Overview The appsettings.json file is the central configuration file for AndanDo. It contains all application settings including database connection strings, JWT authentication, email configuration, PayPal integration, and logging settings.
The configuration file is located at the root of the AndanDo project: ~/AndanDo/appsettings.json
Configuration Structure The appsettings.json file is divided into several main sections:
{ "Logging" : { "LogLevel" : { "Default" : "Information" , "Microsoft.AspNetCore" : "Warning" } }, "AllowedHosts" : "*" , "ConnectionStrings" : { "DefaultConnection" : "Server=your-server;Database=AndandoDB;User Id=your-user;Password=your-password;TrustServerCertificate=true;" }, "Jwt" : { "Issuer" : "AndanDo" , "Audience" : "AndanDo" , "SecretKey" : "your-secret-key-min-32-characters" , "ExpirationMinutes" : 120 }, "Smtp" : { "Host" : "smtp.gmail.com" , "Port" : 587 , "UseSsl" : false , "UseStartTls" : true , "User" : "[email protected] " , "Password" : "your-app-password" , "FromEmail" : "[email protected] " , "FromName" : "AndanDO" }, "PayPal" : { "Mode" : "sandbox" , "ClientId" : "your-paypal-client-id" , "ClientSecret" : "your-paypal-client-secret" , "BaseUrl" : "https://api-m.sandbox.paypal.com" } }
Configuration Sections Logging Controls application logging behavior using ASP.NET Core’s built-in logging framework.
"Logging" : { "LogLevel" : { "Default" : "Information" , "Microsoft.AspNetCore" : "Warning" } }
Property Description Values DefaultDefault log level for all categories Trace, Debug, Information, Warning, Error, Critical, NoneMicrosoft.AspNetCoreLog level for ASP.NET Core framework messages Same as above
In production, set Default to Warning or Error to reduce log noise and improve performance.
AllowedHosts Specifies which hosts are allowed to access the application.
Using "*" allows all hosts. In production, specify exact domains: "AllowedHosts" : "andando.com;www.andando.com"
ConnectionStrings Defines database connection strings. See Database Configuration for detailed information.
"ConnectionStrings" : { "DefaultConnection" : "Server=localhost;Database=AndandoDB;..." }
JWT Configuration Configures JWT token generation for API authentication. See JWT Configuration for detailed information.
"Jwt" : { "Issuer" : "AndanDo" , "Audience" : "AndanDo" , "SecretKey" : "your-secret-key" , "ExpirationMinutes" : 120 }
SMTP Configuration Configures email sending via SMTP. See Email Configuration for detailed information.
"Smtp" : { "Host" : "smtp.gmail.com" , "Port" : 587 , "UseSsl" : false , "UseStartTls" : true , "User" : "[email protected] " , "Password" : "your-password" , "FromEmail" : "[email protected] " , "FromName" : "AndanDO" }
PayPal Configuration Configures PayPal payment integration. See PayPal Configuration for detailed information.
"PayPal" : { "Mode" : "sandbox" , "ClientId" : "your-client-id" , "ClientSecret" : "your-client-secret" , "BaseUrl" : "https://api-m.sandbox.paypal.com" }
Loading Configuration in Program.cs Configuration sections are bound to strongly-typed options classes in Program.cs:
// JWT Configuration builder . Services . Configure < JwtOptions >( builder . Configuration . GetSection ( "Jwt" )); builder . Services . AddScoped < IJwtTokenService , JwtTokenService >(); // SMTP Configuration builder . Services . Configure < SmtpOptions >( builder . Configuration . GetSection ( "Smtp" )); builder . Services . AddScoped < IEmailService , EmailService >(); // PayPal Configuration builder . Services . Configure < PaypalOptions >( builder . Configuration . GetSection ( "PayPal" )); builder . Services . AddHttpClient < IPaypalService , PaypalService >();
Environment-Specific Configuration
Using appsettings.Development.json
Create environment-specific configuration files that override base settings: appsettings.Development.json
{ "Logging" : { "LogLevel" : { "Default" : "Debug" , "Microsoft.AspNetCore" : "Information" } }, "ConnectionStrings" : { "DefaultConnection" : "Server=localhost;Database=AndandoDB_Dev;..." }, "PayPal" : { "Mode" : "sandbox" } }
ASP.NET Core automatically loads the environment-specific file based on the ASPNETCORE_ENVIRONMENT variable.
Using User Secrets (Development)
For sensitive data in development, use User Secrets instead of committing credentials: # Initialize user secrets dotnet user-secrets init # Set a secret dotnet user-secrets set "Jwt:SecretKey" "your-dev-secret-key" dotnet user-secrets set "ConnectionStrings:DefaultConnection" "your-connection-string"
User secrets override appsettings.json values during development.
Using Environment Variables (Production)
In production, use environment variables to override configuration: # Format: Section__Property export ConnectionStrings__DefaultConnection = "Server=prod-server;..." export Jwt__SecretKey = "production-secret-key" export Smtp__Password = "production-smtp-password"
Environment variables have the highest priority in the configuration hierarchy. Security Best Practices Never commit sensitive data to source control
Use User Secrets for development
Use Environment Variables or Azure Key Vault for production
Add appsettings.*.json files with secrets to .gitignore
Rotate secrets regularly
Configuration Priority Order (highest to lowest):
Environment Variables
User Secrets (Development only)
appsettings..json
appsettings.json
Default values in Options classes
Related Pages