Stratara.Identity.AspNetCore
3.1.4
dotnet add package Stratara.Identity.AspNetCore --version 3.1.4
NuGet\Install-Package Stratara.Identity.AspNetCore -Version 3.1.4
<PackageReference Include="Stratara.Identity.AspNetCore" Version="3.1.4" />
<PackageVersion Include="Stratara.Identity.AspNetCore" Version="3.1.4" />
<PackageReference Include="Stratara.Identity.AspNetCore" />
paket add Stratara.Identity.AspNetCore --version 3.1.4
#r "nuget: Stratara.Identity.AspNetCore, 3.1.4"
#:package Stratara.Identity.AspNetCore@3.1.4
#addin nuget:?package=Stratara.Identity.AspNetCore&version=3.1.4
#tool nuget:?package=Stratara.Identity.AspNetCore&version=3.1.4
Stratara.Identity.AspNetCore
License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.
Channel-agnostic ASP.NET Core identity wiring for the Stratara stack. Provides the AddAspNetIdentity / AddAspNetIdentityWithSignInManager extension methods and an IStrataraSignInManager wrapper around the ASP.NET Core SignInManager. Channel-specific glue (Blazor Server's AuthenticationStateProvider, MAUI session-state forwarders, etc.) is the consumer's responsibility — Stratara intentionally stops at the ASP.NET-Core-generic surface to stay application-agnostic.
What's in the box
| Folder | Contents |
|---|---|
DependencyInjection/AspCoreIdentityServiceCollectionExtensions |
AddAspNetIdentity<TUser, TIdentityDbContext>() (Stratara password/lockout/schema-v3/passkey defaults), AddAspNetIdentityWithSignInManager<TUser, TIdentityDbContext>() (same + AspNetSignInManager + localization), AddDevelopmentNoOpEmailSender<TUser>() (dev-only, throws in Production) |
Services/AspNetSignInManager<TUser> |
Wraps SignInManager<TUser> + UserManager<TUser> and produces StrataraSignInResult with already-localized failure messages |
Services/IdentityNoOpEmailSender<TUser> |
Development-time email sender that drops every email (Task.CompletedTask); replace in production |
Resources/IdentityResources |
Resource-anchor for sign-in failure messages. English default ships in IdentityResources.resx; IdentityResources.de.resx provides German overrides. AddAspNetIdentityWithSignInManager calls AddLocalization() so IStringLocalizer<IdentityResources> resolves automatically. |
Localization
AspNetSignInManager resolves its five user-facing failure messages (Identity.SignIn.Lockout, NotAllowed, InvalidCredentials, InvalidTwoFactor, InvalidRecoveryCode) via IStringLocalizer<IdentityResources>. Languages out of the box: English (default) and German (de). To add another culture, ship a satellite .resx (e.g. IdentityResources.fr.resx) in your own assembly and register a chained IStringLocalizer<IdentityResources> if needed. Selection follows CultureInfo.CurrentUICulture — wire up app.UseRequestLocalization(...) to map this from the request.
Quick start
// Channel-agnostic ASP.NET Core host (MVC, Razor Pages, Minimal API, ...):
builder.AddAspNetIdentityWithSignInManager<ApplicationUser, IdentityDbContext>();
// Or for a host without sign-in manager (e.g. a worker that only needs identity stores):
builder.AddAspNetIdentity<ApplicationUser, IdentityDbContext>();
For Blazor Server hosts, additionally register your own IStrataraAuthenticationStateProvider implementation (and the AuthenticationStateProvider forwarder). Stratara does not ship a Blazor-specific provider — the previous BlazorAuthenticationStateProvider lived here in 1.x but moved out in v2.0.0 to keep this package application-agnostic.
Dependencies
Stratara.Identity.Core— channel-agnostic abstractions (IStrataraSignInManager,IStrataraAuthenticationStateProvider) + shared model records.Stratara.Shared— multitenancy + session-context types.Microsoft.AspNetCore.App— shared framework reference forSignInManager,IEmailSender<TUser>, etc.Microsoft.AspNetCore.Identity.EntityFrameworkCore— ASP.NET Identity stores.Microsoft.IdentityModel.JsonWebTokens,System.IdentityModel.Tokens.Jwt— JWT helpers for token-based flows.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- Microsoft.AspNetCore.Identity.EntityFrameworkCore (>= 10.0.8)
- Microsoft.IdentityModel.JsonWebTokens (>= 8.18.0)
- Stratara.Identity.Core (>= 3.1.4)
- Stratara.Shared (>= 3.1.4)
- System.IdentityModel.Tokens.Jwt (>= 8.18.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
### Added
- **Command-workload isolation (heavy-command lane)** — long-running commands can now be routed to a
dedicated worker lane so they cannot starve interactive commands. Mark a command with the new
`Stratara.Abstractions.Mediator.IHeavyCommand` marker and the `ICommandOutboxDispatcher`
automatically publishes it to a separate heavy-command topic (`IMessagingIdentifier.HeavyCommandTopic` /
`HeavyCommandSubscription`, configurable under `Messaging:HeavyCommand`, defaulting to `heavy-command` /
`heavy-command-subscription`). Run a dedicated heavy-command worker with the new
`services.AddHeavyCommandWorker(degreeOfParallelism?)` extension, or the
`builder.AddHeavyCommandWorkerServices(degreeOfParallelism?)` host composite — in the same process as
the interactive worker (two lanes) or in a separately scaled host. Each worker's degree of parallelism
is configurable per lane. `IMessagingIdentifier` gains `HeavyCommandTopic`, `HeavyCommandSubscription`,
and the `GetCommandTopic(Type)` / `GetCommandSubscription(Type)` routing helpers. The interactive lane
(`AddMediatorWorker()`) is unchanged and remains the default; commands not marked heavy keep their
existing routing. If a heavy command is dispatched while no heavy worker is bound, the publish is
rejected and the command is preserved in the outbox until a heavy-command worker comes online — it is
never dropped. Works over both the RabbitMQ and Azure Service Bus message buses (Azure Service Bus
requires the heavy-command topic/subscription to be provisioned, like the existing command topic). New
log-event ID `105_005` (`CommandWorkerLaneStarted`) in `Stratara.Diagnostics`.
- **Observability metrics across the worker pipeline** (`Stratara.Diagnostics`) — the shared
`Stratara.Service` meter now publishes throughput and latency instruments so operators can see how the
event-sourcing pipeline is behaving instead of flying blind on a single counter. New instruments:
`event_source.events.appended` (counter, tagged by `event.type` / `aggregate.type`),
`outbox.published` (counter, tagged by `outbox.kind` = `command` / `event`), `command.duration`
(histogram, ms, tagged by `request.type` / `outcome`), `projection.events.processed` (counter) +
`projection.bundle.duration` (histogram, ms), `saga.events.processed` (counter) +
`saga.bundle.duration` (histogram, ms), and `saga.inflight` (up/down counter). They are recorded by the
event source, command worker, projection worker, saga worker, and outbox worker respectively. Because
projections and sagas are real-time bus subscribers without a persisted checkpoint, these report
**throughput and latency**, not consumer lag. No configuration is required — point any OpenTelemetry
metrics exporter at the `Stratara.Service` meter.
- **Operational health checks for the event store and outbox** (`Stratara.EventSourcing.EntityFrameworkCore`) —
two opt-in readiness checks added to any `IHealthChecksBuilder`: `AddEventStoreHealthCheck()` verifies
the write-side database is reachable, and `AddOutboxHealthCheck(degradedThreshold?, unhealthyThreshold?)`
reports the pending outbox backlog (exposed under the `pending` data key) and escalates to
`Degraded` / `Unhealthy` when the backlog crosses the supplied thresholds. Both are tagged `ready` by
default (so they map to a readiness endpoint, not liveness) and require the Stratara write store to be
registered. The write-store DbContext is now also resolvable as a scoped `IWriteDbContext` service to
support these checks.
- **Polly-backed mediator resilience behavior** (`Stratara.Resilience`) — an opt-in pipeline behavior
wraps the in-process dispatch of a request marked with the new
`Stratara.Abstractions.Resilience.IResilientRequest` in the named Polly pipeline the request selects
(`ResiliencePipelineName`). Register it with the new `AddStrataraResilienceBehavior()` (after
`AddStrataraValidation()` / `AddStrataraTenantIsolation()` so the retry wraps the handler, not the
guards); requests without the marker are unaffected. A new built-in pipeline
`ResilienceNames.ConcurrencyConflict` retries **only** on
`Stratara.Abstractions.Persistence.ConcurrencyConflictException` (5 attempts, short exponential
backoff) so a handler that re-reads and re-applies on an optimistic-concurrency clash succeeds without
bespoke retry loops; it is registered by `AddResiliencePipelines()` alongside the existing message-bus
and dispatcher pipelines. Only mark handlers that are safe to re-run (idempotent or concurrency-guarded).