Stratara.Identity.AspNetCore 3.1.0

There is a newer version of this package available.
See the version list below for details.

dotnet add package Stratara.Identity.AspNetCore --version 3.1.0

NuGet\Install-Package Stratara.Identity.AspNetCore -Version 3.1.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Stratara.Identity.AspNetCore" Version="3.1.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Stratara.Identity.AspNetCore" Version="3.1.0" />
                    

                            Directory.Packages.props

<PackageReference Include="Stratara.Identity.AspNetCore" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Stratara.Identity.AspNetCore --version 3.1.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Stratara.Identity.AspNetCore, 3.1.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Stratara.Identity.AspNetCore@3.1.0

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Stratara.Identity.AspNetCore&version=3.1.0
                    

                            Install as a Cake Addin

#tool nuget:?package=Stratara.Identity.AspNetCore&version=3.1.0
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Stratara.Identity.AspNetCore

License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.

Channel-agnostic ASP.NET Core identity wiring for the Stratara stack. Provides the AddAspNetIdentity / AddAspNetIdentityWithSignInManager extension methods and an IStrataraSignInManager wrapper around the ASP.NET Core SignInManager. Channel-specific glue (Blazor Server's AuthenticationStateProvider, MAUI session-state forwarders, etc.) is the consumer's responsibility — Stratara intentionally stops at the ASP.NET-Core-generic surface to stay application-agnostic.

What's in the box

Folder	Contents
`DependencyInjection/AspCoreIdentityServiceCollectionExtensions`	`AddAspNetIdentity<TUser, TIdentityDbContext>()` (Stratara password/lockout/schema-v3/passkey defaults), `AddAspNetIdentityWithSignInManager<TUser, TIdentityDbContext>()` (same + `AspNetSignInManager` + localization), `AddDevelopmentNoOpEmailSender<TUser>()` (dev-only, throws in Production)
`Services/AspNetSignInManager<TUser>`	Wraps `SignInManager<TUser>` + `UserManager<TUser>` and produces `StrataraSignInResult` with already-localized failure messages
`Services/IdentityNoOpEmailSender<TUser>`	Development-time email sender that drops every email (`Task.CompletedTask`); replace in production
`Resources/IdentityResources`	Resource-anchor for sign-in failure messages. English default ships in `IdentityResources.resx`; `IdentityResources.de.resx` provides German overrides. `AddAspNetIdentityWithSignInManager` calls `AddLocalization()` so `IStringLocalizer<IdentityResources>` resolves automatically.

Localization

AspNetSignInManager resolves its five user-facing failure messages (Identity.SignIn.Lockout, NotAllowed, InvalidCredentials, InvalidTwoFactor, InvalidRecoveryCode) via IStringLocalizer<IdentityResources>. Languages out of the box: English (default) and German (de). To add another culture, ship a satellite .resx (e.g. IdentityResources.fr.resx) in your own assembly and register a chained IStringLocalizer<IdentityResources> if needed. Selection follows CultureInfo.CurrentUICulture — wire up app.UseRequestLocalization(...) to map this from the request.

Quick start

// Channel-agnostic ASP.NET Core host (MVC, Razor Pages, Minimal API, ...):
builder.AddAspNetIdentityWithSignInManager<ApplicationUser, IdentityDbContext>();

// Or for a host without sign-in manager (e.g. a worker that only needs identity stores):
builder.AddAspNetIdentity<ApplicationUser, IdentityDbContext>();

For Blazor Server hosts, additionally register your own IStrataraAuthenticationStateProvider implementation (and the AuthenticationStateProvider forwarder). Stratara does not ship a Blazor-specific provider — the previous BlazorAuthenticationStateProvider lived here in 1.x but moved out in v2.0.0 to keep this package application-agnostic.

Dependencies

Stratara.Identity.Core — channel-agnostic abstractions (IStrataraSignInManager, IStrataraAuthenticationStateProvider) + shared model records.
Stratara.Shared — multitenancy + session-context types.
Microsoft.AspNetCore.App — shared framework reference for SignInManager, IEmailSender<TUser>, etc.
Microsoft.AspNetCore.Identity.EntityFrameworkCore — ASP.NET Identity stores.
Microsoft.IdentityModel.JsonWebTokens, System.IdentityModel.Tokens.Jwt — JWT helpers for token-based flows.

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- Microsoft.AspNetCore.Identity.EntityFrameworkCore (>= 10.0.8)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.18.0)
- Stratara.Identity.Core (>= 3.1.0)
- Stratara.Shared (>= 3.1.0)
- System.IdentityModel.Tokens.Jwt (>= 8.18.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
3.1.4	91	6/15/2026
3.1.3	96	6/10/2026
3.1.2	117	6/5/2026
3.1.1	184	6/1/2026
3.1.0	110	5/30/2026
3.0.23	100	5/28/2026

**Breaking release.** The `IKeyStore` and `ISecureBlobEncryptor` contracts changed shape, a new
dependency-light `Stratara.Security` package now owns the production key store and envelope
encryption, and a new vendor-neutral `Stratara.Validation` package adds request validation as a
`Stratara.Mediator` pipeline behavior. Consumers must recompile and adapt call sites; data
encrypted under the previous HKDF-style key model is **not** binary-compatible and needs a
re-encrypt pass on its own schedule.

### Added

- **`Stratara.Validation` — vendor-neutral request validation.** A new package providing a
mediator pipeline behavior that runs `IValidator<T>` implementations before the handler and
throws an aggregated `StrataraValidationException` on failure. Register with
`AddStrataraValidation()` (outermost behavior) and `AddValidatorsFromAssemblyContaining<T>()`.
Only `ValidationSeverity.Error` blocks the request; `Warning`/`Info` failures pass through and
are logged. The package has no FluentValidation dependency — the contract is intentionally
FluentValidation-shape-compatible so an optional adapter can be added later.
- **Validation contracts in `Stratara.Abstractions`** (namespace `Stratara.Abstractions.Validation`):
`IValidator<T>`, `ValidationResult`, `ValidationFailure`, `ValidationSeverity`, and
`StrataraValidationException`. Declaring the exception in `Stratara.Abstractions` lets a
consumer's global exception handler map validation failures to its own error model (e.g.
RFC-7807 ProblemDetails) without referencing the behavior package.
- **`Stratara.Security` — production key store + envelope encryption (dependency-light).** Adds
`EnvelopeFileKeyStore`, a file-backed `IKeyStore` storing **KEK-wrapped, versioned per-scope
data-encryption keys** (rotation, single-version revoke, and whole-scope crypto-shred), plus a
`FileMasterKeyProvider` (`IMasterKeyProvider`, the KEK custody seam), an AES-GCM
`ISecureBlobEncryptor`, and the Development-only `DummyKeyStore`. Register with
`AddStrataraFileKeyStore(configuration)`. The package references only `Stratara.Abstractions` +
BCL crypto + `Microsoft.Extensions.*` abstractions — no EF Core, RabbitMQ, Redis, or cloud SDKs —
so lean consumers can encrypt without pulling in `Stratara.Infrastructure`.
- **New security contracts in `Stratara.Abstractions.Security`:** `KeyScope`, `KeyMaterial`, and
`IMasterKeyProvider`.

### Changed

- **BREAKING — `IKeyStore`.** Replaced `EnsureKeyAsync(level, Guid? tenantId, Guid? userId)` with
`GetOrCreateCurrentKeyAsync(KeyScope)` returning `KeyMaterial` (key id + bytes in one call), and
added `RotateAsync(KeyScope)` and `EraseScopeAsync(KeyScope)`. `RevokeAsync(string keyId)` now
performs a real crypto-shred (the production store no longer treats it as a no-op). Scope
identifiers are `string?` (carrying both slugs and `Guid.ToString()` values) rather than `Guid?`.
- **BREAKING — `ISecureBlobEncryptor`.** `EncryptAsync`/`DecryptAsync` now take a `KeyScope` and a
`purpose` instead of a bare `Guid tenantId`. The encrypted stream gains a leading version byte
(v2) and a `purpose` field; legacy streams without the version byte remain readable (configurable
via `Stratara.Security` options).
- The AES-GCM encryption factory, blob encryptor, and dev key store moved out of
`Stratara.Infrastructure` into `Stratara.Security`; `AddSecurity()` now delegates to it. The
field/JSON `[EncryptData]` path (`ISecureJsonSerializer`) stays in `Stratara.Infrastructure`.

This brings the lockstep family to **22 packable packages**.