Featured image of post Disabling .NET Aspire authentication to skip the login page

Disabling .NET Aspire authentication to skip the login page

Do you find the login page of the .NET Aspire dashboard unnecessary for local development? Use of of these two methods to disable it.

Preview 6 of .NET Aspire introduced a login page to access the dashboard. Unless the dashboard is launched from Visual Studio or Visual Studio Code (with the C# Dev Kit extension), the login page will appear and prompt for a token. For scenarios where the dashboard is started via dotnet run or from the Docker image, the token can be retrieved from the console window that was used to start the app host. An URL also containing the token in a query string parameter t allows bypassing the login page and accessing the dashboard directly. Once authenticated, a cookie is created to avoid entering the token each time.

The token appears in the console window.

This login page is particularly useful when the dashboard is accessible over the local network or internet. However, for local development scenarios, some might find this step unnecessary or bothersome. Fortunately, there are two ways to disable it.

# Disabling the .NET Aspire login page through an environment variable

You can use the DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS environment variable to disable the login page, for instance in a launch settings profile:

{
  "$schema": "https://json.schemastore.org/launchsettings.json",
  "profiles": {
    "https": {
      // [...]
      "environmentVariables": {
       // [...]
        "DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS": "true" // <-- ADD THIS LINE
      }
    }
  }
}

It’s also possible to use it when starting the dashboard via Docker:

docker run --rm -it -p 18888:18888 -p 4317:18889 -d --name aspire-dashboard -e DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS='true' mcr.microsoft.com/dotnet/nightly/aspire-dashboard:8.0.0-preview.6

# Disabling the .NET Aspire login page programmatically

When building the DistributedApplication, you can inject a configuration value to disable the login page:

var builder = DistributedApplication.CreateBuilder(args);

builder.Configuration.AddInMemoryCollection(new Dictionary<string, string?>
{
    ["AppHost:BrowserToken"] = "",
});

Note that this method does not work with appsettings.json files because the DistributedApplication.CreateBuilder method overrides the empty token. With AddInMemoryCollection, you ensure that the configuration is modified after this logic.

# References

Licensed under CC BY 4.0
© 2015 - 2024 Anthony Simmon
Ko-fi donations Buy me a coffee