Settings of the Web.config

Options in the appSettings Section

serverString

The server string refers to the name of the database server. This is often the same as the name of the server itself '<server name>'. For SQL Server named instances, this typically looks like '<server name>\<named instance>'.

requireSSL

This setting should always bet set to true. Never use the application in production without SSL switched on. The only use if for switching it off is for troubleshooting access to server.

attributeCacheExpiryMinutes

When document object attribute data gets converted to HTML they get stored in a cache to speed up successive access to the data. The default value is 480 min = 8 hours. The cache uses sliding expiration meaning that whenever the date get's fetched again, the expiry time starts over.

userExpiryMinutes

The time an inactive user is still logged in to the system. This is also the time a floating license is locked for a user. When the user session expires, the user license will be released again. Any activity such as loading data or editing an existing document object, will reset the time-out. Default time-out 30 min.

userWarningBeforeExpiryMinutes

The warning time before userExpiryMinutes occurs which presents the user with a warning dialog that the user session is about to expire in x minutes. The default is 5 min.

authCookieExpiryMinutes

The time an authentication cookie is stored in the web-browser for the current log-in (regardless of authentication method). Any activity loading data, the expiry time starts over. Default 480 min = 8h.

editLockExpiryMinutes

When a user edits any document object a lock is acquired for the current user and document object. Either the user completes the editing to release the lock (Save or Cancel) or this lock expire will after x minutes. The default is 120 min = 2 hours.

Cache Settings

Note: all caches of data are invalidated at 'Force Template Reload'

useTestRunCache (true / false)

Switches on the option to cache Test Run data to speed up any fetching of Test Run data. Cached data gets invalidated when a test run or dependent document objects are changed. The default value is true.

testRunCacheExpiryMinutes

When using the Test Run Cache, this sets the expiry time of any cached Test Run data. The default is 120 min = 2h.

useQueryCache (true / false)

Switches on the option to cache query results. Cached data gets invalidated when a query or dependent document objects are changed. The default value is true.

queryCacheExpiryMinutes (number of minutes)

When using the Query Cache, this sets the expiry time of any cached Query result data. The default is 120 min = 2h.

queryCacheIssueProxyExpiryMinutes (number of minutes)

When using the Query Cache, this sets the expiry time of any cached Query result data involving Issue Proxies (such as Jira or GitHub etc). For these external systems the application does not always have the means to track changes to all items and automatically invalidate the cache. The default is 20 min.

useChapterCache (true / false)

Switches on the option to cache chapter structure results. Cached data gets invalidated when a chapter or the assignment of a document object to a chapter is changed. The default value is true.

chapterCacheExpiryMinutes (number of minutes)

When using the Chapter Cache, this sets the expiry time of any cached Chapter structure data. The default is 120 min = 2h.

useReviewCache (true / false)

Switches on the option to cache review feedback results. Cached data gets invalidated when a review or dependent document objects are changed. The default value is true.

reviewCacheExpiryMinutes (number of minutes)

When using the Review Cache, this sets the expiry time of any cached Review feedback data. The default is 120 min = 2h.

wizardCacheExpiryMinutes (number of minutes)

Cached used to restrict simultaneous execution of Wizards/Assistants. The default is 60 min=1h.

User Session Settings

passwordExpiresDays (number of days)

After the stated number of days, the user must change/select a new password. The default is 90 days.

minPasswordLength (number of character)

The required minimum number of characters in a password. The default is 6 characters.

passwordHistoryLimit (number of passwords)

This limits reuse to a certain number of previous passwords (e.g., you cannot reuse any of the last N passwords) i.e. password history tracking. It's a security feature designed to prevent users from cycling back to old passwords. The default is 10.

tokenExpiryMinutes (number of minutes)

When the client-browser communicates with the server api, the current authentication is made valid through the use of a token. The default is 300 min = 6h but the recommended setting is 720 min = 12h since the authentication needs to be re-negotiated after expiry.

useWindowsDomainAtRegister (true / false)

Legacy setting when using the Web-application together with the Windows-client. When set to true, the user property 'Windows Domain' is possible to maintain from the Web-client as well. The default value is false.

canLoadLinkedProjectTraces (true / false)

For customer systems working with linked projects, this option switches on the possibility to on demand, load any incoming or outgoing traces from linked projects in the Document Object Detail view. The default value is false.

webOnlyUserManagement (true / false)

Legacy setting when using the Web-application together with the Windows-client. Displays windows-client only properties for user management also in the web-client and includes hyperlinks in e-mails that can also be opened from the windows-client. The default value is false but the recommended setting for all new web-client only installations is true.

maxFailedSignAttemptsBeforeLockout (number of attempts)

Note! Only applicable when using Signatures including at accept or reject thereof!

If signing with a valid User Name but an incorrect password for <number of attempts> times, the user in question will be Locked Out. Locked Out means that the user is either (depending on other configurations further down):

• disabled (if setting disableUseOnLockout is set to true) a.k.a. "hard lock out"

• prevented to sign in for <accountLockoutTimeSpanMinutes> minutes a.k.a. "soft lock out"

Default value, no lockout.

maxFailedAccessAttemptsBeforeLockout (number of attempts)

If authenticating with a valid User Name but an incorrect password for <number of attempts> times, the user in question will be Locked Out. Locked Out means that the user is either:

• disabled (if setting disableUseOnLockout is set to true) a.k.a. "hard lock"

• prevented to sign in for <accountLockoutTimeSpanMinutes> minutes a.k.a. "soft lock out"

disableUserOnLockout (true/false)

If true, the user will be automatically disabled when locked out (i.e. "hard lock out"). When set to false the user can attempt to log in again after <accountLockoutTimeSpanMinutes> minutes. Default value is false.

accountLockoutTimeSpanMinutes (number of minutes)

The number of minutes a user is locked out (and cannot access the system) when the "soft lock out" option is used. After the amount of time has passed, the user can attempt to log in again. Default value is 5 min.

useTwoFactorAuthentication (true/false)

When set to true, 2FA can be switched on per user to enforce two-factor authentication at log in. The 2FA code is delivered per email. The 2FA code is valid for XXX minutes? Default value is false.

userCanManageTwoFactorAuthentication (true/false)

When set to true, the user may manage their personal setting on their own. If set to false, only a web admin may manage the setting for all users. Default value is false.

Open ID settings

The open ID settings allow to add an external authentication provider using Open ID. This is can be used to allow authentication via e.g Azure Entra (prev. Azure AD).

msClientId

The application id when registering the application in Azure. No default value exist.

msClientSecret

The client secret from the application registration. No default value exist.

msCaption

The application name. This name is displayed for the external authentication provider in the Login View. No default value exist.

msTenent

The Azure Tenant id. A GUID. No default value exist.

msAuthority

msRedirectUri

userCanManageExternalAuthenticationProvider

When set to true, the user may manage their personal setting on their own. If set to false, only a web admin may manage the setting for all users. Default value is true.

userCanOnlyLoginWithExternalAuthenticationProvider

When set to true, users with an external authentication provider registered, can only logon using the external authentication provider. The built in Aligned Elements user authentication will no longer be valid.

allowSignApproveWithExternalAuth

When set to true, the user may perform a sign action using the external authentication provider. If set to false, the sign action can only be done using the built in Aligned Elements authentication. Default value is true.

hideNormalLogin

When set to true, the User Name and Password fields in the login dialog are hidden by default. The most prominent control is then the external login provider button. The User Name and Password fields can still be displayed by clicking on the eye-icon. When set to false, both are shown at the same time. Default value false.

Local Active Directory Integration

Allows setting up a connection to an on-premise Active Directory server for authentication of users.

useLocalADSignIn (true/false)

Enables an Active directory integration. Default value is false.

localADContextType (Machine/Domain/ApplicationDirectory)

The Active Directy context for the connection. The default value is Machine but normally this is set to Domain for most applications.

localADName (url)

The Active Directory server name. No default value exists.

localADContainer

Optional for most cases. Only required when AD context type = ApplicationDirectory. No default value exists.

localADUserName

The user name required to access the Active Directory. No default value exist.

localADPassword

localADRequireGroup

Optional name of Active Directory group which entails all AD user that should have access to the Aligned Elements application. If the group is defined, users eligible for registration to Aligned Elements can be retrieved directly from Active Directory. Further, only users belonging to the defined group will be successfully authenticated. No default value exists.

localADContextOptions (Negotiate/SimpleBind/SecureSocketLayer/Signing/Sealing/ServerBind)

Optional. Allows to override the default context option. Combinations may be configured using '|' between the entries (pipe).

localADContextOptionsAtValidateCredentials (Negotiate/SimpleBind/SecureSocketLayer/Signing/Sealing/ServerBind)

Misc. Application Options

useChapterDescription (true / false)

Switches on the possibility to also define a rich-text description for any chapter within the Project Explorer. Default style formatting for the rich-text field is done in the revisable object templates. The default value is false. showManageTemplates (true/false)

When set to true, display the action to manage project templates from the Web-client for any user. Alternatively, this can be controlled by the user rights Templates Download/Upload. Default value is false.

showDownloadLogfiles (true/false)

When set to true, display the action to Download Logfiles from the Web-client for any user. Default value is false.

showCopyRemoveRenameProject (true/false)

When set to true, display the action to manage project templates from the Web-client for any web admin user or a user having the rights Project Copy/Rename/Delete. Default value is false.

showManageProjects (true/false)

When set to true, display the action to manage projects from the Web-client for any web admin user or a user having the rights Project Copy/Rename/Delete. Default value is false.

webAdminCanAssignNewWebAdmin (true/false)

When set to true, a web admin user may assign user rights to other users. If set to false, only a Super User may assign user rights. Default value is true.

useCommonCertificateManagement (true/false)

When set to true, electronic certificates can be managed in the Manage Users view from the web-client. When set to false, certification management can only be done from within the project user management. Default value is false.

forceSelectionOfAutomationScriptAtProjectCreate (true/false)

collectLogfileInfoForMaxNLogfiles (number of log files)

Parses N number of logfiles in 'Download Logfiles' and displays additional information to the content such as start end end date and if any errors or warnings are found in the logfile. The information is shown when placing the mouse over the logfile link. Default value 5.

onlyLoadLastUsedProjects (true/false)

When set to true, only the last N loaded projects are listed in the Load Project view. The user may click on load all projects to get the full selection available. When set to false, all projects available to the user are loaded and presented to the user. Default value is false.

keepNumLastUsedProjects (number of projects)

Maintains a list of N entries for the last loaded projects and displays these on the top of the list. Default value is 10 project entries.

throttleSpeeedAtCopyToProjects

When propagating data changes (for users or projects) to multiple projects, this setting will control if the server will throttle the execution or do all changes at once without any delay. Throttling the speed can help to not make the server unresponsive when propagating data to many projects at once. Throttling will only be used if number or projects > then the value in <throttleSpeedForProjectsMoreThan> and will introduce a pause of <throttleSleepMilliSeconds> milliseconds. Default value is false.

throttleSpeedForProjectsMoreThan

Threshold for when throttleSpeeedAtCopyToProjects is activated. Default value is 5 projects.

throttleSleepMilliSeconds

Pause time between copying(propagating data to the next project when throttling is used. Deafult value is 3000 ms.

hasProjectsOverview (true/false)

When set to true, the Projects Overview action will be made available on the Load Project view. This feature requires that some template set exists where AssignedToQueries have been defined. Default value is false.

throttleSpeeedAtProjectsOverview

If the system uses Projects Overview, the loading of data may be throttled to avoid the system to become unresponsive for the rest of the users. Setting throttling to true will introduce a pause between the loading of queries equalling the time it took to load last query. Default value is false.

maxFileUploadSizeMB (number of MB)

The maximal file size of files uploaded to Aligned Elements. The default value is 12 MB.

useComments (true/false)

When set to true, comment functionality is enabled for all document objects. Default value is false.

useCommentsForReview (true/false)

When set to true, comment functionality is enabled for use in Reviews. If set to false, all review feedback needs to be recorded using issues. Default value is false.

mailUsersInComments (true/false)

When set to true, any users that are mentioned (@userName) in a comment are automatically sent an email. Default value is false.

userManualBaseUrl (url)

altUserManualUrl (url)

An url to an additional possibly customer specific user manual. If set, an additional entry is available in the Help section of the application footer. No default value exists.

altUserManualName

If 'altUserManualUrl' is defined, this setting will contain the name displayed in the UI for the manual link. No default value exists.

serverBaseUrl

For server installations that server the application via a proxy, this setting gives a possibility to configure the url that the user will see in the web-browser. The url will be used when creating any links used in mail content. The default value is empty.

wizardDirectory (absolute path)

The path to a older on the server where all wizard/assistance configurations reside. The default value is empty.

tourFolder (relative or absolute path)

resourceFolder (relative or absolute path)

The relative or absolute path to the folder containing Resource-definitions. Resource definitions allow translations/alternate descriptions of some UI texts. The default value is 'Resources.

templateSetAtGenerateWordReport

Setting to set an alternative Word-Template Set for use when calling 'Generate Template Based Report. Default value is empty.

templateSetForUsersRestrictedByTagAtGenerateWordReport

Setting to set an alternative Word-Template Set for use when calling 'Generate Template Based Report. This settings overrides 'templateSetAtGenerateWordReport' for users that are restricted by a tag when that tag is active. Default value is empty.

EmailConfigHintPath (absolute path)

Optional path to 'MailContentSettings' allowing for customizing of Mail templates. Default value is empty.

protectedPaths (relative path)

This setting allows to enforce authentication on additional request paths. The default value is '/temp' and '/files'.

invalidInPathTraversal

This setting allows to check for certain characters to catch path traversal attempts. Default values are '\', '$', '~', '..', "?".

EnableSwagger (true/false)

This setting will enable end-points for swagger support. To list swagger documentation as json use the end-point <baseUrl>/swagger/docs/v1 and to get to the swagger UI use <base url>/swagger. Default value is false.

Options in the log4net Section

The default section looks like:

<log4net>
	<root>
		<level value="INFO" />
		<appender-ref ref="LogFileAppender" />
	</root>
	<appender name="LogFileAppender" type="log4net.Appender.RollingFileAppender">
		<file value="aligned_elements.log" />
		<appendToFile value="true" />
		<preserveLogFileNameExtension value="true" />
		<maximumFileSize value="1MB" />
		<maxSizeRollBackups value="20" />
		<rollingStyle value="Size" />
		<staticLogFileName value="false" />
		<encoding value="utf-8" />
		<lockingModel type="log4net.Appender.FileAppender+MinimalLock" />
		<filter type="log4net.Filter.LoggerMatchFilter">
			<loggerToMatch value="NHibernate.Loader" />
			<acceptOnMatch value="false" />
		</filter>
		<filter type="log4net.Filter.LoggerMatchFilter">
			<loggerToMatch value="NHibernate.Engine.Cascade" />
			<acceptOnMatch value="false" />
		</filter>
		<filter type="log4net.Filter.LoggerMatchFilter">
			<loggerToMatch value="NHibernate.Hql.Ast.ANTLR" />
			<acceptOnMatch value="false" />
		</filter>
		<layout type="log4net.Layout.PatternLayout">
			<conversionPattern value="%d [%aspnet-request{ASP.NET_SessionId}] [%t] %-5p %c - %m%n" />
		</layout>
	</appender>
</log4net>

Options in the ElementsIssueProxy Section

An issue proxy is the link to an external issue management system such as Jira, GitHub or Redmine. The Issue proxy sections allows to configure the authentication for these external issue management systems. The section looks like:

<add key="1" projectName="<project>" typeName="<type Name>" userName="<usr>" psw="<psw>" isPswEncrypted="true" needImageRedirect="false" imageRedirectUrl="https://x.y.com" />

Parameters

key : unique Identifier

projectName : name of the Aligned Elements project for which this integration applies. If you have more projects utilizing the connection, add additional entries (i.e. with a new key)

typeName: The Document Object Type Name representing the Issue Proxy

userName: The user name in the external system over which the connection is made

isEncrypted: (true/false) Normally true, see password.

needImageRedirect: (true/false) optional. If e.g. the issue description contains images, these images can be fetched from the external system via a redirect to imageRedirectUrl and be displayed in the Aligned Elements UI.

imageRedirectUrl: Optional url to the external system to fetch images.

Options in the ElementServerTemplate Section

The section allows to configure one or more template locations on the server.

<add key="ObjectTemplates" templateRoot="C:\Aligned Elements\ObjectTemplates" serverRoot="C:\Aligned Elements\ObjectTemplates" company="<company>" storageConnectionString="" />

Parameters

key: unique name / identifier for the template location

templateRoot: Start of path when addressing templates using the windows-client. For Web-client only, same as the serverRoot.

serverRoot: Path to a folder on the server where all template sets resides.

company: For multitenant severs, the templates may be assigned to different tenants/companies.

storageConnectionString: [Deprecated] Legacy Azure File Storage connection string.

Options in the ElementMailSetting Section

The mail settings for the server allows to communicate with users for e.g. user registration or notifications. Two different connection types are supported:

Smtp Settings

<smtpSetting host="<host>" port="<port>" sender="<sender email>" user="<usr>" password="<psw>" isPswEncrypted="true" useSSL="true" />

Parameters

host: Smtp host

port: (number) The port number used by the smtp host.

sender: The sender email address

user: The user authenticating towards the smtp host

isPswEncrypted: (true/false) Recommended true

useSSL: (true/false) Recommended true

Microsoft Graph Settings:

<microsoftGraphSetting tenant_id="<tenant_id>" sender="<sender email>" client_id="<client id>" client_secret="<client_secret>" isSecretEncrypted="true" />

Parameters

tenant_id: The Directory (tenant) id from Azure for which the 'Email app' is registered.

sender: The sender email address.

client_id: The application (client) id from Azure.

isSecretEncrypted: (true/false) Recommended true.

Options in the ElementServerHint Section

A server hint allows to configure alternative authentication towards SQL Server (optional).

Server Hint entry:

<add key="1" serverName="<server name>" userName="<user>" password="<encrypted password>" />

Parameters

key: (number) Unique number (typically only one entry exists) in the list.

serverName: The name of the database server, same as serverString above.

userName: The user name with which the application can authenticatate towards the database.

Options in the ElementAutomationScripts Section

Automation scripts can be used to populate a project with data at creation. The scripts are executed using the Aligned Elements Automation tool which needs to be installed on the server.

Automation Script entry:

<add key="1" name="Project Preparation" exePath="C:\Program Files (x86)\Aligned AG\Aligned Elements Automation Tool\Elements.AutomationToolConsole.exe" scriptPathForAutomationTool="C:\ElementsAutomationScripts\ProjPreparation.xml" altUser="" altPassword="" isPswEncrypted="false" arguments="{project}{server}" company="<company>" />

Parameters

key: (number) Unique number.

name: The name displayed in the Create Project view at selection of the script.

exePath: The local path on the server to the installed version of the Automation tool (this may also be any other 3rd party command-line tool).

scriptPathForAutomationTool: The local path on the server to the location of the script to execute. Only applies to when using the Aligned Elements Automation Tool.

altUser: (optional) For systems using an external authentication provider such as Open ID/Entra, this settings can configure to use an Aligned Elements user account which is required to run the Automation tool.

isPswEncrypted: (true/false) Applies to the altPassword. Recommended true

arguments: (optional) When running scripts from a 3rd party command-line tool, the arguments will be passed to the 3rd party executable. The placeholder {project} will be replaced by the current project name. The placeholder {server} will be replaced by the current server name.

Options in the ElementsExternalFonts Section

External fonts allow to use fonts that are not already known to the application. The fonts will be available for the user in any rich editing controls.

External Font entry:

<add key="1" font_formats="Gugi=Gugi, cursive" content_css="https://fonts.googleapis.com/css?family=Gugi" />

Parameters

key: (number) Unique number.

font_formats: The font description.

content_css: (optional url). Leave empty for fonts installed on the server. Alternatively add url to webfonts.

Options in the ElementOpenAISettings Section

Open AI integration enables features to generate data using generative AI or to suggest trace-candidates.

Open AI settings:

<openAISettings>
	<add key="model" value="gpt-4o-mini"/>
	<add key="useAzureOpenAI" value="true"/>
	<add key="useOriginalOpenAI" value="false"/>
	<add key="azureResourceEndpoint" value="https://openaiservicewesteurope.openai.azure.com"/>
	<add key="azureTokenEncrypted" value="<token>"/>
	<add key="originalTokenEncrypted" value="<original token>"/>
	<add key="openAIPopulateAttributesPath" value="AIPrompts\PopulateAttributes\AIPopulateAttributesPrompts.json" />
	<add key="openAISuggestTracesPromptsPath" value="AIPrompts\SuggestTraces\AISuggestTracesPrompts.json" />
	<add key="openAISummarizeForTitlePromptsPath" value="AIPrompts\SummarizeForTitle\AISummarizeForTitlePrompts.json" />
	<add key="timeoutInSeconds" value="10"/>
	<add key="maxTokens" value="5000"/>
	<add key="temperature" value="0.6"/>
	<add key="topP" value="0.0"/>
	<add key="frequencyPenalty" value="0.0"/>
	<add key="presencePenalty" value="0.0"/>
</openAISettings>

Parameters

model: The open AI model to use.

useAzureOpenAI: (true/false) Set if you want to use the Azure hosted version of Open AI.

useOriginalOpenAI: (true/false) Set if you want to use the original Open AI service (either Original or Azure).

azureResourceEndpoint: (url) If using the Azure Open AI, the url to the resource endpoint.

openAIPopulateAttributesPath: Local path on the server to the location of prompt configuration when performing populate actions.

openAISuggestTracesPromptsPath: Local path on the server to the location of prompt configuration when performing suggest traces actions.

openAISummarizeForTitlePromptsPath: Local path on the server to the location of prompt configuration when performing summarize title actions.

timeoutInSeconds: (number) Timeout in seconds when doing calls to open AI.

maxTokens: (number) The max length of the response in the conversation.

temperature: (decimal 0.0 - 2.0) A parameter that controls the randomness and creativity of generated text, ranging from 0 (deterministic) to 2 (highly random), with a default value often around 0.7 or 1.

topP: (decimal 0.0 - 1.0) The cumulative probability cut-off for token selection. Lower values mean sampling from a smaller, more top-weighted nucleus.

frequencyPenalty: (decimal -2.0 - 2.0) with a default value of 0. Positive values (e.g., 0.1 to 1) reduce repetition by penalizing frequent tokens, while negative values (e.g., -0.1 to -1) can increase repetition.

precencePenalty: (decimal -2.0 - 2.0) with a default value of 0. Controls how the model penalizes new tokens based on their presence in the text so far. A positive value encourages diversity by penalizing tokens already used, while a negative value encourages repetition.