This documentation provides a comprehensive overview of each configuration setting within the appsettings.json file required for the license activation and management API. Users are guided on how to customize these settings based on their application's specific needs and the best practices for secure and efficient operation.
The ConnectionStrings section is crucial for defining the database connection details. The application requires a valid connection string to interact with the database where license information is stored.
Note: Ensure that TrustServerCertificate is set to True only if you understand the security implications, especially in development environments. In production, it is advisable to have a properly configured SSL certificate and set this option to False.
Configuring logging correctly is vital for monitoring the API's health and debugging issues. This section allows you to specify the verbosity of logs and how log files should be rotated to manage disk space efficiently.
Trace, Debug, Information, Warning, Error, and Critical.MaxLogFileSizeBytes defines the maximum size a log file can reach before being rotated, and MaxLogAgeDays specifies the maximum age of a log file before it is archived or deleted.| Configuration | Setting | Value | Description |
|---|---|---|---|
| LogLevel | Default | Information | The default logging level capturing informational, warning, and error messages. |
| LogLevel | Microsoft.AspNetCore | Warning | Overrides the default level for Microsoft.AspNetCore, capturing only warnings and errors. |
| LogRotation | MaxLogFileSizeBytes | 10485760 (10 MB) | The maximum size a log file can reach before a new file is created. |
| LogRotation | MaxLogAgeDays | 7 | The maximum age in days before a log file is deleted or archived. |
IP rate limiting is a critical feature for protecting your API from excessive use or denial-of-service attacks. This section allows you to define rules that limit the number of requests from a single IP address over a set period.
| Configuration | Setting | Value | Description |
|---|---|---|---|
| General | EnableEndpointRateLimiting | true | Enables rate limiting on a per-endpoint basis, in addition to any global rate limits. |
| General | StackBlockedRequests | false | When false, blocked requests are not counted towards the client's limit. |
| GeneralRules | Endpoint: "*", Period: "1m" | Limit: 10 | Allows up to 10 requests per minute for all endpoints. |
| GeneralRules | Endpoint: "*", Period: "1h" | Limit: 500 | Allows up to 500 requests per hour for all endpoints. |
This table outlines the IP Rate Limiting configuration options within the IpRateLimiting section, detailing how to manage request traffic and prevent abuse by enforcing limits on the number of requests.
Adjust these settings based on your application's expected traffic and security considerations.
JSON Web Token (JWT) configuration is essential for securing your API. These settings determine how tokens are generated, validated, and expired.
ExpiryTerms is 'H' and Expiration is 24, tokens expire after 24 hours.| Setting | Description | Example Value |
|---|---|---|
| Secret | The secret key used for signing JWT tokens. It should be a long, complex string to ensure security. | YourVeryLongSecretKeyHere |
| ExpiryTerms | Defines the unit of time for token expiration. Options include "H" for hours, "D" for days, "M" for months, and "Y" for years. | H |
| Expiration | The numeric value that, when combined with ExpiryTerms, defines the duration before the token expires. | 24 |
| Issuer | Identifies the issuer of the token. Typically, this is your application or organization. | MyApplication |
| Audience | Specifies the intended recipients of the token, usually the clients or services authorized to use it. | MyClients |
This table provides detailed information about the JWT configuration settings within the JwtConfig section, guiding users on how to secure their API through proper token management.
It's important to choose an expiration that balances security with user convenience.
This section is similar to the JWT configuration but is specifically for additional security tokens that might be used by the application.
JwtConfig section, allowing for the separate configuration of different types of tokens that the application may use for various purposes.| Setting | Description | Example Value |
|---|---|---|
| Secret | The secret key used for signing security tokens. This key should be kept secure and be sufficiently complex. | AnotherVeryLongSecretKeyHere |
| ExpiryTerms | Specifies the unit of time for token expiration. Valid options are "H" (Hours), "D" (Days), "M" (Months), and "Y" (Years). | D |
| Expiration | The duration before the token expires, which is interpreted according to the ExpiryTerms setting. | 7 |
| Issuer | The entity issuing the token, usually representing your application or service. | MyApplication |
| Audience | Intended recipients of the token, indicating who is authorized to use it. | MyClients |
This table details the configuration settings available within the SecurityTokens section, highlighting how to properly configure security token properties for authentication and authorization purposes.
Adjust the Secret, ExpiryTerms, and Expiration based on the specific security requirements and usage scenarios of these tokens.
This table details the configuration settings available within the LicensePrefixes section, highlighting how to properly configure this section. The prefixes MUST match the ones you specify in License Activation Manager and License Activation Server.
| Setting | Description | Example Value |
|---|---|---|
| Network | Network license prefix set for dynamic serial keys (3 characters maximum). | NET |
| SingleUser | Single user license prefix set for dynamic serial keys (3 characters maximum). | SGL |
| DomainKey | Domain key prefix set for dynamic domain keys (3 characters maximum). | DKY |
| TokenLicense | Token License key prefix set for dynamic domain keys (3 characters maximum). | TOK |
Below is a summary of the configuration for quick reference:
| Title | Configuration | Setting | Value | Description |
|---|---|---|---|---|
| Database | ConnectionStrings | DefaultConnection | Server=\\SQLEXPRESS;Database=activate;Integrated Security=True;TrustServerCertificate=True | Defines the database connection string. |
| Logging Level | Logging | LogLevel.Default | Information | Default level for logging the information. |
| Logging Level for ASP.NET Core | Logging | LogLevel.Microsoft.AspNetCore | Warning | Sets logging level for Microsoft.AspNetCore. |
| Log File Rotation Size | Logging | LogRotation.MaxLogFileSizeBytes | 10485760 (10 MB) | Maximum size in bytes before log rotation. |
| Log File Rotation Age | Logging | LogRotation.MaxLogAgeDays | 7 | Maximum age in days before log file is rotated. |
| Log File Path | - | myLogFile | logs/app.log | Path to the application's log file. |
| Allowed Hosts | - | AllowedHosts | * | Specifies the hosts allowed to access the API. |
| API Key | - | ApiKey | F7420595-1080-48DB-B042-3E7CB395C1DE | API key used for authentication. |
| IP Rate Limiting | IpRateLimiting | EnableEndpointRateLimiting | true | Enables rate limiting on specific endpoints. |
| IP Rate Limiting | IpRateLimiting | StackBlockedRequests | false | When false, blocked requests don’t count towards the limit. |
| IP Rate Limiting General Rule | IpRateLimiting | GeneralRules[*].Limit | 10 requests/min | Allow up to 10 requests per IP per minute. |
| JWT Secret Key | JwtConfig | Secret | YourVeryLongSecretKeyHereAtLeast32CharactersLong | The secret key used for signing JWT tokens (minimum 32 characters long!). |
| JWT Expiry | JwtConfig | ExpiryTerms | H | Token expiration terms, H for hours. |
| JWT Expiration Time | JwtConfig | Expiration | 24 | The token expires after 24 hours. |
| JWT Issuer | JwtConfig | Issuer | MyApplication | Identifies the issuer of the JWT. |
| JWT Audience | JwtConfig | Audience | MyClients | Specifies the intended recipients of the JWT. |
| Security Tokens Secret Key | SecurityTokens | Secret | YourVeryLongSecretKeyHereAtLeast32CharactersLong | The secret key used for signing additional security tokens (minimum 32 characters long!). |
| Security Tokens Expiry | SecurityTokens | ExpiryTerms | H | Expiration terms for security tokens, H for hours. |
| Security Tokens Expiration Time | SecurityTokens | Expiration | 24 | Security tokens expire after 24 hours. |
| Security Tokens Issuer | SecurityTokens | Issuer | MyApplication | The entity issuing the security tokens. |
| Security Tokens Audience | SecurityTokens | Audience | MyClients | Identifies the intended recipients of the security tokens. |
| Network | LicensePrefixes | - | NET | Network license dynamic keys 3-letter prefix identifier. |
| SingleUser | LicensePrefixes | - | SGL | Single user license dynamic keys 3-letter prefix identifier. |
| DomainKey | LicensePrefixes | - | DKY | Domain key dynamic keys 3-letter prefix identifier. |
| TokenLicense | LicensePrefixes | - | TOK | Token License key dynamic keys 3-letter prefix identifier. |
| API Welcome Message | ApiInfo | WelcomeMessage | This page is reserved to the License Activation API. | This welcome message appears on the root URL of the API. |