Joseph Doherty
57302500ac
Adds a "Dev Disable-Login Flag" subsection to Component-Security.md covering ScadaBridge:Security:Auth:DisableLogin / User, the AutoLoginAuthenticationHandler mechanism, and the no-environment-guard / startup-warning production risk. Ships DisableLogin: false under ScadaBridge → Security → Auth in: - src/.../Host/appsettings.json (canonical default) - docker/central-node-a/appsettings.Central.json - docker/central-node-b/appsettings.Central.json Also records DL-3 commit SHAs in the plan tasks file.
34 lines
1.3 KiB
JSON
34 lines
1.3 KiB
JSON
{
|
|
"_logging": "Host-021: Serilog is the sole logger provider (Program.cs calls builder.Host.UseSerilog()), so the standard Microsoft 'Logging:LogLevel' block has no effect and was removed. The minimum level is set via 'ScadaBridge:Logging:MinimumLevel' (bound to LoggingOptions per Host-011); sinks are defined under the 'Serilog' section below and applied via ReadFrom.Configuration (Host-014). See LoggerConfigurationFactory + Component-Host.md REQ-HOST-8.",
|
|
"ScadaBridge": {
|
|
"Security": {
|
|
"Auth": {
|
|
"_comment": "DisableLogin bypasses the login form and auto-authenticates every request as User with all roles. DEV/TEST ONLY — no environment guard; a startup warning is the only protection. Never enable in production.",
|
|
"DisableLogin": false,
|
|
"User": "multi-role"
|
|
}
|
|
}
|
|
},
|
|
"Serilog": {
|
|
"Using": [
|
|
"Serilog.Sinks.Console",
|
|
"Serilog.Sinks.File"
|
|
],
|
|
"WriteTo": [
|
|
{
|
|
"Name": "Console",
|
|
"Args": {
|
|
"outputTemplate": "[{Timestamp:HH:mm:ss} {Level:u3}] [{NodeRole}/{NodeHostname}] {Message:lj}{NewLine}{Exception}"
|
|
}
|
|
},
|
|
{
|
|
"Name": "File",
|
|
"Args": {
|
|
"path": "logs/scadabridge-.log",
|
|
"rollingInterval": "Day"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|