appsettings for local development, gitignore and simple workaround with a template json

Here is a simple but common technical issue for any ASP.Net Core setup and thought it deserves a blog note. Since the Sitecore MVP site is a destination for anyone in the Sitecore community, have used the same as the starter project for this blog post!

Context: Currently, the appsettings.json and appsettings.Development.json are both committed to the repo. The disadvantage of this approach is, developer-specific sensitive information (for instance, OKTA-related user data) would get committed as part of the appsettings.Development.json. No wonder this can expose undesired security loopholes. 

One step backward:

If you are aware of the dotnet core setup, there is a launchSettings.json that has an env variable named ASPNETCORE_ENVIRONMENT and this is what drives the parameter for the actual appsettings.{ASPNETCORE_ENVIRONMENT}.json

Here is the launchSettings.json param value in use to drive the name of -

appSettings json.{ASPNETCORE_ENVIRONMENT}.json file

So, for instance, if you make the ASPNETCORE_ENVIRONMENT as local, the application will look for appsettings.local.json and if you make it joker, it will look for appsettings.joker.json in the file system. 

With this background, here is a workaround for the above loophole: 

Note that in case of MVP repo, since appsettings.Development.json is already in the repo, you have to delete it physically from git for the .gitignore to take effect for the second developer. This is the reason I'm using appsettings.local.json as example here for better clarity but the intent in case of MVP repo is to get rid of appsettings.Development.json from git commit list. 

1. .gitignore the changes to appsettings.local.json so that it is not committed to the repo. 

2. Before you execute the dotnet run command to setup the rendering host, Copy-over the OKTA settings from .env file to appsettings.local.json or copy and rename the template file described in point 3

3. Good to commit and maintain a template for local development and name it appsettings.template but don't .gitignore this template json file

*************

*************

So, with all the above points in place, this is my commit list and appsettings.local.json is not in the commit list, mission accomplished!

Note:

Although appsettings.json and appsettings.{ASPNETCORE_ENVIRONMENT}.json can have the same structure, it is better to segregate and have separate structures so that you accidentally don't commit sensitive information in appsettings.json and this is the reason appsettings.template is created specifically for the local json file:

Some useful errors to note:

a. Without proper OKTA key values in appsettings.Development.json, on execution of dotnet run, you end-up with this error message:

Unhandled exception. System.ArgumentException: Your Okta URL must start with https. Current value: <<Add Okta domain>>. You can copy your domain from the Okta Developer Console. Follow these instructions to find it: https://bit.ly/finding-okta-domain (Parameter 'OktaDomain') at Okta.AspNet.Abstractions.OktaWebOptionsValidator`1.Validate(OktaWebOptions options)  at Okta.AspNetCore.OktaAuthenticationOptionsExtensions.AddOktaMvc(AuthenticationBuilder builder, OktaMvcOptions options) at Mvp.Feature.User.Extensions.StartUpExtensions.AddFeatureUser(IServiceCollection services, IConfiguration configuration) at Mvp.Project.MvpSite.Rendering.Startup.ConfigureServices(IServiceCollection services)

b. Without appsettings.Development.json in file system, you end-up with this error on dotnet run:

Unhandled exception. System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values. (Parameter 'baseUri')  at System.Uri..ctor(Uri baseUri, String relativeUri) at Mvp.Foundation.Configuration.Rendering.AppSettings.MvpSiteSettings.get_LayoutServiceUri()