Microsoft has detailed the major updates to ASP.NET Core arriving as part of last month's .NET 10 release. As reported, this version delivers extensive improvements across Blazor, Minimal APIs, OpenAPI generation, authentication, and general framework performance. The update is described as one of the most comprehensive ASP.NET Core iterations to date, with changes spanning development, diagnostics, runtime behavior, and security.
According to Microsoft, Blazor receives the broadest set of enhancements. The team introduced updated security samples for Blazor Web Apps, offering clearer guidance for OpenID Connect, Microsoft Entra ID, and Windows Authentication scenarios. Sample solutions now include separate API projects to demonstrate secure web API calls, and configuration can be supplied through JSON settings files for a more flexible setup.
Other Blazor improvements include support for client-side fingerprinting, updated QuickGrid features, static asset preloading changes, updated routing behavior, and changes to NavigationManager to prevent unnecessary scrolling. The Blazor template now includes a dedicated reconnection UI component, reflecting stricter Content Security Policy requirements. Support has also been added for new JavaScript interop APIs, expanded state persistence, improved validation, and enhanced WebAssembly diagnostics and performance profiling.
In the documentation, Microsoft shows how the TypedResults.ServerSentEvents API can stream heart rate events as JSON to clients:
app.MapGet("/json-item", (CancellationToken cancellationToken) => { async IAsyncEnumerable<HeartRateRecord> GetHeartRate( [EnumeratorCancellation] CancellationToken cancellationToken) { while (!cancellationToken.IsCancellationRequested) { var heartRate = Random.Shared.Next(60, 100); yield return HeartRateRecord.Create(heartRate); await Task.Delay(2000, cancellationToken); } } return TypedResults.ServerSentEvents(GetHeartRate(cancellationToken), eventType: "heartRate"); }); Furthermore, Microsoft states that Minimal APIs gain built-in validation support, improved handling of empty form values, compatibility with record types, and tighter integration with IProblemDetailsService for consistent error responses. The framework now also supports returning Server-Sent Events, enabling a simpler model for streaming data to clients. Validation APIs have moved into a new namespace to make them usable beyond HTTP scenarios.
OpenAPI support in ASP.NET Core has been significantly updated with full OpenAPI 3.1 compatibility. Microsoft reports improvements in schema generation, YAML output support, XML documentation processing, and new options for endpoint-specific transformers. The internal OpenAPI.NET library has been updated to version 2.0, bringing breaking changes for authors who use custom transformers, but also improving the accuracy and flexibility of generated documents.
The release also introduces new authentication and authorization metrics, enhanced behavior for API endpoints protected by cookie authentication, and expanded support for WebAuthn passkeys in ASP.NET Core Identity. Updates to exception handling now allow suppression of diagnostic output, while Kestrel and HTTP.sys both receive improvements: better handling of *.localhost domains, customizable security descriptors, and automatic eviction within memory pools to reduce resource usage.
In addition, Microsoft has added support for testing applications that use top-level statements, delivered a new JSON Patch implementation based on System.Text.Json with significant performance benefits, and extended MVC and Minimal APIs with PipeReader-based JSON parsing. A new helper, RedirectHttpResult.IsLocalUrl, provides a safer way to validate redirect targets.
Other changes in this release include Hot Reload improvements for Blazor WebAssembly, circuit state persistence allowing users to resume sessions after disconnection, PWA service worker registration updates to prevent caching issues, and a new InputHidden component for hidden form fields.
Also, ASP.NET Core Identity-specific metrics for user management and login tracking, Blazor WebAssembly support for UI culture settings, improved XML comment handling, enhanced bundler-friendly output, expanded NotFound routing support, serialization extensibility for persistent component state, and updates to Hybrid Blazor with new .NET MAUI guidance.
For interested readers, full release notes and breaking changes are available on Microsoft's official documentation site.