Identity.AspNetCore" Version="3.1.3" />
<PackageReference Include="Stratara.Identity.AspNetCore" />
paket add Stratara.Identity.AspNetCore --version 3.1.3
#r "nuget: Stratara.Identity.AspNetCore, 3.1.3"
#:package Stratara.Identity.AspNetCore@3.1.3
#addin nuget:?package=Stratara.Identity.AspNetCore&version=3.1.3
#tool nuget:?package=Stratara.Identity.AspNetCore&version=3.1.3
Stratara.Identity.AspNetCore
License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.
Channel-agnostic ASP.NET Core identity wiring for the Stratara stack. Provides the AddAspNetIdentity / AddAspNetIdentityWithSignInManager extension methods and an IStrataraSignInManager wrapper around the ASP.NET Core SignInManager. Channel-specific glue (Blazor Server's AuthenticationStateProvider, MAUI session-state forwarders, etc.) is the consumer's responsibility — Stratara intentionally stops at the ASP.NET-Core-generic surface to stay application-agnostic.
What's in the box
| Folder | Contents |
|---|---|
DependencyInjection/AspCoreIdentityServiceCollectionExtensions |
AddAspNetIdentity<TUser, TIdentityDbContext>() (Stratara password/lockout/schema-v3/passkey defaults), AddAspNetIdentityWithSignInManager<TUser, TIdentityDbContext>() (same + AspNetSignInManager + localization), AddDevelopmentNoOpEmailSender<TUser>() (dev-only, throws in Production) |
Services/AspNetSignInManager<TUser> |
Wraps SignInManager<TUser> + UserManager<TUser> and produces StrataraSignInResult with already-localized failure messages |
Services/IdentityNoOpEmailSender<TUser> |
Development-time email sender that drops every email (Task.CompletedTask); replace in production |
Resources/IdentityResources |
Resource-anchor for sign-in failure messages. English default ships in IdentityResources.resx; IdentityResources.de.resx provides German overrides. AddAspNetIdentityWithSignInManager calls AddLocalization() so IStringLocalizer<IdentityResources> resolves automatically. |
Localization
AspNetSignInManager resolves its five user-facing failure messages (Identity.SignIn.Lockout, NotAllowed, InvalidCredentials, InvalidTwoFactor, InvalidRecoveryCode) via IStringLocalizer<IdentityResources>. Languages out of the box: English (default) and German (de). To add another culture, ship a satellite .resx (e.g. IdentityResources.fr.resx) in your own assembly and register a chained IStringLocalizer<IdentityResources> if needed. Selection follows CultureInfo.CurrentUICulture — wire up app.UseRequestLocalization(...) to map this from the request.
Quick start
// Channel-agnostic ASP.NET Core host (MVC, Razor Pages, Minimal API, ...):
builder.AddAspNetIdentityWithSignInManager<ApplicationUser, IdentityDbContext>();
// Or for a host without sign-in manager (e.g. a worker that only needs identity stores):
builder.AddAspNetIdentity<ApplicationUser, IdentityDbContext>();
For Blazor Server hosts, additionally register your own IStrataraAuthenticationStateProvider implementation (and the AuthenticationStateProvider forwarder). Stratara does not ship a Blazor-specific provider — the previous BlazorAuthenticationStateProvider lived here in 1.x but moved out in v2.0.0 to keep this package application-agnostic.
Dependencies
Stratara.Identity.Core— channel-agnostic abstractions (IStrataraSignInManager,IStrataraAuthenticationStateProvider) + shared model records.Stratara.Shared— multitenancy + session-context types.Microsoft.AspNetCore.App— shared framework reference forSignInManager,IEmailSender<TUser>, etc.Microsoft.AspNetCore.Identity.EntityFrameworkCore— ASP.NET Identity stores.Microsoft.IdentityModel.JsonWebTokens,System.IdentityModel.Tokens.Jwt— JWT helpers for token-based flows.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- Microsoft.AspNetCore.Identity.EntityFrameworkCore (>= 10.0.8)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.18.0)
- Stratara.Identity.Core (>= 3.1.3)
- Stratara.Shared (>= 3.1.3)
- System.IdentityModel.Tokens.Jwt (>= 8.18.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
### Added
- **Mediator tenant-isolation behavior** (`Stratara.Mediator`) — `AddStrataraTenantIsolation()`
registers a pipeline behavior that enforces tenant isolation at the mediator entrance, before the
handler runs, for any request that opts in via the new `ITenantScopedRequest` marker
(`Stratara.Abstractions.Multitenancy`). The behavior compares the request's `TenantId` (data owner)
against the ambient session's data-owner tenant and rejects a mismatch with the new
`TenantAccessDeniedException` (translated to HTTP 403 on ASP.NET hosts). `TenantIsolationMode.Default`
enforces only the subject match (privileged cross-tenant operations pass when the endpoint promoted
the session subject to the target); `TenantIsolationMode.Strict` additionally routes every
cross-tenant operation through the new `ICrossTenantAuthorizer`, whose shipped default denies all
cross-tenant access until a consumer registers its own authorizer. Complements the existing
database-side `ApplyGlobalTenantQueryFilters` with a command-/query-entrance guard. New log-event
IDs `114_101`/`114_102`/`114_003` in `Stratara.Diagnostics`.
- **`Stratara.Abstractions.Persistence.ConcurrencyConflictException`** — provider-agnostic
wrapper for an optimistic-concurrency conflict detected during commit. Allows framework-level
code in `Stratara.Projections` (and any consumer outside the `EntityFrameworkCore` package) to
react to concurrency without taking an EF Core dependency. EF Core's `DbUpdateConcurrencyException`
(and provider equivalents) flow through this type.
### Changed
- **`EfTransaction.SaveChangesAsync`** (in `Stratara.EventSourcing.EntityFrameworkCore`) now
wraps `DbUpdateConcurrencyException` thrown by EF Core in the new
`ConcurrencyConflictException`. PostgreSQL unique-violation paths remain on `DbUpdateException`
(different semantics — duplicate-key on insert vs. stale-row on update/delete).
- **`EventSource.SaveChangesAsync`** (write-side append flow) extends its concurrency-handling
catch to the new exception type so the existing append-conflict recovery path keeps working
after the wrap. Behaviour for both EF concurrency conflicts and PostgreSQL unique violations
is unchanged.
### Fixed
- **`TenantProjection` no longer aborts the event bundle on a parallel delete race.** The two
delete handlers (`TenantDeleted`, `CustomerTenantsDeleted`) now swallow
`ConcurrencyConflictException` silently — a missing row is the desired end-state of a delete.
Before this fix, a consumer-side customer-delete cascade saga that emits both
`CustomerTenantsDeleted` and a follow-up `TenantDeleted` for the same tenants would race the
two parallel projection bundles on the same `TenantView` row; the loser threw
`DbUpdateConcurrencyException` out of `SaveChangesAsync`, which propagated through
`ProjectionWorker` and caused `RabbitMqBus` to roll back the entire bundle — including
sibling projections that had already committed. Update handlers (rename / activate /
deactivate / locale / customer-assigned) keep their current behaviour: a concurrency failure
there is a real race that propagates.