AdminUI configuration is set using environment variables. These can be setup in different forms, including a web.config file, a docker-compose.yml file or Azure appsettings.
Note: In Azure or IIS environments variables are nested with either __ (Linux environments) or : (Windows environments). E.g: DataProtection:Persistence:Type
Running AdminUI On a Different Port
If you need to configure the ports the UI or API you can add the following section to your appsettings.json files:
"Kestrel": {
"Endpoints": {
"Http": {
//Your new Url Here
"Url": "http://localhost:5020"
}
}
}
If you would like to see all possible config options for the Kestrel property you can find them here.
AdminUI Configuration Settings (UI)
Note: In AdminUI 4.2.0 and 5.1.0 onwards, the env.js file is no longer used for configuration and changes do not need to be made to this file. It can be removed if you choose.
AuthorityUrlThe IdentityServer installation protecting AdminUIApiUrlThe AdminUI backend websiteUiUrlThe AdminUI frontend websiteAzureAppServiceLogging (optional)Used for debugging the UI - see the enable logging page for more details.AdminUIClientSecretThe AdminUI client shared secret value in plain textDataProtectionUsed for configuration of Cookie protection and peristence.Persistence- The type of persistence can be FileSystem or Database, these require different setup as shown belowType- FileSystemLocation- Location to persist keys- OR
Type- DatabaseDbProviderSupported types and their values are:SqlServerMySql(Note: AdminUI requires the MySQL settinglower_case_table_namesto befalse)PostgreSql
DataProtectionConnectionString- The connection string for the data protection database
ProtectionThe certficate or keyvault that will protect the cookies. The two available types are KeyVault and Certifcate. A Certificate can be provided by location or by thumbprint.Type- KeyVaultKeyIdentifier- The Azure KeyVault certificate identifier used for key encryption.ClientId- The Application Client IdVault- The KeyVault public UriSecret- (Optional) The client secret to use for authentication. Optional valid only for Azure hosted scenarios- OR
Type- Certificate (To protect with certificate you can provide either a thumbprint or a location)CertificateType- ThumbprintThumbprint- The thumbprint of the certficate that is installed either for the user or the machine.- OR
CertificateType- FileLocation- The location on disk of the certificatePassword(Optional) - The password for the certificate
Filesystem data protection and persistence is intended for IIS installations - we recommend a using the KeyVault method for protection alongside a database for persistence and protection when installing AdminUI in Azure.
AdminUI Configuration Settings (API)
DbProviderSupported types and their values are:SqlServerMySql(Note: AdminUI requires the MySQL settinglower_case_table_namesto befalse)PostgreSql
IdentityConnectionStringThe connection string for the Identity database (Users, Claim Types, Roles etc.)IdentityServerConnectionStringThe connection string for the IdentityServer database (Clients, Resources, Persited Grants etc.)OperationalConnectionString(Optional) The connection string for the Presisted Grants DbContext. If not supplied, AdminUI will use theIdentityServerConnectionStringDataProtectionConnectionString(Optional) The connection string for the DataProtectionKey DbContext. If not supplied, AdminUI will use theIdentityServerConnectionString. Only needs configuring if you are using a database to store protection keys in the UI.AuthorityUrlThe IdentityServer installation protecting the APIUiUrlThe AdminUI frontendRequireHttpsMetadataWhentrueensures IdentityServer discovery endpoint uses TLS. Should be true for productionLicenseKeyA valid license key for AdminUIAdminUIClientSecretThe AdminUI client shared secret value in plain textTargetIdentityServer4If set to true, AdminUI will target IdentityServer4 schema. If set to false, AdminUI will target Duende IdentityServer schema. Defaults to false.PasswordPolicy:RequireDigitDefaults totruePasswordPolicy:RequireLowercaseDefaults totruePasswordPolicy:RequireNonAlphanumericDefaults totruePasswordPolicy:RequireUppercaseDefaults totruePasswordPolicy:RequiredLengthDefaults to6PasswordPolicy:RequiredUniqueCharsDefaults to1UsernamePolicy:AllowedUserNameCharactersDefaults toabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+UsernamePolicy:RequireUniqueEmailDefaults totrueAuditRecordsConnectionStringThe database connection string for AdminUI audits, if missing will default to theIdentityServerConnectionString-
AuditRecordsCultureLanguage used for generation of audit records, if missing or invalid will default to Englishen-GB.Supported languages are: -
deGerman -zh-TWChinese (Traditional) -zh-CNChinese (Simplified) -esSpanish -frFrench -AuditReadActionsDefaults totrue. Iffalse, no audit records will be generated for read actions (e.g when a user views resources though AdminUI) -
LoggingMinimumLevelDefaults toinfo. Supported logging levels aredebuginfowarningerrorcritical
LoggingOutputTemplateDefaults to[{Timestamp:dd-MM-yyyy HH:mm:ss} {Level}] {Message}{NewLine}{Exception}. For more infomation see the serilog docs.AddUserPasswordDefaults tofalse. Iftrue, allows for setting a users password on creation (this is for demo purposes only, do not use in production), see more hereAzureAppServiceLogging (optional)Used for debugging the API - see the enable logging page for more details.
TargetIdentityServer4 Flag
The TargetIdentityServer4 flag in the API Configuration is used to determine what version of IdentityServer you want your AdminUI to target. If you're working with an IdentityServer4 database, you'll want to set this flag to true. If you're working with a Duende IdentityServer database, you'll want to set this flag to false.
This configuration setting will change how AdminUI displays certain entities such as Protected Resources, as well as if it will display certain views.
This setting will also change what migrations will be run by the migration tool.
Example Configurations
If you would like to see example web.config configurations you can find them here
UI appsettings.json:
{
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*",
"AuthorityUrl": "https://localhost:5003",
"UiUrl": "http://localhost:5000",
"ApiUrl": "http://localhost:5001",
"AdminUIClientSecret": "Dev",
"DataProtection": {
"Persistence": {
"Type": "Database",
"DbProvider": "SqlServer",
"DataProtectionConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=IdentityExpressDb;"
},
"Protection": {
"Type": "Certificate",
"CertificateType": "Thumbprint",
"Thumbprint": "c09fb8e928ef97fbd2a78be9bfe99341a2175af4"
}
}
}
API appsettings.json:
{
"LoggingMinimumLevel": "Info",
"DbProvider": "SqlServer",
"IdentityConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=IdentityExpressDb;",
"IdentityServerConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=IdentityExpressDb;",
"AuditRecordsConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=IdentityExpressDb;",
"DataProtectionConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=IdentityExpressDb;",
"AuthorityUrl": "https://localhost:5003",
"UiUrl": "http://localhost:5000",
"RequireHttpsMetadata": false,
"LicenseKey": "",
"CER_FULL_PATH": "./Data/gateway.cer",
"RegistrationConfirmationEndpoint": "https://localhost:44379/api/confirmation",
"ClientId": "PasswordReset",
"ClientSecret": "password",
"PasswordResetEndpoint": "https://localhost:44379/api/passwordreset",
"PasswordPolicy": {
"RequireDigit": true,
"RequireLowercase": true,
"RequireNonAlphanumeric": true,
"RequireUppercase": true,
"RequiredLength": 6,
"RequiredUniqueChars": 1
},
"UsernamePolicy": {
"UseReferenceTokens": false,
"Secret": "password"
},
"AdminUIClientSecret": "Dev"
}