diff --git a/.chloggen/2508.yaml b/.chloggen/2508.yaml
new file mode 100644
index 000000000..4e88b8d84
--- /dev/null
+++ b/.chloggen/2508.yaml
@@ -0,0 +1,4 @@
+change_type: enhancement
+component: aspnetcore
+note: Add ASP.NET Core Identity metrics and update the registry.
+issues: [2509]
diff --git a/docs/dotnet/dotnet-aspnetcore-metrics.md b/docs/dotnet/dotnet-aspnetcore-metrics.md
index 197bb2437..a801bcc77 100644
--- a/docs/dotnet/dotnet-aspnetcore-metrics.md
+++ b/docs/dotnet/dotnet-aspnetcore-metrics.md
@@ -21,6 +21,19 @@ This article defines semantic conventions for ASP.NET Core metrics.
- [Metric: `aspnetcore.rate_limiting.queued_requests`](#metric-aspnetcorerate_limitingqueued_requests)
- [Metric: `aspnetcore.rate_limiting.request.time_in_queue`](#metric-aspnetcorerate_limitingrequesttime_in_queue)
- [Metric: `aspnetcore.rate_limiting.requests`](#metric-aspnetcorerate_limitingrequests)
+- [Identity](#identity)
+ - [Metric: `aspnetcore.identity.user.create.duration`](#metric-aspnetcoreidentityusercreateduration)
+ - [Metric: `aspnetcore.identity.user.update.duration`](#metric-aspnetcoreidentityuserupdateduration)
+ - [Metric: `aspnetcore.identity.user.delete.duration`](#metric-aspnetcoreidentityuserdeleteduration)
+ - [Metric: `aspnetcore.identity.user.check_password_attempts`](#metric-aspnetcoreidentityusercheck_password_attempts)
+ - [Metric: `aspnetcore.identity.user.generated_tokens`](#metric-aspnetcoreidentityusergenerated_tokens)
+ - [Metric: `aspnetcore.identity.user.verify_token_attempts`](#metric-aspnetcoreidentityuserverify_token_attempts)
+ - [Metric: `aspnetcore.identity.sign_in.authenticate.duration`](#metric-aspnetcoreidentitysign_inauthenticateduration)
+ - [Metric: `aspnetcore.identity.sign_in.check_password_attempts`](#metric-aspnetcoreidentitysign_incheck_password_attempts)
+ - [Metric: `aspnetcore.identity.sign_in.sign_ins`](#metric-aspnetcoreidentitysign_insign_ins)
+ - [Metric: `aspnetcore.identity.sign_in.sign_outs`](#metric-aspnetcoreidentitysign_insign_outs)
+ - [Metric: `aspnetcore.identity.sign_in.two_factor_clients_remembered`](#metric-aspnetcoreidentitysign_intwo_factor_clients_remembered)
+ - [Metric: `aspnetcore.identity.sign_in.two_factor_clients_forgotten`](#metric-aspnetcoreidentitysign_intwo_factor_clients_forgotten)
@@ -89,31 +102,11 @@ Exceptions Metric is reported by the `Microsoft.AspNetCore.Diagnostics` meter.
| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
|---|---|---|---|---|---|
-| [`aspnetcore.diagnostics.exception.result`](/docs/registry/attributes/aspnetcore.md) | string | ASP.NET Core exception middleware handling result | `handled`; `unhandled` | `Required` |  |
-| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. [1] | `System.OperationCanceledException`; `Contoso.MyException` | `Required` |  |
-| [`aspnetcore.diagnostics.handler.type`](/docs/registry/attributes/aspnetcore.md) | string | Full type name of the [`IExceptionHandler`](https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.diagnostics.iexceptionhandler) implementation that handled the exception. | `Contoso.MyHandler` | `Conditionally Required` [2] |  |
+| [`aspnetcore.diagnostics.exception.result`](/docs/registry/attributes/aspnetcore.md) | string | ASP.NET Core exception middleware handling result. | `handled`; `unhandled` | `Required` |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException`; `Contoso.MyException` | `Required` |  |
+| [`aspnetcore.diagnostics.handler.type`](/docs/registry/attributes/aspnetcore.md) | string | Full type name of the [`IExceptionHandler`](https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.diagnostics.iexceptionhandler) implementation that handled the exception. | `Contoso.MyHandler` | `Conditionally Required` [1] |  |
-**[1] `error.type`:** The `error.type` SHOULD be predictable, and SHOULD have low cardinality.
-
-When `error.type` is set to a type (e.g., an exception type), its
-canonical class name identifying the type within the artifact SHOULD be used.
-
-Instrumentations SHOULD document the list of errors they report.
-
-The cardinality of `error.type` within one instrumentation library SHOULD be low.
-Telemetry consumers that aggregate data from multiple instrumentation libraries and applications
-should be prepared for `error.type` to have high cardinality at query time when no
-additional filters are applied.
-
-If the operation has completed successfully, instrumentations SHOULD NOT set `error.type`.
-
-If a specific domain defines its own set of error identifiers (such as HTTP or gRPC status codes),
-it's RECOMMENDED to:
-
-- Use a domain-specific attribute
-- Set `error.type` to capture all errors, regardless of whether they are defined within the domain-specific set or not.
-
-**[2] `aspnetcore.diagnostics.handler.type`:** if and only if the exception was handled by this handler.
+**[1] `aspnetcore.diagnostics.handler.type`:** if and only if the exception was handled by this handler.
---
@@ -310,4 +303,576 @@ Meter name: `Microsoft.AspNetCore.RateLimiting`; Added in: ASP.NET Core 8.0
+## Identity
+
+All ASP.NET Core Identity metrics are reported by the `Microsoft.AspNetCore.Identity` meter.
+
+### Metric: `aspnetcore.identity.user.create.duration`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.user.create.duration` | Histogram | `s` | The duration of user creation operations. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`aspnetcore.identity.error_code`](/docs/registry/attributes/aspnetcore.md) | string | The error code for a failed identity operation. | `DefaultError`; `PasswordMismatch` | `Conditionally Required` if an error was set on a failed identity result. |  |
+| [`aspnetcore.identity.result`](/docs/registry/attributes/aspnetcore.md) | string | The result of the identity operation. | `success`; `failure` | `Conditionally Required` if no exception was thrown. |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type or the identity error code. | `System.OperationCanceledException`; `PasswordMismatch` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`aspnetcore.identity.result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Identity operation failed. |  |
+| `success` | Identity operation was successful. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.user.update.duration`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.user.update.duration` | Histogram | `s` | The duration of user update operations. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.identity.user.update_type`](/docs/registry/attributes/aspnetcore.md) | string | The user update type. | `update`; `user_name`; `reset_password` | `Required` |  |
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`aspnetcore.identity.error_code`](/docs/registry/attributes/aspnetcore.md) | string | The error code for a failed identity operation. | `DefaultError`; `PasswordMismatch` | `Conditionally Required` if an error was set on a failed identity result. |  |
+| [`aspnetcore.identity.result`](/docs/registry/attributes/aspnetcore.md) | string | The result of the identity operation. | `success`; `failure` | `Conditionally Required` if no exception was thrown. |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type or the identity error code. | `System.OperationCanceledException`; `PasswordMismatch` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`aspnetcore.identity.result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Identity operation failed. |  |
+| `success` | Identity operation was successful. |  |
+
+---
+
+`aspnetcore.identity.user.update_type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | Any update type that the instrumentation has no prior knowledge of. |  |
+| `access_failed` | Identity user access failure recorded. |  |
+| `add_claims` | Identity user claims added. |  |
+| `add_login` | Identity user login added. |  |
+| `add_password` | Identity user password added. |  |
+| `add_to_roles` | Identity user added to roles. |  |
+| `change_email` | Identity user email changed. |  |
+| `change_password` | Identity user password changed. |  |
+| `change_phone_number` | Identity user phone number changed. |  |
+| `confirm_email` | Identity user email confirmed. |  |
+| `generate_new_two_factor_recovery_codes` | Identity user new two-factor recovery codes generated. |  |
+| `password_rehash` | Identity user password rehashed. |  |
+| `redeem_two_factor_recovery_code` | Identity user two-factor recovery code redeemed. |  |
+| `remove_authentication_token` | Identity user authentication token removed. |  |
+| `remove_claims` | Identity user claims removed. |  |
+| `remove_from_roles` | Identity user removed from roles. |  |
+| `remove_login` | Identity user login removed. |  |
+| `remove_passkey` | Identity user passkey removed. |  |
+| `remove_password` | Identity user password removed. |  |
+| `replace_claim` | Identity user claim replaced. |  |
+| `reset_access_failed_count` | Identity user access failure count reset. |  |
+| `reset_authenticator_key` | Identity user authenticator key reset. |  |
+| `reset_password` | Identity user password reset. |  |
+| `security_stamp` | Identity user security stamp updated. |  |
+| `set_authentication_token` | Identity user authentication token set. |  |
+| `set_email` | Identity user email set. |  |
+| `set_lockout_enabled` | Identity user lockout enabled or disabled. |  |
+| `set_lockout_end_date` | Identity user lockout end date set. |  |
+| `set_passkey` | Identity user passkey set. |  |
+| `set_phone_number` | Identity user phone number set. |  |
+| `set_two_factor_enabled` | Identity user two-factor authentication enabled or disabled. |  |
+| `update` | Identity user updated. |  |
+| `user_name` | Identity user name updated. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.user.delete.duration`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.user.delete.duration` | Histogram | `s` | The duration of user deletion operations. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`aspnetcore.identity.error_code`](/docs/registry/attributes/aspnetcore.md) | string | The error code for a failed identity operation. | `DefaultError`; `PasswordMismatch` | `Conditionally Required` if an error was set on a failed identity result. |  |
+| [`aspnetcore.identity.result`](/docs/registry/attributes/aspnetcore.md) | string | The result of the identity operation. | `success`; `failure` | `Conditionally Required` if no exception was thrown. |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type or the identity error code. | `System.OperationCanceledException`; `PasswordMismatch` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`aspnetcore.identity.result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Identity operation failed. |  |
+| `success` | Identity operation was successful. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.user.check_password_attempts`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.user.check_password_attempts` | Counter | `{attempt}` | The number of check password attempts. Only checks whether the password is valid and not whether the user account is in a state that can log in. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`aspnetcore.identity.password_check_result`](/docs/registry/attributes/aspnetcore.md) | string | The result from checking the password. | `success`; `failure` | `Conditionally Required` if no exception was thrown. |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`aspnetcore.identity.password_check_result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Password check failed. |  |
+| `password_missing` | Password check couldn't proceed because the password was missing from the user. |  |
+| `success` | Password check was successful. |  |
+| `success_rehash_needed` | Password check was successful however the password was encoded using a deprecated algorithm and should be rehashed and updated. |  |
+| `user_missing` | Password check couldn't proceed because the user was missing. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.user.generated_tokens`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.user.generated_tokens` | Counter | `{count}` | The total number of token generations. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.identity.token_purpose`](/docs/registry/attributes/aspnetcore.md) | string | What the token will be used for. | `success`; `failure` | `Required` |  |
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`aspnetcore.identity.token_purpose` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | Any token purpose that the instrumentation has no prior knowledge of. |  |
+| `change_email` | The token is for changing the user email address. |  |
+| `change_phone_number` | The token is for changing a user phone number. |  |
+| `email_confirmation` | The token is for confirming user email address. |  |
+| `reset_password` | The token is for resetting a user password. |  |
+| `two_factor` | The token is for changing user two factor settings. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.user.verify_token_attempts`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.user.verify_token_attempts` | Counter | `{attempt}` | The total number of token verification attempts. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.identity.token_purpose`](/docs/registry/attributes/aspnetcore.md) | string | What the token will be used for. | `success`; `failure` | `Required` |  |
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`aspnetcore.identity.token_verified`](/docs/registry/attributes/aspnetcore.md) | string | The result of token verification. | `success`; `failure` | `Conditionally Required` if no exception was thrown. |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`aspnetcore.identity.token_purpose` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | Any token purpose that the instrumentation has no prior knowledge of. |  |
+| `change_email` | The token is for changing the user email address. |  |
+| `change_phone_number` | The token is for changing a user phone number. |  |
+| `email_confirmation` | The token is for confirming user email address. |  |
+| `reset_password` | The token is for resetting a user password. |  |
+| `two_factor` | The token is for changing user two factor settings. |  |
+
+---
+
+`aspnetcore.identity.token_verified` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Token verification failed. |  |
+| `success` | Token verification was successful. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.sign_in.authenticate.duration`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.sign_in.authenticate.duration` | Histogram | `s` | The duration of authenticate attempts. The authenticate metrics is recorded by sign in methods such as PasswordSignInAsync and TwoFactorSignInAsync. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.authentication_scheme`](/docs/registry/attributes/aspnetcore.md) | string | The authentication scheme to sign in with. | `Identity.Application` | `Required` |  |
+| [`aspnetcore.identity.sign_in.type`](/docs/registry/attributes/aspnetcore.md) | string | The authentication type. | `password`; `two_factor` | `Required` |  |
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`aspnetcore.identity.sign_in.result`](/docs/registry/attributes/aspnetcore.md) | string | Whether the sign in result was success or failure. | `password`; `two_factor` | `Conditionally Required` if no exception was thrown. |  |
+| [`aspnetcore.sign_in.is_persistent`](/docs/registry/attributes/aspnetcore.md) | boolean | A flag indicating whether the sign in is persistent. | | `Conditionally Required` if no exception was thrown. |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`aspnetcore.identity.sign_in.result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Sign in failed. |  |
+| `locked_out` | User is locked out. |  |
+| `not_allowed` | User is not allowed to sign in. |  |
+| `requires_two_factor` | User requires two factory authentication to sign in. |  |
+| `success` | Sign in was successful. |  |
+
+---
+
+`aspnetcore.identity.sign_in.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `external` | Sign in with a previously registered third-party login. |  |
+| `passkey` | Sign in with passkey. |  |
+| `password` | Sign in with password. |  |
+| `two_factor` | Sign in with a two factor provider. |  |
+| `two_factor_authenticator` | Sign in with two factor authenticator app. |  |
+| `two_factor_recovery_code` | Sign in with two factory recovery code. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.sign_in.check_password_attempts`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.sign_in.check_password_attempts` | Counter | `{attempt}` | The total number of check password attempts. Checks that the account is in a state that can log in and that the password is valid using the UserManager.CheckPasswordAsync method. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`aspnetcore.identity.sign_in.result`](/docs/registry/attributes/aspnetcore.md) | string | Whether the sign in result was success or failure. | `password`; `two_factor` | `Conditionally Required` if no exception was thrown. |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`aspnetcore.identity.sign_in.result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Sign in failed. |  |
+| `locked_out` | User is locked out. |  |
+| `not_allowed` | User is not allowed to sign in. |  |
+| `requires_two_factor` | User requires two factory authentication to sign in. |  |
+| `success` | Sign in was successful. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.sign_in.sign_ins`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.sign_in.sign_ins` | Counter | `{sign_in}` | The total number of calls to sign in user principals. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.authentication_scheme`](/docs/registry/attributes/aspnetcore.md) | string | The authentication scheme to sign in with. | `Identity.Application` | `Required` |  |
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`aspnetcore.sign_in.is_persistent`](/docs/registry/attributes/aspnetcore.md) | boolean | A flag indicating whether the sign in is persistent. | | `Conditionally Required` if no exception was thrown. |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.sign_in.sign_outs`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.sign_in.sign_outs` | Counter | `{sign_out}` | The total number of calls to sign out user principals. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.authentication_scheme`](/docs/registry/attributes/aspnetcore.md) | string | The authentication scheme to sign in with. | `Identity.Application` | `Required` |  |
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.sign_in.two_factor_clients_remembered`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.sign_in.two_factor_clients_remembered` | Counter | `{client}` | The total number of two factor clients remembered. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.authentication_scheme`](/docs/registry/attributes/aspnetcore.md) | string | The authentication scheme to sign in with. | `Identity.Application` | `Required` |  |
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
+### Metric: `aspnetcore.identity.sign_in.two_factor_clients_forgotten`
+
+
+
+
+
+
+
+
+| Name | Instrument Type | Unit (UCUM) | Description | Stability | Entity Associations |
+| -------- | --------------- | ----------- | -------------- | --------- | ------ |
+| `aspnetcore.identity.sign_in.two_factor_clients_forgotten` | Counter | `{client}` | The total number of two factor clients forgotten. [1] |  | |
+
+**[1]:** Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+
+| Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
+|---|---|---|---|---|---|
+| [`aspnetcore.authentication_scheme`](/docs/registry/attributes/aspnetcore.md) | string | The authentication scheme to sign in with. | `Identity.Application` | `Required` |  |
+| [`aspnetcore.identity.user_type`](/docs/registry/attributes/aspnetcore.md) | string | The full name of the identity user type. | `Contoso.ContosoUser` | `Required` |  |
+| [`error.type`](/docs/registry/attributes/error.md) | string | The full name of exception type. | `System.OperationCanceledException` | `Conditionally Required` if and only if an error has occurred. |  |
+
+---
+
+`error.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | A fallback error value to be used when the instrumentation doesn't define a custom value. |  |
+
+
+
+
+
+
[DocumentStatus]: https://opentelemetry.io/docs/specs/otel/document-status
diff --git a/docs/registry/attributes/aspnetcore.md b/docs/registry/attributes/aspnetcore.md
index 21f25784f..8a5f51941 100644
--- a/docs/registry/attributes/aspnetcore.md
+++ b/docs/registry/attributes/aspnetcore.md
@@ -9,13 +9,24 @@ ASP.NET Core attributes
| Attribute | Type | Description | Examples | Stability |
|---|---|---|---|---|
-| `aspnetcore.diagnostics.exception.result` | string | ASP.NET Core exception middleware handling result | `handled`; `unhandled` |  |
+| `aspnetcore.authentication_scheme` | string | The authentication scheme to sign in with. | `Identity.Application` |  |
+| `aspnetcore.diagnostics.exception.result` | string | ASP.NET Core exception middleware handling result. | `handled`; `unhandled` |  |
| `aspnetcore.diagnostics.handler.type` | string | Full type name of the [`IExceptionHandler`](https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.diagnostics.iexceptionhandler) implementation that handled the exception. | `Contoso.MyHandler` |  |
+| `aspnetcore.identity.error_code` | string | The error code for a failed identity operation. | `DefaultError`; `PasswordMismatch` |  |
+| `aspnetcore.identity.password_check_result` | string | The result from checking the password. | `success`; `failure` |  |
+| `aspnetcore.identity.result` | string | The result of the identity operation. | `success`; `failure` |  |
+| `aspnetcore.identity.sign_in.result` | string | Whether the sign in result was success or failure. | `password`; `two_factor` |  |
+| `aspnetcore.identity.sign_in.type` | string | The authentication type. | `password`; `two_factor` |  |
+| `aspnetcore.identity.token_purpose` | string | What the token will be used for. | `success`; `failure` |  |
+| `aspnetcore.identity.token_verified` | string | The result of token verification. | `success`; `failure` |  |
+| `aspnetcore.identity.user.update_type` | string | The user update type. | `update`; `user_name`; `reset_password` |  |
+| `aspnetcore.identity.user_type` | string | The full name of the identity user type. | `Contoso.ContosoUser` |  |
| `aspnetcore.rate_limiting.policy` | string | Rate limiting policy name. | `fixed`; `sliding`; `token` |  |
| `aspnetcore.rate_limiting.result` | string | Rate-limiting result, shows whether the lease was acquired or contains a rejection reason | `acquired`; `request_canceled` |  |
| `aspnetcore.request.is_unhandled` | boolean | Flag indicating if request was handled by the application pipeline. | `true` |  |
| `aspnetcore.routing.is_fallback` | boolean | A value that indicates whether the matched route is a fallback route. | `true` |  |
| `aspnetcore.routing.match_status` | string | Match result - success or failure | `success`; `failure` |  |
+| `aspnetcore.sign_in.is_persistent` | boolean | A flag indicating whether the sign in is persistent. | |  |
---
@@ -30,6 +41,114 @@ ASP.NET Core attributes
---
+`aspnetcore.identity.password_check_result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Password check failed. |  |
+| `password_missing` | Password check couldn't proceed because the password was missing from the user. |  |
+| `success` | Password check was successful. |  |
+| `success_rehash_needed` | Password check was successful however the password was encoded using a deprecated algorithm and should be rehashed and updated. |  |
+| `user_missing` | Password check couldn't proceed because the user was missing. |  |
+
+---
+
+`aspnetcore.identity.result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Identity operation failed. |  |
+| `success` | Identity operation was successful. |  |
+
+---
+
+`aspnetcore.identity.sign_in.result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Sign in failed. |  |
+| `locked_out` | User is locked out. |  |
+| `not_allowed` | User is not allowed to sign in. |  |
+| `requires_two_factor` | User requires two factory authentication to sign in. |  |
+| `success` | Sign in was successful. |  |
+
+---
+
+`aspnetcore.identity.sign_in.type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `external` | Sign in with a previously registered third-party login. |  |
+| `passkey` | Sign in with passkey. |  |
+| `password` | Sign in with password. |  |
+| `two_factor` | Sign in with a two factor provider. |  |
+| `two_factor_authenticator` | Sign in with two factor authenticator app. |  |
+| `two_factor_recovery_code` | Sign in with two factory recovery code. |  |
+
+---
+
+`aspnetcore.identity.token_purpose` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | Any token purpose that the instrumentation has no prior knowledge of. |  |
+| `change_email` | The token is for changing the user email address. |  |
+| `change_phone_number` | The token is for changing a user phone number. |  |
+| `email_confirmation` | The token is for confirming user email address. |  |
+| `reset_password` | The token is for resetting a user password. |  |
+| `two_factor` | The token is for changing user two factor settings. |  |
+
+---
+
+`aspnetcore.identity.token_verified` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `failure` | Token verification failed. |  |
+| `success` | Token verification was successful. |  |
+
+---
+
+`aspnetcore.identity.user.update_type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
+
+| Value | Description | Stability |
+|---|---|---|
+| `_OTHER` | Any update type that the instrumentation has no prior knowledge of. |  |
+| `access_failed` | Identity user access failure recorded. |  |
+| `add_claims` | Identity user claims added. |  |
+| `add_login` | Identity user login added. |  |
+| `add_password` | Identity user password added. |  |
+| `add_to_roles` | Identity user added to roles. |  |
+| `change_email` | Identity user email changed. |  |
+| `change_password` | Identity user password changed. |  |
+| `change_phone_number` | Identity user phone number changed. |  |
+| `confirm_email` | Identity user email confirmed. |  |
+| `generate_new_two_factor_recovery_codes` | Identity user new two-factor recovery codes generated. |  |
+| `password_rehash` | Identity user password rehashed. |  |
+| `redeem_two_factor_recovery_code` | Identity user two-factor recovery code redeemed. |  |
+| `remove_authentication_token` | Identity user authentication token removed. |  |
+| `remove_claims` | Identity user claims removed. |  |
+| `remove_from_roles` | Identity user removed from roles. |  |
+| `remove_login` | Identity user login removed. |  |
+| `remove_passkey` | Identity user passkey removed. |  |
+| `remove_password` | Identity user password removed. |  |
+| `replace_claim` | Identity user claim replaced. |  |
+| `reset_access_failed_count` | Identity user access failure count reset. |  |
+| `reset_authenticator_key` | Identity user authenticator key reset. |  |
+| `reset_password` | Identity user password reset. |  |
+| `security_stamp` | Identity user security stamp updated. |  |
+| `set_authentication_token` | Identity user authentication token set. |  |
+| `set_email` | Identity user email set. |  |
+| `set_lockout_enabled` | Identity user lockout enabled or disabled. |  |
+| `set_lockout_end_date` | Identity user lockout end date set. |  |
+| `set_passkey` | Identity user passkey set. |  |
+| `set_phone_number` | Identity user phone number set. |  |
+| `set_two_factor_enabled` | Identity user two-factor authentication enabled or disabled. |  |
+| `update` | Identity user updated. |  |
+| `user_name` | Identity user name updated. |  |
+
+---
+
`aspnetcore.rate_limiting.result` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.
| Value | Description | Stability |
diff --git a/model/aspnetcore/metrics.yaml b/model/aspnetcore/metrics.yaml
index d24b7ffc5..03b00e2e0 100644
--- a/model/aspnetcore/metrics.yaml
+++ b/model/aspnetcore/metrics.yaml
@@ -6,6 +6,12 @@ groups:
- ref: aspnetcore.rate_limiting.policy
requirement_level:
conditionally_required: if the matched endpoint for the request had a rate-limiting policy.
+ - id: aspnetcore.common.identity.metrics.attributes
+ type: attribute_group
+ brief: Common ASP.NET Core Identity metrics attributes
+ attributes:
+ - ref: aspnetcore.identity.user_type
+ requirement_level: required
# routing
- id: metric.aspnetcore.routing.match_attempts
@@ -48,6 +54,7 @@ groups:
brief: The full name of exception type.
examples: ['System.OperationCanceledException', 'Contoso.MyException']
requirement_level: required
+ note: ""
- ref: aspnetcore.diagnostics.handler.type
requirement_level:
conditionally_required: if and only if the exception was handled by this handler.
@@ -135,3 +142,310 @@ groups:
attributes:
- ref: aspnetcore.rate_limiting.result
requirement_level: required
+
+ # identity
+ - id: metric.aspnetcore.identity.user.create.duration
+ type: metric
+ metric_name: aspnetcore.identity.user.create.duration
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The duration of user creation operations.
+ instrument: histogram
+ unit: "s"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.identity.result
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: aspnetcore.identity.error_code
+ requirement_level:
+ conditionally_required: if an error was set on a failed identity result.
+ - ref: error.type
+ brief: The full name of exception type or the identity error code.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException', 'PasswordMismatch']
+ note: ""
+
+ - id: metric.aspnetcore.identity.user.update.duration
+ type: metric
+ metric_name: aspnetcore.identity.user.update.duration
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The duration of user update operations.
+ instrument: histogram
+ unit: "s"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.identity.user.update_type
+ requirement_level: required
+ - ref: aspnetcore.identity.result
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: aspnetcore.identity.error_code
+ requirement_level:
+ conditionally_required: if an error was set on a failed identity result.
+ - ref: error.type
+ brief: The full name of exception type or the identity error code.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException', 'PasswordMismatch']
+ note: ""
+
+ - id: metric.aspnetcore.identity.user.delete.duration
+ type: metric
+ metric_name: aspnetcore.identity.user.delete.duration
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The duration of user deletion operations.
+ instrument: histogram
+ unit: "s"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.identity.result
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: aspnetcore.identity.error_code
+ requirement_level:
+ conditionally_required: if an error was set on a failed identity result.
+ - ref: error.type
+ brief: The full name of exception type or the identity error code.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException', 'PasswordMismatch']
+ note: ""
+
+ - id: metric.aspnetcore.identity.user.check_password_attempts
+ type: metric
+ metric_name: aspnetcore.identity.user.check_password_attempts
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The number of check password attempts. Only checks whether the password is valid and not whether the user account is in a state that can log in.
+ instrument: counter
+ unit: "{attempt}"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.identity.password_check_result
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
+
+ - id: metric.aspnetcore.identity.user.verify_token_attempts
+ type: metric
+ metric_name: aspnetcore.identity.user.verify_token_attempts
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The total number of token verification attempts.
+ instrument: counter
+ unit: "{attempt}"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.identity.token_purpose
+ requirement_level: required
+ - ref: aspnetcore.identity.token_verified
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
+
+ - id: metric.aspnetcore.identity.user.generated_tokens
+ type: metric
+ metric_name: aspnetcore.identity.user.generated_tokens
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The total number of token generations.
+ instrument: counter
+ unit: "{count}"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.identity.token_purpose
+ requirement_level: required
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
+
+ - id: metric.aspnetcore.identity.sign_in.authenticate.duration
+ type: metric
+ metric_name: aspnetcore.identity.sign_in.authenticate.duration
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The duration of authenticate attempts. The authenticate metrics is recorded by sign in methods such as PasswordSignInAsync and TwoFactorSignInAsync.
+ instrument: histogram
+ unit: "s"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.authentication_scheme
+ requirement_level: required
+ - ref: aspnetcore.sign_in.is_persistent
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: aspnetcore.identity.sign_in.type
+ requirement_level: required
+ - ref: aspnetcore.identity.sign_in.result
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
+
+ - id: metric.aspnetcore.identity.sign_in.two_factor_clients_remembered
+ type: metric
+ metric_name: aspnetcore.identity.sign_in.two_factor_clients_remembered
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The total number of two factor clients remembered.
+ instrument: counter
+ unit: "{client}"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.authentication_scheme
+ requirement_level: required
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
+
+ - id: metric.aspnetcore.identity.sign_in.two_factor_clients_forgotten
+ type: metric
+ metric_name: aspnetcore.identity.sign_in.two_factor_clients_forgotten
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The total number of two factor clients forgotten.
+ instrument: counter
+ unit: "{client}"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.authentication_scheme
+ requirement_level: required
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
+
+ - id: metric.aspnetcore.identity.sign_in.check_password_attempts
+ type: metric
+ metric_name: aspnetcore.identity.sign_in.check_password_attempts
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The total number of check password attempts. Checks that the account is in a state that can log in and that the password is valid using the UserManager.CheckPasswordAsync method.
+ instrument: counter
+ unit: "{attempt}"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.identity.sign_in.result
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
+
+ - id: metric.aspnetcore.identity.sign_in.sign_ins
+ type: metric
+ metric_name: aspnetcore.identity.sign_in.sign_ins
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The total number of calls to sign in user principals.
+ instrument: counter
+ unit: "{sign_in}"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.authentication_scheme
+ requirement_level: required
+ - ref: aspnetcore.sign_in.is_persistent
+ requirement_level:
+ conditionally_required: if no exception was thrown.
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
+
+ - id: metric.aspnetcore.identity.sign_in.sign_outs
+ type: metric
+ metric_name: aspnetcore.identity.sign_in.sign_outs
+ annotations:
+ code_generation:
+ metric_value_type: int
+ stability: development
+ brief: The total number of calls to sign out user principals.
+ instrument: counter
+ unit: "{sign_out}"
+ note: |
+ Meter name: `Microsoft.AspNetCore.Identity`; Added in: ASP.NET Core 10.0
+ extends: aspnetcore.common.identity.metrics.attributes
+ attributes:
+ - ref: aspnetcore.authentication_scheme
+ requirement_level: required
+ - ref: error.type
+ brief: The full name of exception type.
+ requirement_level:
+ conditionally_required: if and only if an error has occurred.
+ examples: ['System.OperationCanceledException']
+ note: ""
diff --git a/model/aspnetcore/registry.yaml b/model/aspnetcore/registry.yaml
index 71677d598..aa97bed6f 100644
--- a/model/aspnetcore/registry.yaml
+++ b/model/aspnetcore/registry.yaml
@@ -81,5 +81,302 @@ groups:
brief: "Exception handling didn't run because the request was aborted."
stability: stable
stability: stable
- brief: ASP.NET Core exception middleware handling result
+ brief: ASP.NET Core exception middleware handling result.
examples: ["handled", "unhandled"]
+ - id: aspnetcore.identity.user_type
+ type: string
+ brief: The full name of the identity user type.
+ stability: development
+ examples: ["Contoso.ContosoUser"]
+ - id: aspnetcore.identity.result
+ type:
+ members:
+ - id: success
+ value: 'success'
+ brief: "Identity operation was successful."
+ stability: development
+ - id: failure
+ value: 'failure'
+ brief: "Identity operation failed."
+ stability: development
+ stability: development
+ brief: The result of the identity operation.
+ examples: ["success", "failure"]
+ - id: aspnetcore.identity.error_code
+ type: string
+ stability: development
+ brief: The error code for a failed identity operation.
+ examples: ["DefaultError", "PasswordMismatch"]
+ - id: aspnetcore.identity.user.update_type
+ type:
+ members:
+ - id: update
+ value: 'update'
+ brief: "Identity user updated."
+ stability: development
+ - id: user_name
+ value: 'user_name'
+ brief: "Identity user name updated."
+ stability: development
+ - id: add_password
+ value: 'add_password'
+ brief: "Identity user password added."
+ stability: development
+ - id: change_password
+ value: 'change_password'
+ brief: "Identity user password changed."
+ stability: development
+ - id: security_stamp
+ value: 'security_stamp'
+ brief: "Identity user security stamp updated."
+ stability: development
+ - id: reset_password
+ value: 'reset_password'
+ brief: "Identity user password reset."
+ stability: development
+ - id: remove_login
+ value: 'remove_login'
+ brief: "Identity user login removed."
+ stability: development
+ - id: add_login
+ value: 'add_login'
+ brief: "Identity user login added."
+ stability: development
+ - id: add_claims
+ value: 'add_claims'
+ brief: "Identity user claims added."
+ stability: development
+ - id: replace_claim
+ value: 'replace_claim'
+ brief: "Identity user claim replaced."
+ stability: development
+ - id: remove_claims
+ value: 'remove_claims'
+ brief: "Identity user claims removed."
+ stability: development
+ - id: add_to_roles
+ value: 'add_to_roles'
+ brief: "Identity user added to roles."
+ stability: development
+ - id: remove_from_roles
+ value: 'remove_from_roles'
+ brief: "Identity user removed from roles."
+ stability: development
+ - id: set_email
+ value: 'set_email'
+ brief: "Identity user email set."
+ stability: development
+ - id: confirm_email
+ value: 'confirm_email'
+ brief: "Identity user email confirmed."
+ stability: development
+ - id: password_rehash
+ value: 'password_rehash'
+ brief: "Identity user password rehashed."
+ stability: development
+ - id: remove_password
+ value: 'remove_password'
+ brief: "Identity user password removed."
+ stability: development
+ - id: change_email
+ value: 'change_email'
+ brief: "Identity user email changed."
+ stability: development
+ - id: set_phone_number
+ value: 'set_phone_number'
+ brief: "Identity user phone number set."
+ stability: development
+ - id: change_phone_number
+ value: 'change_phone_number'
+ brief: "Identity user phone number changed."
+ stability: development
+ - id: set_two_factor_enabled
+ value: 'set_two_factor_enabled'
+ brief: "Identity user two-factor authentication enabled or disabled."
+ stability: development
+ - id: set_lockout_enabled
+ value: 'set_lockout_enabled'
+ brief: "Identity user lockout enabled or disabled."
+ stability: development
+ - id: set_lockout_end_date
+ value: 'set_lockout_end_date'
+ brief: "Identity user lockout end date set."
+ stability: development
+ - id: access_failed
+ value: 'access_failed'
+ brief: "Identity user access failure recorded."
+ stability: development
+ - id: reset_access_failed_count
+ value: 'reset_access_failed_count'
+ brief: "Identity user access failure count reset."
+ stability: development
+ - id: set_authentication_token
+ value: 'set_authentication_token'
+ brief: "Identity user authentication token set."
+ stability: development
+ - id: remove_authentication_token
+ value: 'remove_authentication_token'
+ brief: "Identity user authentication token removed."
+ stability: development
+ - id: reset_authenticator_key
+ value: 'reset_authenticator_key'
+ brief: "Identity user authenticator key reset."
+ stability: development
+ - id: generate_new_two_factor_recovery_codes
+ value: 'generate_new_two_factor_recovery_codes'
+ brief: "Identity user new two-factor recovery codes generated."
+ stability: development
+ - id: redeem_two_factor_recovery_code
+ value: 'redeem_two_factor_recovery_code'
+ brief: "Identity user two-factor recovery code redeemed."
+ stability: development
+ - id: set_passkey
+ value: 'set_passkey'
+ brief: "Identity user passkey set."
+ stability: development
+ - id: remove_passkey
+ value: 'remove_passkey'
+ brief: "Identity user passkey removed."
+ stability: development
+ - id: other
+ value: '_OTHER'
+ brief: "Any update type that the instrumentation has no prior knowledge of."
+ stability: development
+ stability: development
+ brief: The user update type.
+ examples: ["update", "user_name", "reset_password"]
+ - id: aspnetcore.identity.password_check_result
+ type:
+ members:
+ - id: success
+ value: 'success'
+ brief: "Password check was successful."
+ stability: development
+ - id: success_rehash_needed
+ value: 'success_rehash_needed'
+ brief: "Password check was successful however the password was encoded using a deprecated algorithm and should be rehashed and updated."
+ stability: development
+ - id: failure
+ value: 'failure'
+ brief: "Password check failed."
+ stability: development
+ - id: password_missing
+ value: 'password_missing'
+ brief: "Password check couldn't proceed because the password was missing from the user."
+ stability: development
+ - id: user_missing
+ value: 'user_missing'
+ brief: "Password check couldn't proceed because the user was missing."
+ stability: development
+ stability: development
+ brief: The result from checking the password.
+ examples: ["success", "failure"]
+ - id: aspnetcore.identity.token_purpose
+ type:
+ members:
+ - id: reset_password
+ value: 'reset_password'
+ brief: "The token is for resetting a user password."
+ stability: development
+ - id: change_phone_number
+ value: 'change_phone_number'
+ brief: "The token is for changing a user phone number."
+ stability: development
+ - id: email_confirmation
+ value: 'email_confirmation'
+ brief: "The token is for confirming user email address."
+ stability: development
+ - id: change_email
+ value: 'change_email'
+ brief: "The token is for changing the user email address."
+ stability: development
+ - id: two_factor
+ value: 'two_factor'
+ brief: "The token is for changing user two factor settings."
+ stability: development
+ - id: other
+ value: '_OTHER'
+ brief: "Any token purpose that the instrumentation has no prior knowledge of."
+ stability: development
+ stability: development
+ brief: What the token will be used for.
+ examples: ["success", "failure"]
+ - id: aspnetcore.identity.token_verified
+ type:
+ members:
+ - id: success
+ value: 'success'
+ brief: "Token verification was successful."
+ stability: development
+ - id: failure
+ value: 'failure'
+ brief: "Token verification failed."
+ stability: development
+ stability: development
+ brief: The result of token verification.
+ examples: ["success", "failure"]
+ - id: aspnetcore.authentication_scheme
+ type: string
+ stability: development
+ brief: The authentication scheme to sign in with.
+ examples: ["Identity.Application"]
+ - id: aspnetcore.identity.sign_in.type
+ type:
+ members:
+ - id: password
+ value: 'password'
+ brief: "Sign in with password."
+ stability: development
+ - id: two_factor_recovery_code
+ value: 'two_factor_recovery_code'
+ brief: "Sign in with two factory recovery code."
+ stability: development
+ - id: two_factor_authenticator
+ value: 'two_factor_authenticator'
+ brief: "Sign in with two factor authenticator app."
+ stability: development
+ - id: two_factor
+ value: 'two_factor'
+ brief: "Sign in with a two factor provider."
+ stability: development
+ - id: external
+ value: 'external'
+ brief: "Sign in with a previously registered third-party login."
+ stability: development
+ - id: passkey
+ value: 'passkey'
+ brief: "Sign in with passkey."
+ stability: development
+ stability: development
+ brief: The authentication type.
+ examples: ["password", "two_factor"]
+ - id: aspnetcore.sign_in.is_persistent
+ type: boolean
+ stability: development
+ brief: A flag indicating whether the sign in is persistent.
+ - id: aspnetcore.identity.sign_in.result
+ type:
+ members:
+ - id: success
+ value: 'success'
+ brief: "Sign in was successful."
+ stability: development
+ - id: locked_out
+ value: 'locked_out'
+ brief: "User is locked out."
+ stability: development
+ - id: not_allowed
+ value: 'not_allowed'
+ brief: "User is not allowed to sign in."
+ stability: development
+ - id: requires_two_factor
+ value: 'requires_two_factor'
+ brief: "User requires two factory authentication to sign in."
+ stability: development
+ - id: failure
+ value: 'failure'
+ brief: "Sign in failed."
+ stability: development
+ stability: development
+ brief: Whether the sign in result was success or failure.
+ examples: ["password", "two_factor"]