Dragon Guard follows the standard ASP.NET Core configuration model. All settings are read fromDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_BACK/llms.txt
Use this file to discover all available pages before exploring further.
appsettings.json, with environment-specific overrides layered on top from appsettings.{Environment}.json (e.g. appsettings.Development.json). Any key can also be supplied as an environment variable using the double-underscore separator convention (ConnectionStrings__WmsDb, Jwt__Key, etc.), which makes the API straightforward to configure in Docker, Kubernetes, or any CI/CD pipeline without touching files on disk.
Connection Strings
The ADO.NET / EF Core connection string for the SQL Server database that backs all WMS data. This value is passed directly to
UseSqlServer(...) and also used by IDbConnectionFactory (Dapper). The API will fail to start if the database cannot be reached, because EF Core migrations are applied synchronously before the HTTP server opens.JWT Authentication
All four JWT keys are required. The startup code readsJwt:Key first and throws an InvalidOperationException immediately if it is absent, so misconfiguration surfaces as a clear startup error rather than a silent runtime failure.
The HMAC SHA-256 signing key used to issue and validate all JWT Bearer tokens. Must be kept secret — treat it like a password. A minimum of 32 characters is recommended to satisfy HMAC-SHA256 key-length requirements.
The
iss claim written into every token and validated on every authenticated request. Must match exactly between the issuing server and any consumer that validates tokens directly. Defaults to "wms-api" in the shipped configuration.The
aud claim written into every token. Identifies the intended recipient of the token — typically the web or handheld client. Defaults to "wms-client" in the shipped configuration.Token lifetime in minutes from the moment of issuance. After this period the token is rejected by the
ValidateLifetime check in the JWT middleware and the client must re-authenticate. The shipped default is 60 minutes.ERP Integration
Absolute path to the legacy Grupo MAS
web.config file on the host machine. The GrupoMasNativeHttpClient reads ERP connection parameters from this file when native Grupo MAS integration is enabled and no database-stored configuration is found. This is a fallback path intended for migration scenarios where the ERP configuration has not yet been moved into the WMS database.Environment-Specific Overrides
appsettings.Development.json is layered on top of appsettings.json when ASPNETCORE_ENVIRONMENT=Development (the default for dotnet run). It follows the same key structure and overrides only the values it explicitly declares — all other keys fall back to appsettings.json.
The shipped appsettings.Development.json overrides the log levels and restores the GrupoMasLegacy:WebConfigPath to a developer-local path:
appsettings.Development.json
appsettings.json. Add appsettings.Development.json to .gitignore if it contains real secrets.
Data Protection Keys
Dragon Guard uses ASP.NET Core Data Protection for internal cryptographic operations (such as protecting cookies or sensitive payloads). Keys are persisted to the file system so they survive application restarts:DataProtectionKeys/ directory inside the application content root (the project folder when running with dotnet run). Ensure this directory is not deployed to source control — add it to .gitignore — and that the process has write permission to it at runtime.
In containerised or ephemeral deployments, mount
DataProtectionKeys/ as a persistent volume or switch to a shared key store (e.g. PersistKeysToAzureBlobStorage or PersistKeysToDbContext) so that keys are not lost on container restart.CORS
TheAllowAngular CORS policy registered in Program.cs currently permits any origin, any header, and any method:
UseAuthentication and UseAuthorization in the middleware pipeline.