ASP.NET Core 10.0, part of the broader .NET 10 release, introduces several new features and enhancements. The key focus areas include improvements to Blazor, OpenAPI support, and Minimal APIs, along with enhanced security and performance.
![ASPDotNET10]()
1. Blazor Enhancements
Blazor WebAssembly Performance: ASP.NET Core 10.0 includes significant performance optimizations for Blazor WebAssembly, such as preloading static assets to improve startup times and enhanced diagnostics for performance profiling.
Form Validation: The new release offers improved form validation, including full-object graph validation, which allows for more complex and robust validation logic.
State Persistence: Blazor Server now includes features for persistent component state, which improves resilience and scalability.
QuickGrid: The QuickGrid component has been updated with new features like RowClass for conditional styling and improved navigation that prevents unwanted page scrolling on same-page updates.
Blazor QuickGrid RowClass
The new RowClass parameter on the Blazor QuickGrid component allows for easy conditional styling of rows. This simplifies UI logic, moving it from CSS selectors to C# code.
HTML
<QuickGrid Items="items" RowClass="GetRowCssClass">
<PropertyColumn Property="@(p => p.Name)" Title="Name" />
<PropertyColumn Property="@(p => p.IsArchived)" Title="Archived" />
</QuickGrid>
@code {
private string GetRowCssClass(MyGridItem item)
{
return item.IsArchived ? "archived-row" : null;
}
}
2. OpenAPI & Minimal APIs
OpenAPI 3.1 Support: ASP.NET Core 10.0 provides full support for OpenAPI 3.1, allowing for more comprehensive API documentation. This includes compliance with the JSON Schema draft 2020-12 and the ability to serve OpenAPI documents in YAML format.
Minimal API Validation: Built-in support for validation is now available in Minimal APIs. This allows you to define validation rules using DataAnnotations attributes on parameters and models, with the runtime automatically returning a 400 Bad Request response on failure.
Simplified API Development: Minimal APIs have been further enhanced to make building lightweight web services even easier. A new feature allows you to inject services into minimal APIs without needing the [FromServices] attribute.
app.MapPost("/person", ([Validate] Person person) =>
{
// The framework handles validation. This code only runs if the person object is valid.
return Results.Created($"/person/{person.Id}", person);
});
public record Person(
[Required] int Id,
[StringLength(50)] string Name,
[EmailAddress] string Email
);
// Old way (pre-10.0)
app.MapGet("/users", ([FromServices] IUserService userService) =>
{
return userService.GetAllUsers();
});
// New way (10.0)
app.MapGet("/users", (IUserService userService) =>
{
return userService.GetAllUsers();
});
3. Authentication and Security
New features and APIs have been added to make applications more secure and easier to manage.
Passwordless Authentication: There is enhanced support for Passkeys (WebAuthn + FIDO2), which allows for secure, passwordless sign-ins using biometrics or hardware security keys.
Built-in Metrics: New built-in metrics provide a way to monitor key authentication and authorization events, such as sign-ins, sign-outs, and authorization failures, which is crucial for modern observability.
API Authentication Behavior: API endpoints now return 401 or 403 status codes for unauthenticated requests by default, aligning with common API best practices and preventing unintended redirects to login pages.
Open Redirect Protection: A new RedirectHttpResult.IsLocalUrl helper method helps developers validate URLs before redirecting to them, effectively preventing open redirection attacks.
Security is always at the forefront of a new .NET release, and .NET 10 doesn't disappoint. A standout feature is the enhanced support for Passkeys. In a world where passwords are a constant security risk, passkeys offer a more secure, phishing-resistant alternative using WebAuthn and FIDO2 standards. With new, simplified APIs and updated templates, implementing passwordless authentication is now easier than ever. This is a crucial step towards a more secure web and a win for both developers and users.
4. Developer Productivity and Performance
General improvements to the .NET 10 runtime and the ASP.NET Core framework aim to boost developer productivity and application performance.
Route Syntax Highlighting: The [Route] attribute in Blazor now includes syntax highlighting to help developers visualize and understand the structure of route templates.
Enhanced Diagnostics: The diagnostics tooling has been improved, and a new option allows developers to suppress certain exception handler diagnostics for cleaner logging.
Server-Sent Events (SSE): Support for Server-Sent Events (SSE) has been added, providing a simple way to implement real-time data streaming without the complexity of WebSockets.
.localhost Domain Support: The built-in Kestrel web server now recognizes the .localhost top-level domain as a secure loopback address, which simplifies local development with clear domain separation.
On the performance side, the work never stops. Kestrel, the built-in web server, has received more optimizations under the hood. While you might not see these changes directly in your code, they're working silently to make your applications faster and more efficient with memory. This "free performance" is a hallmark of the .NET platform—you simply recompile your app with the new SDK, and it gets faster.