Stratara.Sessions 3.1.1

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package Stratara.Sessions --version 3.1.1
                    


                    

                
NuGet\Install-Package Stratara.Sessions -Version 3.1.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Stratara.Sessions" Version="3.1.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Stratara.Sessions" Version="3.1.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Stratara.Sessions" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Stratara.Sessions --version 3.1.1
                    


                    

                
#r "nuget: Stratara.Sessions, 3.1.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Stratara.Sessions@3.1.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Stratara.Sessions&version=3.1.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Stratara.Sessions&version=3.1.1
                    


                            Install as a Cake Tool

Stratara.Sessions

License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.

Concrete session-context provider + ASP.NET Core middleware for Stratara's Actor/Subject session model. Reads tenant + user identity from JWT claims (with optional X-Tenant-Id / X-Client-Id header fallbacks), populates the ambient ISessionContextProvider, and exposes the Actor/Subject pair to every request.

Since 3.0.10: the X-Tenant-Id header fallback is opt-in via SessionContextOptions.AllowTenantHeader = true (default false). Without the gate, any authenticated principal could pick the tenant their request operated against in hosts whose JWT does not carry the tenant claim. Embed the tenant id in the JWT claim set, or opt in explicitly when an upstream platform-admin role check guards the header.

Quick start

// Program.cs / Startup.cs
builder.Services.AddSessionContext();

// In the middleware pipeline:
app.UseMiddleware<SessionContextMiddleware>();

Then resolve in any scoped service:

public sealed class SomeHandler(ISessionContextProvider sessionContextProvider)
{
    public async Task HandleAsync(...) {
        var session = sessionContextProvider.Current
            ?? throw new InvalidOperationException("Session context not set");

        // session.TenantId        = Subject (data owner) — used for filtering / encryption AAD
        // session.UserId          = Subject user (nullable)
        // session.ActorTenantId   = Actor (who triggered) — audit trail
        // session.ActorUserId     = Actor user — audit trail
    }
}

What's in the box

  • SessionContextProviderinternal sealed impl of ISessionContextProvider, scoped per request. Writes Activity tags (correlation.id, causation.id, tenant.id, user.id) automatically on Set / Clear.
  • SessionContextMiddleware — ASP.NET Core middleware that extracts tenant + user from ClaimTypes.NameIdentifier + stratara:tenant_id claim (with optional X-Tenant-Id header fallback gated by SessionContextOptions.AllowTenantHeader) and constructs a SessionContext with Actor=Subject (the default UserPlatform case).
  • SessionContextOptions — configuration (SessionContext section) controlling the header fallback gate. Bind via services.Configure<SessionContextOptions>(...) or services.AddOptions<SessionContextOptions>().Bind(...).
  • StrataraClaimTypes — claim-name constants (stratara:tenant_id).
  • DefaultTenantIdentifier — sentinel Guid used when no tenant claim or header is present (typically anonymous / system flows).
  • AddSessionContext() DI extension — registers the concrete provider as a scoped service against ISessionContextProvider.

Adopting the Actor/Subject model

For most operations Actor equals the data-owner Subject — a user acts on their own tenant's data. The split only diverges for:

  • PlatformAdmin cross-tenant operations (Subject = customer tenant, Actor = admin tenant)
  • Anonymous endpoints (Actor = Guid.Empty, Subject = the just-minted tenant)
  • System / saga flows (Actor = SessionContext.SystemActorTenantId / SystemActorUserId)

Consumers that reject ambient context (libraries that prefer explicit TenantId parameters everywhere) do not need to take this package — Stratara.Mediator and the rest of the framework work without an ISessionContextProvider registered as long as no path requires it.

Dependencies

  • Stratara.Abstractions — for ISessionContextProvider.
  • Stratara.Contracts — for the SessionContext record (wire-level).
  • Stratara.Diagnostics — for ApplicationDiagnostics activity tags.
  • Microsoft.AspNetCore.Http.Abstractions — for HttpContext / RequestDelegate.
  • Microsoft.Extensions.DependencyInjection.Abstractions.
  • OpenTelemetry.Api.
Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (3)

Showing the top 3 NuGet packages that depend on Stratara.Sessions:

Package Downloads
Stratara.Shared

Umbrella package for the Stratara framework — source-generated logger extensions for outbox / saga / projection / messaging, domain-event helpers, merge primitives, and the Tier-A/B abstractions surface re-exported as one transitive bundle.
Stratara.Outbox.RabbitMQ

Outbox-pattern command and event dispatch for the Stratara event-sourced stack — RabbitMQ IMessageBus implementation, retry worker, mediator command worker, and Redis-coordinated projection-replay state. Azure Service Bus support ships as the sibling Stratara.Outbox.AzureServiceBus package.
Stratara.Infrastructure

Infrastructure glue for the Stratara framework — authorization decorators, configuration providers, and DI composition helpers that wire Mediator, Outbox, Identity, and EF Core into a hosted app.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
3.1.1 45 6/1/2026
3.1.0 84 5/30/2026
3.0.23 105 5/28/2026

### Fixed

- **`FileMasterKeyProvider` now rejects a master KEK that is not exactly 32 bytes at startup.**
 The KEK is used directly as an AES-256-GCM key, which accepts only 16/24/32-byte keys. The
 provider previously required merely *at least* 32 bytes, so a longer KEK (for example the
 48-byte output of `openssl rand -base64 48`, a common HKDF master-key recipe) passed both
 construction and the eager `FileKeyStoreStartupProbe`, then threw
 `CryptographicException: Specified key is not a valid size for this algorithm` on the **first**
 key creation at runtime — defeating the purpose of the boot-time probe. The provider now
 validates the decoded length is exactly 32 bytes and fails fast at boot with an actionable
 message (`Generate one with: openssl rand -base64 32`). A 32-byte KEK is unaffected.
- **`EnvelopeFileKeyStore` is now safe for multiple processes sharing one store file** (for
 example several containers bind-mounting the same host directory). Previously a process only
 read the store once at construction, so a data-encryption key created by another process after
 startup was invisible (`GetDataEncryptionKeyAsync` returned `null`, breaking decryption), and
 two processes creating keys concurrently could overwrite each other's keys or mint colliding
 versions for the same scope. Reads now reload from disk on a cache miss (guarded by the file's
 last-write time to avoid reload storms), and every mutation serializes through an exclusive
 cross-process lock file and re-reads the latest on-disk state before writing. A networked file
 system (NFS/SMB) remains unsupported — it guarantees neither atomic rename nor reliable advisory
 locks.

### Added

- **`LogEvents.KeyManagement.KeyStoreReloaded` (112_006)** — debug-level event emitted when the
 file key store reloads its state from disk to pick up keys written by another process.