AdminUI configuration can be set using environment variables, appsettings.json and in code, passing a settings object to the AddAdminUI() method. The structure of AdminUIs settings is defined in AdminUI Settings.
Configuration entry points
Configuring via Environment Variables
Environment variables may be set in many different ways depending on your deployment strategy, this could be via any cloud hosting platform, docker compose files, etc...
Note: Environments variables are nested with either __ (Linux environments) or : (Windows environments). E.g: DataProtection__Persistence__Type or DataProtection:Persistence:Type
Configuring via appsettings.json
Here is an example:
{
"UiUrl": "http://localhost:5000",
"AuthorityUrl": "https://localhost:5003",
"AzureAppServiceLogging": false,
"LoggingMinimumLevel": "Info",
"EFLoggingMinimumLevel": "Warning",
"DbProvider": "SqlServer",
"IdentityConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
"OpenIddictConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
"DataProtectionConnectionString": "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
"RequireHttpsMetadata": false,
"LicenseKey": "",
"PasswordPolicy": {
"RequireDigit": true,
"RequireLowercase": true,
"RequireNonAlphanumeric": true,
"RequireUppercase": true,
"RequiredLength": 6,
"RequiredUniqueChars": 1
},
"UsernamePolicy": {
"AllowedUserNameCharacters": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+",
"RequireUniqueEmail": false
},
"ReferenceTokens": {
"UseReferenceTokens": false,
"Secret": ""
},
"DisableBootstrap": false,
"ServeUi": true,
"FeatureFlags": {
"DefaultUserValidation": true,
"AddUserPassword": false,
"EnableEnforcerAuthorization": false,
},
"SupportedLanguages": [
"en",
"es",
"fr"
],
"CustomAccessPolicies": [
{ "Type": "birthdate", "Value": "19/02/1996", "Permission": "All" },
{ "Type": "middle_name", "Value": "Audit", "Permission": "Auditer" }
],
"WebhookConfig": {
"ClientId": "webhook-cli",
"ClientSecret": "",
"Webhooks": {
"MfaReset": {
"Url": "https://dosomething.com/mfa-reset",
"Scopes": "scope-mfa"
},
"PasswordReset": {
"Url": "https://dosomething.com/pass-reset",
"Scopes": "scope-pres"
},
"UserRegistration": {
"Url": "https://dosomething.com/usr-reg",
"Scopes": "scope-ur"
},
"ServerSideSessionDelete": {
"Url": "https://dosomething.com/server-side-session",
"Scopes": "scope-sss"
}
}
},
"CustomGrantTypes": [
"user-token-exchange",
"client-token-exchange"
],
"DataProtection": {
"Persistence": {
"Type": "Database",
"DbProvider": "SqlServer"
},
"Protection": {
"Type": "Certificate",
"CertificateType": "Thumbprint",
"Thumbprint": "c09fb8e928ef97fbd2a78be9bfe99341a2175af4"
}
}
}
Configuring in code
The AddAdminUI() extension method can be used to pass a settings object containing the configuration. Here is an example:
// Program.cs
var builder = WebApplication.CreateBuilder(args);
services.AddAdminUI(new OpenIddictAdminUISettings()
{
UiUrl = "http://localhost:5000",
AuthorityUrl = "https://localhost:5003",
DbProvider = "SqlServer",
IdentityConnectionString = "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
OpenIddictConnectionString = "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
...
});
or, like this if you wish to use a mix of dotnet configuration sources, and in code configuration:
// Program.cs
var builder = WebApplication.CreateBuilder(args);
services.AddAdminUI(new OpenIddictAdminUISettings(builder.Configuration)
{
UiUrl = "http://localhost:5000",
AuthorityUrl = "https://localhost:5003",
DbProvider = "SqlServer",
IdentityConnectionString = "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
OpenIddictConnectionString = "Server=localhost;User Id=AdminUI;Password=Password123!;Database=OpenIddictDb;",
...
});
Configuring KeyVault DataProtection
When using KeyVault data protection you only need to set the key identifier in the AdminUI settings as the intention is you would configure KeyVault access yourself making the certificates available to AdminUI thru IConfiguration. A simple way of doing this is provided with the Azure.Extensions.AspNetCore.Configuration.Secrets package which provides an extension method called AddAzureKeyVault.
This is why the ClientId, Vault, and Secret are not present in the AdminUI configuration model.
Here is an example of how to implement AddAzureKeyVault():
// Program.cs
var builder = WebApplication.CreateBuilder(args);
builder.Configuration.AddAzureKeyVault(new Uri("<Vault URI>"), new DefaultAzureCredential());
builder.Services.AddAdminUI();
var app = builder.Build();
app.UseAdminUI();
app.Run();
Overwriting DataProtection
AdminUI provides settings to configure Data Protection easily. However, there are scenarios where you may require more granular control. For example, suppose you store AdminUI Data Protection keys in a database. In that case, you might want to keep them in a separate table from OpenIddict's keys, using a custom table name, or even place them in a different schema. In such cases, you must override AdminUI's internal call to AddDataProtection().
Here is an example demonstrating how to customize the table schema in Program.cs:
// Program.cs
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddDbContext<AdminUIDataProtectionDbContext>();
builder.Services.AddAdminUI();
builder.Services.AddDataProtection()
.PersistKeysToDbContext<AdminUIDataProtectionDbContext>()
.ProtectKeysWithCertificate(
new X509Certificate2("certificate.pfx", "password")
);
var app = builder.Build();
app.UseAdminUI();
app.Run();
And the DbContext implementation:
public class AdminUIDataProtectionDbContext : DbContext, IDataProtectionKeyContext
{
public AdminUIDataProtectionDbContext(DbContextOptions<AdminUIDataProtectionDbContext> options) : base(options){}
public DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
protected override void OnModelCreating(ModelBuilder builder)
{
base.OnModelCreating(builder);
builder.Entity<DataProtectionKey>().ToTable("DataProtectionKey", "myschema");
}
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
optionsBuilder.UseSqlServer("<connection-string>");
}
}
Notice that in the Program.cs file, AddDataProtection() comes after AddAdminUI() to overwrite the internal method. Also, remember that you must create your migrations for this new DbContext.
Logging settings
Logging settings are still obtained from the environment so must be set via an appsettings.json file, or as environment variables.
Using Custom Database Connections
AdminUI uses a factory abstraction for creating database connections. You can replace the default implementation by providing a custom database connection factory. This will allow you to create connections according to your own needs.
Running AdminUI from a domain path
To run AdminUI from a specific domain path, you must include the AdminUiPath property in the csproj file, specifying the path where AdminUI will be hosted.
For instance, if the AdminUI web address is 'https://generalweb/myadminui', your csproj file should contain this:
<PropertyGroup>
<AdminUiPath>/myadminui/</AdminUiPath>
</PropertyGroup>
It is important to add the slashes at the beginning and end of the property value, as in the example.
Excluding packaged UI files
If you have disabled the UI in AdminUI and wish to also not include the static web files in the project you are using AdminUI in you can also configure the build to exclude them. This can be done with a build property in the .csproj file for you project. Here is an example to show how. If this setting is 'exclude' the static ui files are not included, else static ui files are included.
<PropertyGroup>
<DefaultUi>exclude</DefaultUi>
</PropertyGroup>