Stratara.Identity.Core 3.1.1

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package Stratara.Identity.Core --version 3.1.1
                    


                    

                
NuGet\Install-Package Stratara.Identity.Core -Version 3.1.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Stratara.Identity.Core" Version="3.1.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Stratara.Identity.Core" Version="3.1.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Stratara.Identity.Core" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Stratara.Identity.Core --version 3.1.1
                    


                    

                
#r "nuget: Stratara.Identity.Core, 3.1.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Stratara.Identity.Core@3.1.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Stratara.Identity.Core&version=3.1.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Stratara.Identity.Core&version=3.1.1
                    


                            Install as a Cake Tool

Stratara.Identity.Core

License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.

Channel-agnostic identity primitives for the Stratara stack. Ships the shared model records, interfaces, and the typed HttpClient wrapper consumed by host-specific packages (e.g. Stratara.Identity.AspNetCore for server-side Blazor, with consumer-supplied implementations for non-web hosts such as mobile or desktop).

What's in the box

Folder Contents
Models/ AccessTokenInfo (persisted token + expiry), LoginRequest / LoginResponse (HTTP payload shape), ClaimsResponse / ClaimDto (identity-endpoint claims), StrataraSignInResult (standalone, channel-agnostic sign-in outcome with localized failure message, token info, resolved user id, two-factor / lockout flags — no inheritance from Microsoft.AspNetCore.Identity.SignInResult)
Abstractions/ IStrataraSignInManager (per-channel sign-in dispatch), IStrataraAuthenticationStateProvider (auth-state surface), ITokenStorage (secure-storage abstraction), IStrataraRedirectManager (host-native post-auth redirect)
HttpClientHelper.cs IHttpClientHelper + default impl — typed wrapper so identity services can depend on the right configured HttpClient (auth handler + base address) without coupling to specific names

Quick start

Reference this package from any host or library that needs to consume the Stratara identity surface (model records or the abstractions). Host-specific concrete implementations live in Stratara.Identity.AspNetCore for server-side Blazor; non-web host implementations are supplied by the consumer app.

Dependencies

  • Stratara.Shared — diagnostics, multitenancy types, session-context helpers used by the host-specific implementations downstream.

No ASP.NET Core / Microsoft.AspNetCore.Identity dependency by design — this package is consumable from MAUI, console, and unit-test contexts without dragging the ASP.NET runtime in transitively.

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Stratara.Identity.Core:

Package Downloads
Stratara.Identity.AspNetCore

Channel-agnostic ASP.NET Core identity wiring for the Stratara stack — AddAspNetIdentity and AddAspNetIdentityWithSignInManager extensions, IStrataraSignInManager wrapper, EF stores, i18n'd failure messages, optional passkey support. Consumers wire their own AuthenticationStateProvider (Blazor Server, MAUI, etc.).

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
3.1.1 34 6/1/2026
3.1.0 49 5/30/2026
3.0.23 50 5/28/2026

### Fixed

- **`FileMasterKeyProvider` now rejects a master KEK that is not exactly 32 bytes at startup.**
 The KEK is used directly as an AES-256-GCM key, which accepts only 16/24/32-byte keys. The
 provider previously required merely *at least* 32 bytes, so a longer KEK (for example the
 48-byte output of `openssl rand -base64 48`, a common HKDF master-key recipe) passed both
 construction and the eager `FileKeyStoreStartupProbe`, then threw
 `CryptographicException: Specified key is not a valid size for this algorithm` on the **first**
 key creation at runtime — defeating the purpose of the boot-time probe. The provider now
 validates the decoded length is exactly 32 bytes and fails fast at boot with an actionable
 message (`Generate one with: openssl rand -base64 32`). A 32-byte KEK is unaffected.
- **`EnvelopeFileKeyStore` is now safe for multiple processes sharing one store file** (for
 example several containers bind-mounting the same host directory). Previously a process only
 read the store once at construction, so a data-encryption key created by another process after
 startup was invisible (`GetDataEncryptionKeyAsync` returned `null`, breaking decryption), and
 two processes creating keys concurrently could overwrite each other's keys or mint colliding
 versions for the same scope. Reads now reload from disk on a cache miss (guarded by the file's
 last-write time to avoid reload storms), and every mutation serializes through an exclusive
 cross-process lock file and re-reads the latest on-disk state before writing. A networked file
 system (NFS/SMB) remains unsupported — it guarantees neither atomic rename nor reliable advisory
 locks.

### Added

- **`LogEvents.KeyManagement.KeyStoreReloaded` (112_006)** — debug-level event emitted when the
 file key store reloads its state from disk to pick up keys written by another process.