Configuration: Service Module ‐ Users - ChrisMavrommatis/Binacle.Net GitHub Wiki

In the Service Module, only admin users have the ability to manage other users. To ensure there's always an admin available, a default admin account is provided. This section will guide you through configuring the default admin and managing admin accounts effectively.

The default admin user is defined in the Users.json file with the format {email}:{password}.

Below is the default configuration:

{
  "Users": {
    "DefaultAdminUser": "[email protected]:B1n4cl3Adm!n"
  }
}

Email and Password Requirements

  • Email: The email must be a valid format, although it won't be used for any communication or marketing purposes.
  • Password: The password must be at least 10 characters long to ensure security.

Modifying the Default Admin

If you wish to change the default admin, you have two options:

  1. Environment Variable: Set the Users__DefaultAdminUser environment variable. This will override the Users.json file.
  2. Configuration File: You can directly modify the Users.json file by updating the email and password.

Recommended Practice: Creating a New Admin

For better security, it is recommended to:

  1. Create a New Admin User: After setting up your default admin, create a new user account and promote them to admin status.
  2. Deactivate the Default Admin: Once a new admin is established, you can deactivate the default admin account. This ensures the default admin is not used regularly, reducing security risks.

[!Note]

The Service Module will always ensure the default admin exists in the database. However, it does not enforce whether the account is active.

Recovering Admin Access

In the event that you accidentally demote yourself or deactivate the only active admin user, and the default admin is also inactive, you have two options to recover access:

  1. Update the Default Admin Credentials: Modify the Users.json file or environment variable to change the default admin credentials. This will create a new admin account upon application restart.

  2. Direct Database Modification: If needed, you can directly modify the database to either reactivate the default admin or promote another user to admin. This is often the most efficient recovery method without having to rely on multiple admin accounts.