Versions Compared

Version Old Version 11 New Version Current
Changes made by

Thomas Erdösi

Frank Hoogen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If required, additional configuration files can be specified in the command line via the argument "settings=...", "-settings=...", "--settings=..." or "/settings=...". This will check if the specified configuration file exists and will print an error message if necessary. This check can be disabled by appending a question mark to the file name. Thus also optional configuration files can be specified in the command line.

...

If multiple configurations are available, they are applied in the following order:

  1. Default configuration (appsettings.Default.json)

  2. Environment-specific configuration (appsettings.{environment}.json)

  3. Installation-specific configuration (appsettings.json)

  4. Explicit configuration

  5. Override via environment variables

  6. Override via command line

Structure of the configuration file

...

Property

Type

Function

Uri

String

This property contains the URI of the desired endpoint. Schema and host are mandatory, the specification of a port is optional. If no port is specified, the respective default ports (80 for HTTP and 443 for HTTPS) are used. If no IP address is specified as the host, the specified name is converted to an IP address using DNS lookup. The IP addresses 0.0.0.0 or * represent all available IP addresses of the server.

Certificate

JSON object

This property was used in previous versions to specify the server certificate when using HTTPS. For more information on the specification of the certificates to use, see below.

This property is only supported for compatibility reasons. Please use the ServerCertificates property to specify the server certificate, which also supports the use of multiple server certificates.

ClientCertificates

JSON object

This property is only taken into account when using HTTPS and allows authentication at connection level using client certificates (mutual TLS authentication / mTLS). A detailed description can be found in a separate section below.

ServerCertificates

JSON object

This property is only required when using HTTPS and is used to specify the server certificates to use. A detailed description can be found in a separate section below.

HttpProtocols

JSON array

This property specifies the HTTP protocols supported by the endpoint. The following values (as strings) are allowed here:

http1
Support for HTTP/1.

http2
Support for HTTP/2.

If this property is not specified, HTTP/1 and HTTP/2 are supported. Support for HTTP/3 is not yet stable in the current version of the .NET Framework, so it is not offered at the moment.

SslProtocols

JSON array

This property specifies the SSL protocols supported by the endpoint when using HTTPS. The following values (as strings) are allowed here:

tls1.0
Support for TLS 1.0.

tls1.1
Support for TLS 1.1.

tls1.2
Support for TLS 1.2.

tls1.3
Support for TLS 1.3.

If this property is not specified, TLS 1.2 and TLS 1.3 are supported. Support for TLS 1.0 and TLS 1.1 is provided for compatibility reasons, but these deprecated protocols are no longer considered secure.

HandshakeTimeout

Integer

This property defines the maximum duration of the SSL handshake in seconds before it is aborted with a timeout on the server side.

The ClientCertificates section (JSON Object)

...

a timeout on the server side.

The ClientCertificates section (JSON Object)

This configuration section defines the handling of client certificates. If no client certificates are to be used, the entire section can be omitted. Currently, the following properties are supported:

Property

Type

Function

Mode

String

Defines the behavior when establishing a connection. The value "allowed" allows client certificates but does not explicitly request them from the other side, the value "required" explicitly requests a client certificate from the other side.

Authentication

JSON object

Defines the authentication behavior at the application level (not at the connection level). This object has only one property of type boolean with the name "Enabled". If this is set to true, the name in the certificate (subject name) automatically specifies the current user. Provided that the certificate has been successfully validated, no further input of a user name or password is required for logging in. If the client certificates come from a public certification authority, the subject name should also be checked in addition to the general validity check (via SubjectRegex) in order to block foreign client certificates at the connection level.

Validation

JSON object

This property defines the validation behavior for client certificates. It should be noted here that the validation functions of the underlying operating system are only extended by these settings. Validation is therefore initially performed by the operating system on the basis of the certificates stored there. If this validation is not successful, additional certificates can be included in the validation. Filter settings can be used to exclude certificates that are actually valid. Furthermore, an explicit check of the revocation lists can be performed, which is usually not carried out by the operating system for performance reasons. The following properties can be configured here:

CheckRevokation
A boolean value that specifies whether to check the revocation lists to reject revoked certificates.

Filters → SubjectRegex
A regular expression that can be used to define additional filtering by Subject Name.

IntermediateCertificates
An array of certificates from intermediate certificate authorities which are included in the validation if the validation by the operating system was not successful. This allows intermediate certificate authorities to be included without having to store them in the certificate store of the operating system. More information on the specification of the certificates to be used can be found below.

TrustedClientCertificates
An array of client certificates which are considered valid without further checks. More information about the specification of the certificates to be used can be found below.

TrustedRootCertificates
An array with certificates from root certification authorities which are included in the validation if the validation by the operating system was not successful. This allows root certificate authorities to be included without having to store them in the certificate store of the operating system. More information on the specification of the certificates to be used can be found below.

The ServerCertificates section (JSON Object)

...

Property

Type

Function

Enabled

Boolean

This option enables or disables partial encryption for objects stored as JSON. If this option is not specified, encryption of important informations (e.g. passwords) is disabled.

Key

String

This value is included in the generation of the key so that only passwords can be decrypted only from Connect Servers where the same value is stored. If this value is not defined or empty, a default key stored in the application is used. Please note that after changing this key, all encrypted informations must be re-entered.

Additional sections

Additional sections are supported for special scenarios The following table lists these sections along with a linke to the corresponding documentation.

Section

Documentation

Identity.AzureAd

Notes for authentication using Azure Active Directory (Connect 2022)

Example

Code Block
languagejson
...

  "Security": {
    "IpFiltering": {
      "Enabled": false,
      "Blacklist": [
      ],
      "Whitelist": [
        "::1",
        "127.0.0.1",
        "192.168.0.0/16"
      ]
    },
    "JsonEncryption": {
      "Enabled": true,
      "Key": "MySecretKey!"
    }
  },

...

...

Property

Type

Function

Id

String

Contains a unique ID to identify the workspace.

DataSource

JSON object

Contains the information for connecting to the database with users, runtime information and, depending on the configuration, the Connect objects. This object supports the following properties:

Name
Contains the ID of the workspace. This value does not normally need to be specified and is automatically pre-populated.

DbType
Defines the type of database used. Currently the values "SqLite", "SqlServer", “PostgreSql” and "SqlServerMySql" are supported here. Support for "MySql" is planned.

ConnectionString
The connection string used to connect to the database. When using SQLite, this property can be omitted.

RetentionPeriods
This JSON object defines the retention times for specific data types. It contains the following attributes:

OpenContexts
Retention period for uncompleted transactions in days.

CompletedContexts
Retention period for completed transactions in days.

ConnectObjects

JSON object

Defines the behavior when accessing Connect objects. This object supports the following properties:

Provider
Defines the provider used for accessing Connect objects. The values "Database" (storage in the database) and "FileSystem" (storage in the file system) are supported here.

RootPath
If the "FileSystem" provider is used, the root directory for storing the connect objects must be defined here. If an SQLite database is used without specifying a connection string, this path also defines the directory in which the database files are stored.

DbLogging

JSON object

Additional options for logging database access can be defined here. This object supports the following properties:

LogLevel
The desired level of detail for database-specific log output. The values "Trace", "Debug", "Information", "Warning" and "Error" are supported. If this property is not specified, the default value "Error" is used.

EnableSensitiveDataLogging
If this value is set to "true", field contents are also output during logging, otherwise they are always suppressed.

EnableDetailedErrors
If this value is set to "true", detailed error messages from the database are output during logging.

...