You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/fundamentals/dashboard/configuration.md
+21-3Lines changed: 21 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,12 +72,13 @@ Alternatively, these same values could be configured using a JSON configuration
72
72
|`ASPNETCORE_URLS`|`http://localhost:18888`| One or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. When the dashboard is launched by the Aspire AppHost this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. |
73
73
|`ASPIRE_DASHBOARD_OTLP_ENDPOINT_URL`|`http://localhost:18889`| The [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the Aspire AppHost this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. |
74
74
|`ASPIRE_DASHBOARD_OTLP_HTTP_ENDPOINT_URL`|`http://localhost:18890`| The [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. When the dashboard is launched by the Aspire AppHost the OTLP/HTTP endpoint isn't configured by default. To configure an OTLP/HTTP endpoint with the AppHost, set an `ASPIRE_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` env var value in _launchSettings.json_. Securing the dashboard with HTTPS is recommended. |
75
-
|`ASPIRE_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS`|`false`| Configures the dashboard to not use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. |
75
+
|`ASPIRE_DASHBOARD_MCP_ENDPOINT_URL`|`http://localhost:18891`| The [Aspire MCP](mcp-server.md) endpoint. When this value isn't specified then the MCP server is hosted with an `ASPNETCORE_URLS` endpoint. The MCP server can be disabled by configuring `Dashboard:Mcp:Disabled` to `true`. When the dashboard is launched by the Aspire AppHost this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. |
76
+
|`ASPIRE_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS`|`false`| Configures the dashboard to not use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode`, `Dashboard:Otlp:AuthMode` and `Dashboard:Mcp:AuthMode` to `Unsecured`. |
76
77
|`ASPIRE_DASHBOARD_CONFIG_FILE_PATH`|`null`| The path for a JSON configuration file. If the dashboard is being run in a Docker container, then this is the path to the configuration file in a mounted volume. This value is optional. |
77
78
|`ASPIRE_DASHBOARD_FILE_CONFIG_DIRECTORY`|`null`| The directory where the dashboard looks for key-per-file configuration. This value is optional. |
78
79
|`ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`|`null`| The gRPC endpoint to which the dashboard connects for its data. If this value is unspecified, the dashboard shows telemetry data but no resource list or console logs. This setting is a shortcut to `Dashboard:ResourceServiceClient:Url`. |
79
80
80
-
## Frontend authentication
81
+
## Frontend
81
82
82
83
The dashboard frontend endpoint authentication is configured with `Dashboard:Frontend:AuthMode`. The frontend can be secured with OpenID Connect (OIDC) or browser token authentication.
83
84
@@ -87,6 +88,7 @@ Browser token authentication works by the frontend asking for a token. The token
87
88
|--|--|--|
88
89
|`Dashboard:Frontend:AuthMode`|`BrowserToken`| Can be set to `BrowserToken`, `OpenIdConnect` or `Unsecured`. `Unsecured` should only be used during local development. It's not recommended when hosting the dashboard publicly or in other settings. |
89
90
|`Dashboard:Frontend:BrowserToken`|`null`| Specifies the browser token. If the browser token isn't specified, then the dashboard generates one. Tooling that wants to automate logging in with browser token authentication can specify a token and open a browser with the token in the query string. A new token should be generated each time the dashboard is launched. |
91
+
|`Dashboard:Frontend:PublicUrl`|`null`| Specifies the public URL used to access the dashboard frontend. The public URL is used when constructing links to the dashboard frontend. If a public URL isn't specified, the frontend endpoint is used instead. This setting is important when the dashboard is accessed through a proxy and the dashboard endpoint isn't directly reachable. |
90
92
|`Dashboard:Frontend:OpenIdConnect:NameClaimType`|`name`| Specifies one or more claim types that should be used to display the authenticated user's full name. Can be a single claim type or a comma-delimited list of claim types. |
91
93
|`Dashboard:Frontend:OpenIdConnect:UsernameClaimType`|`preferred_username`| Specifies one or more claim types that should be used to display the authenticated user's username. Can be a single claim type or a comma-delimited list of claim types. |
92
94
|`Dashboard:Frontend:OpenIdConnect:RequiredClaimType`|`null`| Specifies the claim that must be present for authorized users. Authorization fails without this claim. This value is optional. |
The OTLP endpoint authentication is configured with `Dashboard:Otlp:AuthMode`. The OTLP endpoint can be secured with an API key or [client certificate](/aspnet/core/security/authentication/certauth) authentication.
146
148
@@ -151,6 +153,7 @@ API key authentication works by requiring each OTLP request to have a valid `x-o
151
153
|`Dashboard:Otlp:AuthMode`|`Unsecured`| Can be set to `ApiKey`, `Certificate` or `Unsecured`. `Unsecured` should only be used during local development. It's not recommended when hosting the dashboard publicly or in other settings. |
152
154
|`Dashboard:Otlp:PrimaryApiKey`|`null`| Specifies the primary API key. The API key can be any text, but a value with at least 128 bits of entropy is recommended. This value is required if auth mode is API key. |
153
155
|`Dashboard:Otlp:SecondaryApiKey`|`null`| Specifies the secondary API key. The API key can be any text, but a value with at least 128 bits of entropy is recommended. This value is optional. If a second API key is specified, then the incoming `x-otlp-api-key` header value can match either the primary or secondary key. |
156
+
|`Dashboard:Otlp:SuppressUnsecuredMessage`|`false`| Suppresses the unsecured message displayed in the dashboard when `Dashboard:Otlp:AuthMode` is `Unsecured`. This message should only be suppressed if an external frontdoor proxy is securing access to the endpoint. |
154
157
155
158
## OTLP CORS
156
159
@@ -180,6 +183,21 @@ Consider the following configuration options:
180
183
> [!NOTE]
181
184
> The dashboard only supports the `POST` method for sending telemetry and doesn't allow configuration of the _allowed methods_ (`Access-Control-Allow-Methods`) for CORS.
182
185
186
+
## MCP
187
+
188
+
The MCP endpoint authentication is configured with `Dashboard:Mcp:AuthMode`. The MCP endpoint can be secured with API key authentication.
189
+
190
+
API key authentication works by requiring each MCP request to have a valid `x-mcp-api-key` header value. It must match either the primary or secondary key.
191
+
192
+
| Option | Default value | Description |
193
+
|--|--|--|
194
+
|`Dashboard:Mcp:AuthMode`|`Unsecured`| Can be set to `ApiKey` or `Unsecured`. `Unsecured` should only be used during local development. It's not recommended when hosting the dashboard publicly or in other settings. |
195
+
|`Dashboard:Mcp:PrimaryApiKey`|`null`| Specifies the primary API key. The API key can be any text, but a value with at least 128 bits of entropy is recommended. This value is required if auth mode is API key. |
196
+
|`Dashboard:Mcp:SecondaryApiKey`|`null`| Specifies the secondary API key. The API key can be any text, but a value with at least 128 bits of entropy is recommended. This value is optional. If a second API key is specified, then the incoming `x-mcp-api-key` header value can match either the primary or secondary key. |
197
+
|`Dashboard:Mcp:SuppressUnsecuredMessage`|`false`| Suppresses the unsecured message displayed in the dashboard when `Dashboard:Mcp:AuthMode` is `Unsecured`. This message should only be suppressed if an external frontdoor proxy is securing access to the endpoint. |
198
+
|`Dashboard:Mcp:PublicUrl`|`null`| Specifies the public URL used to access the MCP server. The public URL is used when constructing links to the MCP server. If a public URL isn't specified, the MCP endpoint is used instead. This setting is important when the dashboard is accessed through a proxy and the dashboard endpoint isn't directly reachable. |
199
+
|`Dashboard:Mcp:Disabled`|`false`| Disables the MCP server and remove MCP UI in the dashboard. |
200
+
183
201
## Resources
184
202
185
203
The dashboard connects to a resource service to load and display resource information. The client is configured in the dashboard for how to connect to the service.
0 commit comments