Configuration

The configuration of Babel Licensing services is an essential aspect of setting up a secure and reliable licensing infrastructure. One key element of this configuration is the appsettings.json file, which allows you to define various parameters and settings for the Babel Licensing service.

The appsettings.json configuration file for Babel Licensing Service contains various settings for the application. Here is a breakdown of the different sections:

  1. Serilog: This section configures the logging settings using the Serilog library. It specifies the sinks for logging (console and file), log levels for different namespaces, and enrichers for additional contextual information.

  2. AllowedHosts: Used for host filtering to bind your app to specific hostnames.

  3. Kestrel: This section configures the Kestrel web server settings. It defines the default protocols and endpoints for the gRPC service.

  4. Application: This section includes settings specific to the Babel Licensing Service application. It specifies whether gRPC-Web is enabled, the path to the license file, the signing key for license validation, and the token expiration duration.

  5. Email: These settings configure email notifications. It includes options to enable or disable sending emails, SMTP server details (host, port, SSL), authentication credentials, and sender/receiver information.

  6. Licensing: This section configures various aspects of the licensing system. It specifies the heartbeat interval, token formats for activation and floating licenses.

  7. Reporting: This section configures the reporting service and includes the encryption key used for report generation.

  8. Database: This section specifies the database provider used by the application.

  9. ConnectionStrings: These settings define the connection strings for different database providers (SQL Server, MySQL, SQLite).

Each section can be customized according to the specific requirements of the Babel Licensing Service deployment.

Serilog

Serilog is used for logging purposes within the Babel Licensing service. Let's take a closer look at how the Serilog configuration is set up in the appsettings.json file.

"Serilog": {
  "Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],
  "MinimumLevel": {
    "Default": "Information",
    "Override": {
      "Microsoft": "Warning",
      "System": "Warning",
      "Grpc": "Warning"
    }
  },
  "Enrich": [
    "FromLogContext",
    "WithMachineName",
    "WithThreadId"
  ],
  "WriteTo": [
    { "Name": "Console" },
    {
      "Name": "File",
      "Args": {
        "path": "log.txt",
        "rollingInterval": "Day"
      }
    }
  ]
}

First, we define the "Serilog" section, which contains several key elements.

Using: This property specifies the Serilog sinks that will be utilized for logging. In this example, we have "Serilog.Sinks.Console" and "Serilog.Sinks.File", indicating that logs will be written to both the console and a file.

MinumumLevel: Defines the minimum logging level for different log sources. The Default value is set to "Information", meaning that all logs at the Information level or above will be captured. Additionally, there is an Override section that specifies specific logging levels for certain namespaces. The available log levels are:

  • Verbose: Verbose is the noisiest level, rarely (if ever) enabled in production.

  • Debug: Debug is used for internal system events that are not necessarily observable from the outside but useful when determining how something happened

  • Information: Information events describe things in the system that correspond to its responsibilities and functions. Generally used to log GRPC calls.

  • Warning: When service is degraded, endangered, or maybe behaving outside of its expected parameters, Warning level events are used.

  • Error: An Error event is used when functionality is unavailable or expectations are broken.

  • Fatal: The most critical level, Fatal events demand immediate attention.

Enrich: This property allows enriching log events with additional information. In this example, log events will be enriched with information such as the log context, machine name, and thread ID.

WriteTo: The WriteTo property defines the sinks to which the log events will be written. We have two sinks configured: "Console" and "File". The "Console" sink writes the log events to the console. The "File" sink is configured with the "path" property set to "log.txt", indicating that log events will be written to a file named log.txt. Additionally, the "rollingInterval" is set to "Day", which means that a new log file will be created each day.

For more specific settings and advanced configurations related to filtering, sub-loggers, and other features offered by Serilog, it is recommended to refer to the official Serilog documentation. The Serilog documentation provides detailed information on various configuration options, including log event filtering, enriching, and configuring sub-loggers.

AllowedHosts

The "AllowedHosts" configuration in the appsettings.json file is used to specify the hosts filtering for Babel Licensing Service. It is an important security measure to restrict access to the service only from trusted URLs. The value "*" indicates that host filtering is disabled and any URLs that bind to the host can access the service, which can be appropriate for development or testing environments. However, in production, it is recommended to specify the hosts explicitly.

Here are a few examples of how you can configure the "AllowedHosts" setting:

  1. Allowing a specific host:

    "AllowedHosts": "example.com"

    This configuration restricts access to the Babel Licensing service only for requests made to the "example.com" domain. All other requests to other hosts will return a 400 response, stating the hostname is invalid.

  2. Allowing multiple hosts:

    "AllowedHosts": "example.com;subdomain.example.com"

    This configuration allows access to the Babel Licensing service from "example.com", and "subdomain.example.com" only. Requests from any other domain will be denied.

  3. Allowing multiple hosts using wildcard expression:

    "AllowedHosts": "*.example.com"

    This configuration allows access to the Babel Licensing service from any subdomain of "example.com". For example, "subdomain.example.com" and "another.subdomain.example.com" will be allowed, but requests from other domains or subdomains will be rejected.

It is important to carefully consider and configure the "AllowedHosts" setting based on your specific deployment environment and security requirements. By restricting access to trusted hosts, you can enhance the security and integrity of your Babel Licensing service.

Kestrel

The "Kestrel" configuration section in the appsettings.json file is used to configure the Kestrel web server, which is used to host the Babel Licensing Service. Kestrel is a cross-platform web server that provides a fast and reliable hosting environment for your application.

"Kestrel": {
  "EndpointDefaults": {
    "Protocols": "Http1AndHttp2"
  },
  "Endpoints": {
    "gRPC": {
      "Url": "http://localhost:5005",
      "Protocols": "Http2"
    }
  }
}

Within the "Kestrel" section, you can define various settings to customize the behaviour of the server. Let's explore some key elements of the Kestrel configuration:

EndpointDefaults: This subsection allows you to set default configurations for all endpoints. Here, you can specify the protocols supported by the server. In the example provided, "Http1AndHttp2" indicates that both HTTP/1.1 and HTTP/2 protocols are enabled by default.

Endpoints: This subsection allows you to define specific endpoints for the server. In the given example, the "gRPC" endpoint is configured with the URL "http://localhost:5005" and the "Http2" protocol. This endpoint is specifically designed to handle gRPC requests made to Babel Licensing Service using the HTTP/2 protocol.

Configuring Kestrel correctly is essential for ensuring the smooth operation of your Babel Licensing Service. You can customize various aspects such as protocols, port numbers, SSL certificates, and more to meet your specific requirements.

It is important to refer to the official documentation and follow best practices when configuring Kestrel to ensure optimal performance, security, and reliability.

Application

The "Application" configuration section in appsettings.json allows you to customize various aspects of the Babel Licensing service. Let's explore each setting in detail:

"Application": {
    "AdminUsername": "admin",
    "AdminEmail": "admin@email.com",
    "AdminPassword": "admin",
    "EnableGrpcWeb": true,
    "LogToDatabase": false,
    "LogRetentionPeriod": "1.00:00:00",
    "LicenseFile": "babel.licenses",
    "SigningKey": "JjaSFo17pYDj93ef15tBLP",
    "TokenExpiration": "00:30:00",
    "EnableWebApi": true,
    "ApiKeyHeaderName": "x-api-key",
    "ApiKeyCacheDuration": "00:03:00",
    "EnableSwagger": true,
    "SwaggerRoutePrefix": "swagger",
    "SwaggerEndpointUrl": "/swagger/v1/swagger.json",
    "GeoLocationService": "IpApiIs"
}

AdminUsername: With "AdminEmail", "AdminPassword" are the credentials for the administrative user created the first time the service starts.

LogToDatabase: Toggles whether logs are stored in a database.

LogRetentionPeriod: Specifies the duration logs are kept, formatted as days.hours:minutes:seconds.

EnableGrpcWeb: By setting this value to false, you disable GRPC Web support, which means the server will only accept requests using the HTTP/2 protocol. Note that some client platforms, such as UWP or Unity, may not support HTTP/2, so enabling HTTP/1.1 alongside HTTP/2 ensures compatibility with all client applications. Keep in mind that enabling both protocols on the same port requires TLS for protocol negotiation.

LicenseFile: This setting specifies the path to the license file used by the Babel Licensing service. The license file contains information about the granted licenses and their associated features.

SigningKey: The signing key is a secret used to sign the authentication bearer token. This token is used by clients to access the gRPC service securely. It's essential to keep this key confidential and choose a strong, unique value.

TokenExpiration: This setting determines the validity duration of the authentication bearer token acquired by the client. The value "00:30:00" indicates a token expiration time of 30 minutes. After this period, the client needs to acquire a new token for further access.

EnableWebApi: Whether to activates the Web API interface.

ApiKeyHeaderName: Designates the HTTP header name for passing the API key.

ApiKeyCacheDuration: Determines how long an API key is stored in cache before it will be validated again.

EnableSwagger: Turns on/off the Swagger UI for API documentation.

SwaggerRoutePrefix: The URL segment where the Swagger UI can be accessed.

SwaggerEndpointUrl: The path to the Swagger JSON file that describes the API.

GeolocationService: Enables the functionality to determine the geographical location of clients based on their IP addresses, aiding in regional access control. Supported IpApiIs and MaxMind.

By configuring these settings in the "Application" section, you can tailor the behaviour of the Babel Licensing Service according to your requirements, such as enabling or disabling specific protocol support, specifying the license file path, securing authentication with a signing key, and defining the token expiration duration.

IpApi.is

The IpApi.is service enables geolocation by using IP addresses to determine the geographical location of users, which can be crucial for regional access control, logging, and analytics. It offers a quick and reliable way to map IP addresses to their corresponding geographic data.

For more information, visit IpApi.is.

To configure the IpApiIs service with Babel Licensing Service, follow these steps:

  1. In the Application section, set the GeolocationService property to IpApiIs.

  2. Add the IpApiIs section to appsettings.json to configure access to the service through a license key.

"IpApiIs": {
  "Key": "IPAPI.IS WEB API SERVICE LICENSE KEY"
}

MaxMind

MaxMind offers a robust geolocation service that supports both web API access and local database usage. By integrating MaxMind, users can leverage its high precision in geolocation data. The service, available at MaxMind, allows for quick and reliable IP address information retrieval.

An advantage of using MaxMind's local database is that it eliminates dependency on external API calls, leading to faster query performance and increased reliability, especially in environments with limited or unstable internet connectivity. Additionally, local databases reduce the risks associated with data breaches or external service outages, providing enhanced security and privacy control.

To configure the MaxMind geolocation service with Babel Licensing Service, follow these steps:

  1. In the Application section, set the GeolocationService property to MaxMind.

  2. Add the MaxMind section to appsettings.json with the required configuration options.

"MaxMind": {
  "AccountID": "MAXMIND ACCOUNT ID",
  "LicenseKey": "MAXMIND WEB API SERVICE LICENSE KEY"
}

To configure the MaxMind database, use the following configuration:

"MaxMind": {
  "DatabasePath": "wwwroot\\data\\GeoLite2-City.mmdb"
}

This setup allows the Babel Licensing Service to utilize MaxMind for geolocation, providing precise and reliable information on IP addresses.

IP Filtering

IP Filtering in application settings is a security measure designed to control access to the service based on IP addresses. This section of the configuration ensures that only trusted users can interact with your application, while malicious or unwanted traffic is effectively managed or blocked.

Configuration Details:

Blacklist: An array that specifies IP addresses to be denied access.

Whitelist: An array that allows access only to the listed IP addresses, overriding the blacklist.

This feature supports pattern matching through regular expressions, which allows for a broader range of IP filtering possibilities.

Brute Force Protection

This sub-section is dedicated to configure countermeasure against brute force attacks:

Enabled: A boolean that, when true, activates protection against brute force attacks.

MaxRequestsPerTimeFrame: The maximum number of requests allowed from a single IP address within the specified time frame.

TimeFrameDuration: The period in which the request count is evaluated, formatted as hours:minutes:seconds.

RequestsBlockDuration: The time that the offending IP address will be blocked after exceeding the maximum number of requests.

Authentication Protection

This sub-section is related to login attempts:

Enabled: When true, this enables the monitoring of failed authentication attempts.

MaxFailedAttempts: The allowed number of consecutive failed login attempts before triggering a block.

LoginBlockDuration: The duration of the block imposed on the IP after reaching the maximum failed login attempts.

Email

The "Email" section in the appsettings.json file is responsible for configuring the email settings within the Babel Licensing Service. With this configuration, you can enable email functionality and specify the necessary details for sending emails from the service.

EnableSend: Specifies whether email sending is enabled or disabled. If set to true, the Babel Licensing Service will attempt to send emails based on the configured settings. If set to false, email sending will be disabled.

Host: The hostname or IP address of the email server or SMTP (Simple Mail Transfer Protocol) server that will be used to send emails. Enter the appropriate server address.

Port: The port number that the email server listens on for incoming connections. This is typically the SMTP server port. The default port for SMTP is 587, but you can change it as per your email server configuration.

UseSsl: Specifies whether SSL/TLS encryption should be used when connecting to the email server. If set to true, the Babel Licensing Service will establish a secure connection using SSL/TLS. If set to false, a non-secure connection will be used.

LocalDomain: The local domain name used for email addressing. This setting is optional and can be left empty if not required.

Username: The username or account name used to authenticate with the email server. Enter the appropriate username.

Password: The password associated with the email account. Enter the password corresponding to the provided username for authentication.

FromUser: The display name or username that will be used as the sender of the emails. This can be a friendly name or an actual username.

FromAddress: The email address from which the emails will be sent. Enter the valid email address for the sender.

To: An array of recipient email addresses and names. Each recipient object should contain a "Name" field for the recipient's name and an "Email" field for the recipient's email address. Add the desired recipient details within the array.

Licensing

The "Licensing" section in the appsettings.json file is dedicated to configuring various aspects of the licensing functionality within the Babel Licensing Service. This section allows you to define settings related to license management and behaviour.

Within the "Licensing" section, you can specify parameters such as the heartbeat interval, activation token format, and floating token format. Let's take a closer look at these settings:

"Licensing": {
  "HeartbeatInterval": "00:05:00",
  "LicenseIdFormat": "lic{HEX:8}",
  "CustomerCodeFormat": "C-{TOKEN:8}",
  "OrderNumberFormat": "O-{TOKEN:8}",
  "UserKeyFormat": "{TOKEN:5}-{TOKEN:5}-{TOKEN:5}-{TOKEN:5}",
  "ActivationTokenFormat": "actk_{token:12}",
  "FloatingTokenFormat": "fltk_{token:12}"
}

Heartbeat Interval: This parameter determines the duration between each heartbeat signal sent by the licensing service. The heartbeat signal helps monitor the health and status of the licensing system.

Formats for Identifiers and Keys

The formats specified in the configuration use a combination of placeholders that get replaced with randomly generated values. The TOKEN, HEX, and DEC are types of placeholders, and the number following the colon (:) specifies the length of the generated value. Uppercase (TOKEN, HEX) generates uppercase values, while lowercase (token, hex) generates lowercase values. DEC stands for decimal numbers.

LicenseIdFormat: "lic{HEX:8}" - This format will generate license IDs starting with "lic" followed by 8 random uppercase hexadecimal characters.

CustomerCodeFormat: "C-{TOKEN:8}" - Customer codes will start with "C-" followed by 8 random uppercase alphanumeric characters.

OrderNumberFormat: "O-{TOKEN:8}" - Order numbers will start with "O-" followed by 8 random uppercase alphanumeric characters.

UserKeyFormat: "{TOKEN:5}-{TOKEN:5}-{TOKEN:5}-{TOKEN:5}" - User keys will be generated in a format with four groups of 5 random uppercase alphanumeric characters, separated by hyphens.

Activation Token Format: This setting defines the format of the activation tokens used in the licensing process. Activation tokens are generated and provided to users to activate their licenses and unlock specific features or functionalities. The default value "actk_{token:12}" sets the activation token format as a fixed prefix given by "actk_" followed by 12 random characters.

Floating Token Format: Similar to activation tokens, floating tokens are used for floating licenses, allowing users to share licenses across multiple devices or users within a defined pool. The floating token format specifies the structure of these tokens. The default value "fltk_{token:12}" sets the activation token format as a fixed prefix given by "fltk_" followed by 12 random characters.

By configuring the "Licensing" section, you can customize these parameters to align with your specific licensing requirements. This flexibility enables you to tailor the licensing functionality to meet the needs of your application or software.

Reporting

The "Reporting" section in the appsettings.json file is dedicated to configuring reporting-related settings within the Babel Licensing Service. This section allows you to define parameters related to reporting functionality, including encryption keys for secure transmission and storage of reports.

Within the "Reporting" section, you can specify settings such as the encryption key. Let's take a closer look at this setting:

"Reporting": {
  "EncryptionKey": ""
}

Encryption Key: This parameter is used to define the encryption key that is employed to encrypt and decrypt the reports generated by the Babel Licensing Service. By using encryption, the sensitive information contained within the reports remains secure and protected from unauthorized access.

Configuring the "Reporting" section enables you to define the encryption key, ensuring that the reports generated by the licensing service are encrypted using a strong cryptographic algorithm. This encryption adds an extra layer of security to the reports, safeguarding sensitive data from potential threats or breaches.

Database

The "Database" section in the appsettings.json file is responsible for configuring the database-related settings within the Babel Licensing Service. This section allows you to define the database provider that binds to the related connection string required for establishing a connection to the database.

"Database": {
  "Provider": "",
  "EnableMigration": true,
  "EnableDetailedErrors": false,
  "MaxRetryCount": 5,
  "MaxRetryDelay": "00:00:30"
},
"ConnectionStrings": {
  "SQLServer": "",
  "MySQL": "Server=127.0.0.1;User=root;Password=jdk5Rwt81Doz;Database=licenses",
  "SQLite": ""
}

Within the "Database" section, you can specify the following settings:

Provider: This parameter determines the type of database provider to be used by the Babel Licensing Service. You can select the provider name or library that corresponds to the database technology you intend to use, such as SQL Server, MySQL, or SQLite.

EnableMigration: Set to true, this option enables the database migration feature. Database migrations are used to manage changes to the database schema over time. When enabled, the application can automatically update the database schema to match the models defined in the application.

EnableDetailedErrors: When set to false, this option prevents detailed error information from being included in exceptions related to database operations. It's often set to false in production environments for security reasons.

MaxRetryCount: This option, set to 5, specifies the maximum number of retries for a failed database operation before the application gives up and throws an exception. It's useful for handling transient failures.

MaxRetryDelay: Set to "00:00:30", this represents the maximum delay between retries in case of database operation failures. The format HH:MM:SS indicates a 30-second delay.

ConnectionStrings: This section allows you to define the connection strings required to establish a connection to the specified database provider. The connection strings typically include information such as the server address, database name, authentication credentials, and any additional configuration parameters specific to the chosen database provider.

Configuring the "Database" section enables you to connect to the desired database for storing and retrieving licensing-related data within the Babel Licensing Service. By specifying the appropriate provider and connection strings, the service can interact with the database seamlessly, ensuring efficient data management and retrieval.

Last updated