AdminUI configuration can be set using environment variables, appsettings.json and in code, passing a settings object to the AddAdminUI() method. The structure of AdminUIs settings is defined in AdminUI Settings.
Configuration entry points
Configuring via Environment Variables
Environment variables may be set in many different ways depending on your deployment strategy, this could be via any cloud hosting platform, docker compose files, etc...
Note: Environments variables are nested with either __ (Linux environments) or : (Windows environments). E.g: DataProtection__Persistence__Type or DataProtection:Persistence:Type
Configuring via appsettings.json
Here is an example:
{
"UiUrl": "http://localhost:5000",
"AuthorityUrl": "https://localhost:5003",
"AzureAppServiceLogging": false,
"LoggingMinimumLevel": "Info",
"EFLoggingMinimumLevel": "Warning",
"DbProvider": "SqlServer",
"IdentityConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
"OpenIddictConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
"DataProtectionConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
"RequireHttpsMetadata": false,
"LicenseKey": "",
"PasswordPolicy": {
"RequireDigit": true,
"RequireLowercase": true,
"RequireNonAlphanumeric": true,
"RequireUppercase": true,
"RequiredLength": 6,
"RequiredUniqueChars": 1
},
"UsernamePolicy": {
"AllowedUserNameCharacters": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+",
"RequireUniqueEmail": false
},
"ReferenceTokens": {
"UseReferenceTokens": false,
"Secret": ""
},
"DisableBootstrap": false,
"ServeUi": true,
"FeatureFlags": {
"DefaultUserValidation": true,
"AddUserPassword": false,
"EnableEnforcerAuthorization": false,
},
"SupportedLanguages": [
"en",
"es",
"fr"
],
"CustomAccessPolicies": [
{ "Type": "birthdate", "Value": "19/02/1996", "Permission": "All" },
{ "Type": "middle_name", "Value": "Audit", "Permission": "Auditer" }
],
"WebhookConfig": {
"ClientId": "webhook-cli",
"ClientSecret": "",
"Webhooks": {
"MfaReset": {
"Url": "https://dosomething.com/mfa-reset",
"Scopes": "scope-mfa"
},
"PasswordReset": {
"Url": "https://dosomething.com/pass-reset",
"Scopes": "scope-pres"
},
"UserRegistration": {
"Url": "https://dosomething.com/usr-reg",
"Scopes": "scope-ur"
},
"ServerSideSessionDelete": {
"Url": "https://dosomething.com/server-side-session",
"Scopes": "scope-sss"
}
}
},
"CustomGrantTypes": [
"user-token-exchange",
"client-token-exchange"
],
"DataProtection": {
"Persistence": {
"Type": "Database",
"DbProvider": "SqlServer",
"DataProtectionConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=IdentityExpressDb;"
},
"Protection": {
"Type": "Certificate",
"CertificateType": "Thumbprint",
"Thumbprint": "c09fb8e928ef97fbd2a78be9bfe99341a2175af4"
}
}
}
Configuring in code
The AddAdminUI() extension method can be used to pass a settings object containing the configuration. Here is an example:
services.AddAdminUI(new OpenIddictAdminUISettings()
{
UiUrl = "http://localhost:5000",
AuthorityUrl = "https://localhost:5003",
DbProvider = "SqlServer",
IdentityConnectionString = "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
OpenIddictConnectionString = "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
...
});
Configuring KeyVault DataProtection
When using KeyVault data protection you only need to set the key identifier in the AdminUI settings as the intention is you would configure KeyVault access yourself making the certificates available to AdminUI thru IConfiguration. A simple way of doing this is provided with the Azure.Extensions.AspNetCore.Configuration.Secrets package which provides an extension method called AddAzureKeyVault.
This is why the ClientId, Vault, and Secret are not present in the AdminUI configuration model.
Logging settings
Logging settings are still obtained from the environment so must be set via an appsettings.json file, or as environment variables.
Using Custom Database Connections
AdminUI uses a factory abstraction for creating database connections. You can replace the default implementation by providing a custom database connection factory. This will allow you to create connections according to your own needs.
Running AdminUI from a domain path
To run AdminUI from a specific domain path, you must include the AdminUiPath property in the csproj file, specifying the path where AdminUI will be hosted.
For instance, if the AdminUI web address is 'https://generalweb/myadminui', your csproj file should contain this:
<PropertyGroup>
<AdminUiPath>/myadminui/</AdminUiPath>
</PropertyGroup>
It is important to add the slashes at the beginning and end of the property value, as in the example.
Excluding packaged UI files
If you have disabled the UI in AdminUI and wish to also not include the static web files in the project you are using AdminUI in you can also configure the build to exclude them. This can be done with a build property in the .csproj file for you project. Here is an example to show how. If this setting is 'exclude' the static ui files are not included, else static ui files are included.
<PropertyGroup>
<DefaultUi>exclude</DefaultUi>
</PropertyGroup>