Stratara.Identity.Core
3.1.0
See the version list below for details.
dotnet add package Stratara.Identity.Core --version 3.1.0
NuGet\Install-Package Stratara.Identity.Core -Version 3.1.0
<PackageReference Include="Stratara.Identity.Core" Version="3.1.0" />
<PackageVersion Include="Stratara.Identity.Core" Version="3.1.0" />
<PackageReference Include="Stratara.Identity.Core" />
paket add Stratara.Identity.Core --version 3.1.0
#r "nuget: Stratara.Identity.Core, 3.1.0"
#:package Stratara.Identity.Core@3.1.0
#addin nuget:?package=Stratara.Identity.Core&version=3.1.0
#tool nuget:?package=Stratara.Identity.Core&version=3.1.0
Stratara.Identity.Core
License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.
Channel-agnostic identity primitives for the Stratara stack. Ships the shared model records, interfaces, and the typed HttpClient wrapper consumed by host-specific packages (e.g. Stratara.Identity.AspNetCore for server-side Blazor, with consumer-supplied implementations for non-web hosts such as mobile or desktop).
What's in the box
| Folder | Contents |
|---|---|
Models/ |
AccessTokenInfo (persisted token + expiry), LoginRequest / LoginResponse (HTTP payload shape), ClaimsResponse / ClaimDto (identity-endpoint claims), StrataraSignInResult (standalone, channel-agnostic sign-in outcome with localized failure message, token info, resolved user id, two-factor / lockout flags — no inheritance from Microsoft.AspNetCore.Identity.SignInResult) |
Abstractions/ |
IStrataraSignInManager (per-channel sign-in dispatch), IStrataraAuthenticationStateProvider (auth-state surface), ITokenStorage (secure-storage abstraction), IStrataraRedirectManager (host-native post-auth redirect) |
HttpClientHelper.cs |
IHttpClientHelper + default impl — typed wrapper so identity services can depend on the right configured HttpClient (auth handler + base address) without coupling to specific names |
Quick start
Reference this package from any host or library that needs to consume the Stratara identity surface (model records or the abstractions). Host-specific concrete implementations live in Stratara.Identity.AspNetCore for server-side Blazor; non-web host implementations are supplied by the consumer app.
Dependencies
Stratara.Shared— diagnostics, multitenancy types, session-context helpers used by the host-specific implementations downstream.
No ASP.NET Core / Microsoft.AspNetCore.Identity dependency by design — this package is consumable from MAUI, console, and unit-test contexts without dragging the ASP.NET runtime in transitively.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- Stratara.Shared (>= 3.1.0)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on Stratara.Identity.Core:
| Package | Downloads |
|---|---|
|
Stratara.Identity.AspNetCore
Channel-agnostic ASP.NET Core identity wiring for the Stratara stack — AddAspNetIdentity and AddAspNetIdentityWithSignInManager extensions, IStrataraSignInManager wrapper, EF stores, i18n'd failure messages, optional passkey support. Consumers wire their own AuthenticationStateProvider (Blazor Server, MAUI, etc.). |
GitHub repositories
This package is not used by any popular GitHub repositories.
**Breaking release.** The `IKeyStore` and `ISecureBlobEncryptor` contracts changed shape, a new
dependency-light `Stratara.Security` package now owns the production key store and envelope
encryption, and a new vendor-neutral `Stratara.Validation` package adds request validation as a
`Stratara.Mediator` pipeline behavior. Consumers must recompile and adapt call sites; data
encrypted under the previous HKDF-style key model is **not** binary-compatible and needs a
re-encrypt pass on its own schedule.
### Added
- **`Stratara.Validation` — vendor-neutral request validation.** A new package providing a
mediator pipeline behavior that runs `IValidator<T>` implementations before the handler and
throws an aggregated `StrataraValidationException` on failure. Register with
`AddStrataraValidation()` (outermost behavior) and `AddValidatorsFromAssemblyContaining<T>()`.
Only `ValidationSeverity.Error` blocks the request; `Warning`/`Info` failures pass through and
are logged. The package has no FluentValidation dependency — the contract is intentionally
FluentValidation-shape-compatible so an optional adapter can be added later.
- **Validation contracts in `Stratara.Abstractions`** (namespace `Stratara.Abstractions.Validation`):
`IValidator<T>`, `ValidationResult`, `ValidationFailure`, `ValidationSeverity`, and
`StrataraValidationException`. Declaring the exception in `Stratara.Abstractions` lets a
consumer's global exception handler map validation failures to its own error model (e.g.
RFC-7807 ProblemDetails) without referencing the behavior package.
- **`Stratara.Security` — production key store + envelope encryption (dependency-light).** Adds
`EnvelopeFileKeyStore`, a file-backed `IKeyStore` storing **KEK-wrapped, versioned per-scope
data-encryption keys** (rotation, single-version revoke, and whole-scope crypto-shred), plus a
`FileMasterKeyProvider` (`IMasterKeyProvider`, the KEK custody seam), an AES-GCM
`ISecureBlobEncryptor`, and the Development-only `DummyKeyStore`. Register with
`AddStrataraFileKeyStore(configuration)`. The package references only `Stratara.Abstractions` +
BCL crypto + `Microsoft.Extensions.*` abstractions — no EF Core, RabbitMQ, Redis, or cloud SDKs —
so lean consumers can encrypt without pulling in `Stratara.Infrastructure`.
- **New security contracts in `Stratara.Abstractions.Security`:** `KeyScope`, `KeyMaterial`, and
`IMasterKeyProvider`.
### Changed
- **BREAKING — `IKeyStore`.** Replaced `EnsureKeyAsync(level, Guid? tenantId, Guid? userId)` with
`GetOrCreateCurrentKeyAsync(KeyScope)` returning `KeyMaterial` (key id + bytes in one call), and
added `RotateAsync(KeyScope)` and `EraseScopeAsync(KeyScope)`. `RevokeAsync(string keyId)` now
performs a real crypto-shred (the production store no longer treats it as a no-op). Scope
identifiers are `string?` (carrying both slugs and `Guid.ToString()` values) rather than `Guid?`.
- **BREAKING — `ISecureBlobEncryptor`.** `EncryptAsync`/`DecryptAsync` now take a `KeyScope` and a
`purpose` instead of a bare `Guid tenantId`. The encrypted stream gains a leading version byte
(v2) and a `purpose` field; legacy streams without the version byte remain readable (configurable
via `Stratara.Security` options).
- The AES-GCM encryption factory, blob encryptor, and dev key store moved out of
`Stratara.Infrastructure` into `Stratara.Security`; `AddSecurity()` now delegates to it. The
field/JSON `[EncryptData]` path (`ISecureJsonSerializer`) stays in `Stratara.Infrastructure`.
This brings the lockstep family to **22 packable packages**.