Stratara.Identity.AspNetCore 3.1.1

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Stratara.Identity.AspNetCore --version 3.1.1
                    


                    

                
NuGet\Install-Package Stratara.Identity.AspNetCore -Version 3.1.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Stratara.Identity.AspNetCore" Version="3.1.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Stratara.Identity.AspNetCore" Version="3.1.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Stratara.Identity.AspNetCore" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Stratara.Identity.AspNetCore --version 3.1.1
                    


                    

                
#r "nuget: Stratara.Identity.AspNetCore, 3.1.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Stratara.Identity.AspNetCore@3.1.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Stratara.Identity.AspNetCore&version=3.1.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Stratara.Identity.AspNetCore&version=3.1.1
                    


                            Install as a Cake Tool

Stratara.Identity.AspNetCore

License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.

Channel-agnostic ASP.NET Core identity wiring for the Stratara stack. Provides the AddAspNetIdentity / AddAspNetIdentityWithSignInManager extension methods and an IStrataraSignInManager wrapper around the ASP.NET Core SignInManager. Channel-specific glue (Blazor Server's AuthenticationStateProvider, MAUI session-state forwarders, etc.) is the consumer's responsibility — Stratara intentionally stops at the ASP.NET-Core-generic surface to stay application-agnostic.

What's in the box

Folder Contents
DependencyInjection/AspCoreIdentityServiceCollectionExtensions AddAspNetIdentity<TUser, TIdentityDbContext>() (Stratara password/lockout/schema-v3/passkey defaults), AddAspNetIdentityWithSignInManager<TUser, TIdentityDbContext>() (same + AspNetSignInManager + localization), AddDevelopmentNoOpEmailSender<TUser>() (dev-only, throws in Production)
Services/AspNetSignInManager<TUser> Wraps SignInManager<TUser> + UserManager<TUser> and produces StrataraSignInResult with already-localized failure messages
Services/IdentityNoOpEmailSender<TUser> Development-time email sender that drops every email (Task.CompletedTask); replace in production
Resources/IdentityResources Resource-anchor for sign-in failure messages. English default ships in IdentityResources.resx; IdentityResources.de.resx provides German overrides. AddAspNetIdentityWithSignInManager calls AddLocalization() so IStringLocalizer<IdentityResources> resolves automatically.

Localization

AspNetSignInManager resolves its five user-facing failure messages (Identity.SignIn.Lockout, NotAllowed, InvalidCredentials, InvalidTwoFactor, InvalidRecoveryCode) via IStringLocalizer<IdentityResources>. Languages out of the box: English (default) and German (de). To add another culture, ship a satellite .resx (e.g. IdentityResources.fr.resx) in your own assembly and register a chained IStringLocalizer<IdentityResources> if needed. Selection follows CultureInfo.CurrentUICulture — wire up app.UseRequestLocalization(...) to map this from the request.

Quick start

// Channel-agnostic ASP.NET Core host (MVC, Razor Pages, Minimal API, ...):
builder.AddAspNetIdentityWithSignInManager<ApplicationUser, IdentityDbContext>();

// Or for a host without sign-in manager (e.g. a worker that only needs identity stores):
builder.AddAspNetIdentity<ApplicationUser, IdentityDbContext>();

For Blazor Server hosts, additionally register your own IStrataraAuthenticationStateProvider implementation (and the AuthenticationStateProvider forwarder). Stratara does not ship a Blazor-specific provider — the previous BlazorAuthenticationStateProvider lived here in 1.x but moved out in v2.0.0 to keep this package application-agnostic.

Dependencies

  • Stratara.Identity.Core — channel-agnostic abstractions (IStrataraSignInManager, IStrataraAuthenticationStateProvider) + shared model records.
  • Stratara.Shared — multitenancy + session-context types.
  • Microsoft.AspNetCore.App — shared framework reference for SignInManager, IEmailSender<TUser>, etc.
  • Microsoft.AspNetCore.Identity.EntityFrameworkCore — ASP.NET Identity stores.
  • Microsoft.IdentityModel.JsonWebTokens, System.IdentityModel.Tokens.Jwt — JWT helpers for token-based flows.
Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
3.1.4 92 6/15/2026
3.1.3 96 6/10/2026
3.1.2 117 6/5/2026
3.1.1 184 6/1/2026
3.1.0 111 5/30/2026
3.0.23 100 5/28/2026

### Fixed

- **`FileMasterKeyProvider` now rejects a master KEK that is not exactly 32 bytes at startup.**
 The KEK is used directly as an AES-256-GCM key, which accepts only 16/24/32-byte keys. The
 provider previously required merely *at least* 32 bytes, so a longer KEK (for example the
 48-byte output of `openssl rand -base64 48`, a common HKDF master-key recipe) passed both
 construction and the eager `FileKeyStoreStartupProbe`, then threw
 `CryptographicException: Specified key is not a valid size for this algorithm` on the **first**
 key creation at runtime — defeating the purpose of the boot-time probe. The provider now
 validates the decoded length is exactly 32 bytes and fails fast at boot with an actionable
 message (`Generate one with: openssl rand -base64 32`). A 32-byte KEK is unaffected.
- **`EnvelopeFileKeyStore` is now safe for multiple processes sharing one store file** (for
 example several containers bind-mounting the same host directory). Previously a process only
 read the store once at construction, so a data-encryption key created by another process after
 startup was invisible (`GetDataEncryptionKeyAsync` returned `null`, breaking decryption), and
 two processes creating keys concurrently could overwrite each other's keys or mint colliding
 versions for the same scope. Reads now reload from disk on a cache miss (guarded by the file's
 last-write time to avoid reload storms), and every mutation serializes through an exclusive
 cross-process lock file and re-reads the latest on-disk state before writing. A networked file
 system (NFS/SMB) remains unsupported — it guarantees neither atomic rename nor reliable advisory
 locks.

### Added

- **`LogEvents.KeyManagement.KeyStoreReloaded` (112_006)** — debug-level event emitted when the
 file key store reloads its state from disk to pick up keys written by another process.