DEV Community

Cover image for Disabling .NET Aspire authentication to skip the login page
Anthony Simmon
Anthony Simmon

Posted on • Originally published at anthonysimmon.com

Disabling .NET Aspire authentication to skip the login page

Preview 6 of .NET Aspire introduced a login page to access the dashboard. Unless the dashboard is launched from Visual Studio or Visual Studio Code (with the C# Dev Kit extension), the login page will appear and prompt for a token. For scenarios where the dashboard is started via dotnet run or from the Docker image, the token can be retrieved from the console window that was used to start the app host. An URL also containing the token in a query string parameter t allows bypassing the login page and accessing the dashboard directly. Once authenticated, a cookie is created to avoid entering the token each time.

The token appears in the console window.

This login page is particularly useful when the dashboard is accessible over the local network or internet. However, for local development scenarios, some might find this step unnecessary or bothersome. Fortunately, there are two ways to disable it.

Disabling the .NET Aspire login page through an environment variable

You can use the DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS environment variable to disable the login page, for instance in a launch settings profile:



{
  "$schema": "https://json.schemastore.org/launchsettings.json",
  "profiles": {
    "https": {
      // [...]
      "environmentVariables": {
       // [...]
        "DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS": "true" // <-- ADD THIS LINE
      }
    }
  }
}


Enter fullscreen mode Exit fullscreen mode

It's also possible to use it when starting the dashboard via Docker:



docker run --rm -it -p 18888:18888 -p 4317:18889 -d --name aspire-dashboard -e DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS='true' mcr.microsoft.com/dotnet/nightly/aspire-dashboard:8.0.0-preview.6


Enter fullscreen mode Exit fullscreen mode

Disabling the .NET Aspire login page programmatically

When building the DistributedApplication, you can inject a configuration value to disable the login page:



var builder = DistributedApplication.CreateBuilder(args);

builder.Configuration.AddInMemoryCollection(new Dictionary<string, string?>
{
    ["AppHost:BrowserToken"] = "",
});


Enter fullscreen mode Exit fullscreen mode

Note that this method does not work with appsettings.json files because the DistributedApplication.CreateBuilder method overrides the empty token. With AddInMemoryCollection, you ensure that the configuration is modified after this logic.

References

Top comments (0)