Skip to main content

Configuration Overview

SupermarketWEB uses ASP.NET Core’s configuration system with settings stored in appsettings.json and environment-specific overrides in appsettings.Development.json. Configuration is loaded automatically at application startup in Program.cs.

Database Configuration

Connection String Setup

The database connection is configured in appsettings.json under the ConnectionStrings section:
appsettings.json
{
  "ConnectionStrings": {
    "SupermarketDB": "Data Source=(localdb)\\MSSQLLocalDB;Initial Catalog=SupermarketEF;Integrated Security=True;Connect Timeout=30;Encrypt=False;Trust Server Certificate=False;Application Intent=ReadWrite;Multi Subnet Failover=False"
  }
}

Connection String Components

ComponentValueDescription
Data Source(localdb)\\MSSQLLocalDBSQL Server instance (LocalDB by default)
Initial CatalogSupermarketEFDatabase name
Integrated SecurityTrueUse Windows authentication
Connect Timeout30Connection timeout in seconds
EncryptFalseDisable connection encryption

Configuring for Different Environments

Use the default configuration for local development:
{
  "ConnectionStrings": {
    "SupermarketDB": "Data Source=(localdb)\\MSSQLLocalDB;Initial Catalog=SupermarketEF;Integrated Security=True;Connect Timeout=30;Encrypt=False;Trust Server Certificate=False;Application Intent=ReadWrite;Multi Subnet Failover=False"
  }
}

Entity Framework Core Configuration

The database context is registered in Program.cs:
Program.cs
builder.Services.AddDbContext<SupermarketContext>(options =>
    options.UseSqlServer(builder.Configuration.GetConnectionString("SupermarketDB"))
);
The SupermarketContext manages five entity sets:
  • Products - Product inventory
  • Categories - Product categories
  • Customers - Customer records
  • PayModes - Payment methods
  • Users - User accounts

Authentication Configuration

SupermarketWEB uses cookie-based authentication configured in Program.cs:
Program.cs
builder.Services.AddAuthentication().AddCookie("MyCookieAuth", option =>
{
    option.Cookie.Name = "MyCookieAuth";
    option.LoginPath = "/Account/Login";
});

Authentication Settings

SettingValueDescription
Cookie.NameMyCookieAuthName of the authentication cookie
LoginPath/Account/LoginRedirect path for unauthenticated users

Customizing Authentication

To modify authentication behavior, update the cookie options in Program.cs: 
builder.Services.AddAuthentication().AddCookie("MyCookieAuth", option =>
{
    option.Cookie.Name = "MyCookieAuth";
    option.LoginPath = "/Account/Login";
    option.ExpireTimeSpan = TimeSpan.FromHours(24);  // Cookie expiration
    option.SlidingExpiration = true;                  // Extend on activity
    option.Cookie.HttpOnly = true;                    // Prevent XSS
    option.Cookie.SecurePolicy = CookieSecurePolicy.Always;  // HTTPS only
});
The authentication system works with the Users entity in the database. User credentials are validated against the Email and Password fields.

Logging Configuration

Log Levels

Logging is configured in appsettings.json:
appsettings.json
{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  }
}

Available Log Levels

  • Trace - Most detailed logging
  • Debug - Debugging information
  • Information - General informational messages (default)
  • Warning - Warning messages
  • Error - Error messages
  • Critical - Critical failures
  • None - Disable logging

Development Logging

Development-specific logging can be configured in appsettings.Development.json:
appsettings.Development.json
{
  "DetailedErrors": true,
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  }
}
Set DetailedErrors to true in development for detailed error pages. Always set this to false in production to avoid exposing sensitive information.

Environment-Specific Configuration

Development Environment

Development settings in appsettings.Development.json: 
{
  "DetailedErrors": true,
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  }
}
Features enabled in development:
  • Detailed error pages
  • Developer exception page
  • Verbose logging

Production Environment

The application detects production environment and applies different middleware in Program.cs:
Program.cs
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}
Production features:
  • Generic error handling via /Error page
  • HTTP Strict Transport Security (HSTS)
  • HTTPS redirection
  • No detailed errors exposed

Application Settings

Allowed Hosts

Configure allowed host headers in appsettings.json: 
{
  "AllowedHosts": "*"
}
In production, restrict AllowedHosts to specific domains to prevent host header attacks:
{
  "AllowedHosts": "yourdomain.com;www.yourdomain.com"
}

HTTPS Configuration

HTTPS is enforced in production through middleware in Program.cs: 
app.UseHttpsRedirection();
To configure HTTPS ports and certificates, modify Properties/launchSettings.json.

Middleware Pipeline

The request pipeline is configured in Program.cs:
Program.cs
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.MapRazorPages();
The middleware executes in this order:
  1. HTTPS Redirection - Redirects HTTP to HTTPS
  2. Static Files - Serves files from wwwroot
  3. Routing - Matches requests to endpoints
  4. Authorization - Validates authentication cookies
  5. Razor Pages - Executes page handlers

Configuration Best Practices

1

Use Environment Variables

Store sensitive configuration in environment variables, not in appsettings.json:
export ConnectionStrings__SupermarketDB="your-connection-string"
2

Separate Environments

Maintain separate configuration files for each environment:
  • appsettings.json - Base settings
  • appsettings.Development.json - Development overrides
  • appsettings.Production.json - Production overrides
3

Use User Secrets

For local development, use .NET User Secrets to store sensitive data:
dotnet user-secrets set "ConnectionStrings:SupermarketDB" "your-connection-string"
4

Validate Configuration

Test configuration changes in development before deploying to production. Verify:
  • Database connectivity
  • Authentication flows
  • Logging output

Configuration Priority

ASP.NET Core loads configuration in this order (later sources override earlier ones):
  1. appsettings.json
  2. appsettings.{Environment}.json
  3. User Secrets (Development only)
  4. Environment variables
  5. Command-line arguments
This allows you to override any setting without modifying files.

Next Steps

With your configuration complete, you’re ready to start using SupermarketWEB. Explore the features:
  • Manage products and inventory
  • Organize items by category
  • Track customer information
  • Configure payment methods
  • Secure your application with user authentication

Build docs developers (and LLMs) love

Get started for freeTalk to us