Update "What's new in ASP.NET Core in .NET 10" for .NET 10 Preview 6

[danroth27]

Description

Update "What's new in ASP.NET Core in .NET 10" for .NET 10 Preview 6.

Page URL

https://learn.microsoft.com/en-us/aspnet/core/release-notes/aspnetcore-10.0?view=aspnetcore-9.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/release-notes/aspnetcore-10.0.md

Document ID

a7ad4b01-2333-32d8-b759-e044edfb9102

Platform Id

2f8fb8ab-5309-0a77-987a-c867c6517d2b

Article author

@Rick-Anderson

Metadata

• ID: a7ad4b01-2333-32d8-b759-e044edfb9102
• PlatformId: 2f8fb8ab-5309-0a77-987a-c867c6517d2b
• Service: aspnet-core
• Sub-service: release-notes

Related Issues

---

Associated WorkItem - 442589

[BrennanConroy]

Automatic eviction from memory pool

✔ *Resolved

• [x] https://github.com/dotnet/AspNetCore.Docs/issues/35661 WN
• [x] https://github.com/dotnet/AspNetCore.Docs/issues/35662 HTTP.sys docs
• [x] https://github.com/dotnet/AspNetCore.Docs/issues/35663 Kestrel docs

The memory pools used by Kestrel (IIS and Http.Sys too) now automatically evict memory blocks when the application is idle or under less load, helping applications use resources more efficiently.

Why it matters: Previously, memory allocated by the pool would remain reserved, even when not in use. With this enhancement, when the app is idle for a period of time memory is now released back to the system, reducing overall memory usage and helping applications stay responsive under varying workloads.

How to use: No action is needed to benefit from this feature. Memory eviction is handled automatically by the framework.

There are also metrics added to the default memory pool used by our server implementations. The new metrics are under the name "Microsoft.AspNetCore.MemoryPool". See https://learn.microsoft.com/aspnet/core/log-mon/metrics/metrics?view=aspnetcore-9.0 for general information on what metrics are and how to use them.

We have also enabled the ability to use:

public class MyBackgroundService : BackgroundService
{
    private readonly MemoryPool<byte> _memoryPool;

    public MyBackgroundService(IMemoryPoolFactory<byte> factory)
    {
        _memoryPool = factory.CreatePool();
    }

    protected override async Task ExecuteAsync(CancellationToken stoppingToken)
    {
        while (!stoppingToken.IsCancellationRequested)
        {
            try
            {
                await Task.Delay(20, stoppingToken);
                // do work that needs memory
                var rented = _memoryPool.Rent(100);
                rented.Dispose();
            }
            catch (OperationCanceledException)
            {
                return;
            }
        }
    }
}

or replace the memory pool being used:

services.AddSingleton<IMemoryPoolFactory<byte>, CustomMemoryPoolFactory>();

public class CustomMemoryPoolFactory : IMemoryPoolFactory<byte>
{
    public MemoryPool<byte> Create()
    {
        // Return a custom MemoryPool implementation or the default.
        return MemoryPool<byte>.Shared;
    }
}

[maraf]

✔ Resolved — Blazor WebAssembly preloading

We have replaced link headers with <LinkPreload /> component for preloading WebAssembly assets. It allows use to rely on <base href="..." /> to correctly identify blazor application root. Also removing the component will disable the features for cases where for example the application is using loadBootResource callback to modify URLs anyhow.

The change requires a change to user applications by placing component somewhere near after the base tag

<base href="/" />
+<LinkPreload />

Docs resolved on https://github.com/dotnet/AspNetCore.Docs/pull/35698.

[maraf]

✔ Resolved — Blazor build producing javascript bundler friendly output

The default blazor build output is not compatible with tools like webpack or rollup. By setting WasmBundlerFriendlyBootConfig=true blazor build produce a javascript tools friendly output. This output is not directly runnable in the browser, but it can be consumed by webpack or rollup to bundle javascript files with the rest of the user scripts. The setup is works for publish, because during for blazor build files are served from multiple locations to minify file writes.

Additional details in https://github.com/dotnet/AspNetCore.Docs/issues/35631.

Docs resolved on https://github.com/dotnet/AspNetCore.Docs/pull/35698.

[ilonatommy]

✔ Resolved — NotFound works with streaming that has started

details: https://github.com/dotnet/AspNetCore.Docs/issues/35630

Docs resolved on https://github.com/dotnet/AspNetCore.Docs/pull/35698.

[oroztocil]

✔ Resolved — Improved form validation for Blazor

Blazor now has improved form validation capabilities including support for validating properties of nested objects and collection items.

To create a validated form, use a DataAnnotationsValidator component inside an EditForm component, just as before. To opt into the new validation feature, do the following:

1. Call the AddValidation extension method in your application setup.
2. Declare the form model types in a .cs file (i.e., not a .razor file).
3. Annotate the root form model type with the [ValidatableType] attribute.

Without these steps, the validation behavior remains the same as in previous versions.

See the example below (details omitted for brevity):

//// Program.cs

var builder = WebApplication.CreateBuilder(args);
builder.Services.AddRazorComponents();

// This line enables the new validation behavior.
builder.Services.AddValidation();

//// Data/OrderModel.cs

// This attribute is needed on the top-level model type. The other types are discovered automatically.
[ValidatableType]
public class OrderModel
{
    public CustomerModel CustomerDetails { get; set; } = new CustomerModel();
    public List<OrderItemModel> OrderItems { get; set; } = new List<OrderItemModel>();
}

public class CustomerModel
{
    [Required(ErrorMessage = "Name is required.")]
    public string? FullName { get; set; }

    [Required(ErrorMessage = "Email is required.")]
    [Required(ErrorMessage = "Invalid email address.")]
    public string? Email { get; set; }

    public AddressModel ShippingAddress { get; set; } = new AddressModel();
}

//// Pages/Order.razor

<EditForm Model="@order">
    <DataAnnotationsValidator />

    <h4>Customer Details</h4>
    <div class="mb-3">
        <label for="customerFullName">Full Name</label>
        <InputText id="customerFullName" @bind-Value="order.CustomerDetails.FullName" />
        <ValidationMessage For="@(() => order.CustomerDetails.FullName)" />
    </div>

    // ...
</EditForm>

@code {
    private OrderModel order = new OrderModel();
}

Note that the requirement to declare the model types outside of .razor files is due to the fact that both the validation feature and the Razor compiler itself are using a source generator. Currently, output of one source generator cannot be used as an input for another source generator.

Docs resolved on https://github.com/dotnet/AspNetCore.Docs/pull/35698.

[pavelsavara]

✔ Resolved — Blazor diagnostics improvements

• All Blazor traces are top level now in the Aspire dashboard and in App Insights, not under HTTP or SignalR parent trace
• CircuitStart trace moved to separate Microsoft.AspNetCore.Components.Server.Circuits source

builder.Services.ConfigureOpenTelemetryTracerProvider(tracerProvider =>
{
    tracerProvider.AddSource("Microsoft.AspNetCore.Components");
+   tracerProvider.AddSource("Microsoft.AspNetCore.Components.Server.Circuits");
});

Resolved by https://github.com/dotnet/aspnetcore/pull/62286

Docs resolved on https://github.com/dotnet/AspNetCore.Docs/pull/35698.

[ilonatommy]

✔ Resolved — Flipping the NavigationException switch

With https://github.com/dotnet/aspnetcore/pull/62377 we have a new default behavior and new name:

"Microsoft.AspNetCore.Components.Endpoints.NavigationManager.EnableThrowNavigationException", default value: false ->
"Microsoft.AspNetCore.Components.Endpoints.NavigationManager.DisableThrowNavigationException", default value: true.

Docs resolved on https://github.com/dotnet/AspNetCore.Docs/pull/35698.

[guardrex]

UPDATE: I've mostly been OOF for the past couple of weeks due to the annual contract layover period, but I'm back now. 🏃‍♂ I'll have the Pre6 PR for Blazor coverage up by Tuesday (July 8). I'll ping everyone to look at their bits on Monday, July 7.

[mikekistler]

✔ Resolved — Add passkey support to ASP.NET Core Identity

Passkeys are a modern, phishing-resistant authentication method that improves security and user experience by leveraging public key cryptography and device-based authentication. ASP.NET Core Identity now supports passkey authentication based on WebAuthn and FIDO2 standards. This feature allows users to sign in without passwords, using secure, device-based authentication methods like biometrics or security keys.

The Blazor Web App template provides out-of-the-box passkey management and login functionality.

Developers can use new APIs to enable and manage passkey authentication in existing apps.

Docs resolved on https://github.com/dotnet/AspNetCore.Docs/pull/35698.

Only What's New coverage is provided for Preview 6. Reference coverage, which will be a new article in the main doc set's security guidance, and migration guidance will be published for Preview 7.

[mikekistler]

Minimal API Validation integration with IProblemDetailsService

• [x] https://github.com/dotnet/AspNetCore.Docs/issues/35737 WN
• [ ] https://github.com/dotnet/AspNetCore.Docs/issues/35738 Docs (Wade will own)

Error responses from the validation logic for minimal APIs can now be customized by an IProblemDetailsService implementation provided in the application services collection (DI container). This enables more consistent and user-specific error responses in an ASP.NET Core application.

Community contribution from @marcominerva. Thank you!

[mikekistler]

Unified validation APIs moved to extensions package

• [x] https://github.com/dotnet/AspNetCore.Docs/issues/35743 WN
• [ ] https://github.com/dotnet/AspNetCore.Docs/issues/35744 Docs

The validation APIs have been moved to the Microsoft.Extensions.Validation namespace/NuGet package, making them usable outside of ASP.NET Core HTTP scenarios. The public APIs and their behavior remain the same, just under a new package and namespace. Existing projects should not require code changes; old references will redirect to the new implementation.

[guardrex]

@mikekistler ... Can I have the PR cross-link for the passkey work in the framework?

@danroth27 @wadepickett @tdykstra ... We'll need to strategize a bit on the passkey coverage ...

Normally, we'd have the main doc set article written first; then if a Blazor-specific article is needed to fill in the gaps for Blazor, I'd add it later to Blazor's Security and Identity node.

I don't have much time here until July 8. I just returned from the two-week contract layover, and I'm kind'a slammed with Pre6 Blazor work. I don't think I can write an article for the main doc set in time for the Pre6 release. I can do so immediately after the Pre6 release. If Blazor needs it's own content, I can work it up after that.

[mikekistler]

@guardrex All of my entries have PR links embedded in HTML comments. Here's the one for Passkey support:

<!--https://github.com/dotnet/dotnet/pull/1237 -->

[guardrex]

✔ Resolved — Blazor custom cache removal

cc: @maraf ... I'll be wrapping up the Blazor Pre6 PR and calling everyone in for reviews on Monday.

Docs resolved on https://github.com/dotnet/AspNetCore.Docs/pull/35698.

[guardrex]

@danroth27 ... The bits on the .NET Core release notes for "Blazor Server state persistence" didn't make there way here. I'll get on the updates for that a little bit now (I'm running out of time today 🏃‍♂) and wrap it up first thing Tuesday morning.

~Also, we still don't have coverage here for passkeys. I still recommend only a What's New entry for it at this time but with BWA configuration information in the section. Sitting here right now, I have no knowledge of the config, nor do I know if RP/MVC will have deltas forcing a special Blazor node article on the subject in addition to a main doc set article. I'll need to research this further. I still think I can get What's New coverage by release time tomorrow. I can write the article on it for the main doc set, but that would end up being post Pre6 release ... that is if you don't want to wait for the dust to settle a bit more on the feature until perhaps Pre7 or one of the RCs.~

Passkeys coverage issue: #35712 ... Let's take up the discussion there.

[guardrex]

Blazor Server state persistence

Waiting to hear offline if the content will come in from the PU or if 🦖 will write it up.

Docs work tracked by #35711.

[wadepickett]

Minimal API validation integration with IProblemDetailsService- WN 10 P6

TODO: Enter tracking issues for docs to update

(Verify against latest for this section in Release notes PR: https://github.com/dotnet/core/pull/9965 before using the following)

Minimal API validation error responses can now be customized using an IProblemDetailsService implementation in the services collection (DI container). This enables more consistent and user-specific error responses.

Community contribution from @marcominerva. Thank you!

[wadepickett]

Validation APIs moved to extensions package

(Verify against latest for this section inRelease notes PR: https://github.com/dotnet/core/pull/9965 before using the following)

The validation APIs moved to the Microsoft.Extensions.Validation namespace and NuGet package, making them usable outside ASP.NET Core scenarios. The public APIs and behavior remain the same, just under a new package and namespace. Existing projects should work without code changes as old references redirect to the new implementation. The APIs are marked as experimental and subject to future changes.