The comma separated C# function names for the Auto-Update feature (see Field Setup)

You can add your own functions by putting your functions in the server side Global Code section (see Server Events and Client Scripts) and then add your function name here. The function name must follow the standard rules for naming variables in C#.

The comma separated function names for the Validate feature (see Field Setup)

You can add your own C# and JavaScript functions for custom server/client-side validation. The function name is used for both C# and JavaScript, so it must be a valid function name for both languages. You can put your server-side and client-side validation function in the Global Code (see Server Events and Client Scripts) section of server-side and client-side respectively.

Project name. See Project File for more info.

Unique ID of the project. Do not change the project ID unless absolutely necessary. See Project File for more info.

Memory limit of Node.js (MB). If your project is large, you may need to increase the memory limit, e.g. you can set it to 2048, 3072, 4096, etc.

Controller name of the project. If not specified, the name is "Home" by default.

Compress the project stylesheet (i.e. <project>.css) and output minified *.min.css file.

Compress the project JavaScript file (i.e. *.js) and output minified *.min..js file.

Do not generate the the project stylesheet.

Allow passing username and password to the login page as URL parameters.

By default the login page accepts HTTP POST only. If this setting is enabled, it accepts HTTP GET also, then user can login by URL , e.g.

login?username=xxx&password=yyy

For example, this allows login by your own scripts.

For security, you should pass encrypted username and password whenever possible. You can decrypt them with your code by User_CustomValidate server event before validation, see Server Events and Client Scripts.

Allow passing username and password to the login page via session variables.

By default the login page accepts HTTP POST only. If this setting is enabled, it accepts session variables also, then user can auto-login by setting some session variables , e.g.

Session[Config.ProjectName + "_Username"] = "xxx"; // Where Config.ProjectName is the constant of your project name (see above) and "xxx" is user name
Session[Config.ProjectName + "_Password"] = "yyy"; // Where "yyy" is a plain text password

Specify if sensitive keywords allowing XSS attack should be removed.

If enabled, all user input string will be checked against an array of sensitive keywords. If discovered, those keywords will be removed to prevent XSS attack. If this behavior is unwanted, you can disable this feature at your own risk. Re-generate and re-upload the ewcfg.cs after changing this setting.

XSS removal is done by HtmlSanitizer with default configuration, if you just want to customize the configuration, you can use server side Class_Init (see Server Events and Client Scripts) to modify the global property (AllowedTags, AllowedAttributes, AllowedCssProperties, AllowedAtRules, AllowedSchemes, UriAttributes) which are used to create instance of HtmlSanitizer, e.g.
Sanitizer.AllowedAttributes.Add("class"); // The "class" attribute is not in the whitelist by default

Check antiforgery token for forms with method="post". Antiforgery token is used to prevent Cross-Site Request Forgery (CSRF).

Specify the session name of the session.

Specify the session time-out period if the user does not refresh or request a page. To enable, set this setting and the Session keep alive interval (seconds) setting (see below) to a positive value.

Specify the interval to send Ajax request to the server for keeping the session alive.

Specify the countdown period before session ends.

When the session is about to end, a modal dialog will show up to remind user and let the user choose to continue the session. If the user does not respond after the countdown period, the session will expire.

The separator between key values of a composite key. Default is ",".

If your primary key values are of string type and contain commas also, the commas will affect parsing of the composite key value in the script and lead to failure of locating a record, you can change the separator to avoid such problem.

Specify if master record should be exported during exporting master/detail records. (Not applicable to CSV) Default is true.

Specify if master record should be exported during exporting master/detail records to CSV. Default is false.

If master record is exported, the result CSV may not be imported into other application. If you want to export it anyway, enable this setting.

Specify if detail records in View page of master table (in Master/Detail-View) should be exported. Default is true.

Specify if detail records in View page of master table (in Master/Detail-View) should be exported for CSV. Default is false.

Specify if master record in List page of detail table should be displayed in vertical format. Default is true.

Allow no paging section in List page.

If both paging section at top and that at bottom are disabled, users will not be able to go to the second or later pages of the recordset. The scripts will use paging section at bottom by default to make sure paging is possible. If you want to allow no paging section (e.g. you always have all records in one page), enable this setting.

If only one page (i.e. number of records <= page size), hide the paging section automatically.

If only one page (i.e. number of records <= current page size), hide the page size selector section automatically.

Specify if the search panel should be initialized as collapse on page load

For use with Check Conflicts (see Table Setup). Specify the number of bytes for calculating the hash value . Default is 200.

Check Conflicts will increase the time required to load the page, for better performance only the first hundreds of bytes of the BLOB fields are processed by default, but there are chances that change of BLOB data is not detected (if the first nth bytes are not changed). You can increase the number of bytes, if you want to process all bytes, enter 0.

Specify if Auto-Suggest should consider Display field #2 to #4.

By default Auto-Suggest only uses Display field #1 and only finds records with Display field #1 STARTS WITH the input characters. It this setting is enabled, Auto-Suggest finds records with Display field #1 to #4 CONTAINS the input characters

For use with Auto-Fill (see Field Setup). By default the looked-up value (if any) will be used to fill the target field, enable this option to use the original (database) value instead.

Specify the initial number of blank rows in Grid-Add and Master/Detail-Add mode. Default is 5.

To keep the original precision of a decimal number, by default all decimal digits as outputted by the database will be used in Edit page. For example, if a number is 1.23456 in database, the Edit page will also show 1.23456 even you may have specified just 2 decimal digits in View Tag panel (see Field Setup). If you want to show the number as in the View page, you can enable this setting. However, note that after saving the record, the number will be saved as 1.23 only even you have not edited the field value.

If enabled, fields with Date/Time named format (see Field Setup) set to settings with time will be displayed without the seconds part.

Specify connection string of the databases for production server in JSON, e.g.
{ "DB": "new connection string", "DB2": ... }
If the connection string contains {uid} and {pwd}, then the connecton info for each database should be an object, e.g.
{ "DB": { "connectionstring": "xxx;Uid={uid};Pwd={pwd};xxx", "username": "xxx", "password": "xxx" }, "DB2": ... }

For setting Oracle's NLS_COMP parameter. Requires Oracle 10gR2 (or later). Possible values are: BINARY, LINGUISTIC, ANSI.

For example, if you want to do case insensitive search you can select LINGUISTIC.

For setting Oracle's NLS_SORT parameter. Requires Oracle 10gR2 (or later).

For example, if you want to do case insensitive search you can enter "BINARY_CI" (no double quotes).

For use with Dynamic Selection List. Specify the separator for multiple selected values. Default is ",".

If enabled, lookup data will be cached in memory so all subsequent calls to lookup will use the cache data instead of database access.

The maximum number of records for lookup cache. Used in conjunction with Use lookup cache. If the total number of records in a lookup is more than this value, lookup data will not be cached.

Specify if an uploaded file should be copied when copying a record with file upload fields. (For use with file upload to folder.) Default is false.

If the option Delete file on update/delete (see ASP.NET settings) is enabled, the uploaded file will be deleted. If the deleted record is a copied record, deleting the uploaded files will affect the original record. To prevent such possible problem, enable this setting to duplicate the uploaded file when copying a record.

Specify the file upload separator used to separate the file names. By default, comma is used. If you allow file names with comma, you can enter another separator, e.g. "|".

The width of the thumbnail displayed during the upload process.

The height of the thumbnail displayed during the upload process.

Specify the URL path of uploaded files. Default is empty, meaning that the path of the global or field specific upload folder will be used. However, under some rare cases, the URL path cannot be derived from the upload folder, then you can specify it explicitly.

Specify the file upload path (absolute) for temporary files. If this setting is used, the matching File upload URL path (absolute) for temporary files (see below) must also be set.

When working with file upload fields, some temporary files will be created and then deleted in a temporary folder. Default is empty, meaning that the global upload folder will be used. However, under some rare cases, you may want to specify your own. This path must be physical and it must be on accessible by the web server, e.g. /some/real/path/ or D:\some\real\path\, and is accessible by URL (see next).

Specify the file upload URL path (absolute) for temporary files, e.g. /my/virtual/path/ (root-relative URL) or //www.mycompany.com/my/virtual/path/ (protocol-relative URL). If File upload path (absolute) for temporary files (see above) is used, this setting must also be set so that the temporary files can be accessed by URL.

For use with image resize.

If a target resize width is <= 0, this default width will be used. If this setting is also 0, the width will be auto-adjusted to keep the aspect ratio.

For use with image resize.

If a target height width is <= 0, this default height will be used. If this setting is also 0, the height will be auto-adjusted to keep the aspect ratio.

For use with "All words"option of Quick Search, allows searching all keywords in any fields selected for Quick Search.

When searching "All words" with Quick Search (see Table Setup), by default all keywords must be found in the same field. This option provides an alternative searching behavior.

Option for searching fields that store multiple values as comma separated string.

Valid values are: (Default is 3)
1 - no multiple value, the whole comma separated string is considered as one string
2 - all multiple values must meet the search criteria (AND condition)
3 - either one of the multiple values must meet the search criteria (OR condition)

Specify where to save the search filters. Possible values are: Server, Client, None. Default is Client, i.e. save by browser's localStorage.

Replace textarea by textbox in Search page and Extended Search. Default is true.

Minimum password strength if check password strength is enabled.

Password length when generating a random password.

For used with Hashed password (previously MD5 password), see Security Settings. If this setting is enabled, Blowflish will be used to create password hash. If this setting is disabled, MD5 will be used.

If enabled, the administrator, database and SMTP server user name and password stored in the config file will be encrypted by AES Encryption.

Encryption key used by AES Encryption.

Add plain text version when sending HTML email.

For use with Export (Email). (see ASP.NET Settings.) Default is 3.

To avoid abusing the export to email feature, the number of email addresses in the recipient field is limited to the specified value.

For use with Export (Email). (see ASP.NET Settings.) Default is 3.

To avoid abusing the export to email feature, the number of emails can be sent by the user in each session is limited to the specified value.

Use user id value for audit trail if User ID Security is enabled.

Use Bootstrap Toasts to display messages of the application.

By default the messages are displayed above the main table. This options uses Bootstrap Toast to show the message instead. Default is true.

Specify the left column CSS class for all forms. Possible values are: col-sm-2, col-sm-3, or col-sm-4. Default is col-sm-2.

This CSS class controls the width of the left column.

Specify the CSS class for multi-column List page. Possible values are: col-sm, col-md, or col-lg. Default is col-sm.

By default Bootstrap horizontal form is used in Add/Edit/Search/Update/Registration pages, this option makes the scripts use Bootstrap table instead.

Use button dropdown instead of button group to save more spaces for data in mobile mode. Default is true.

Add placeholder attribute to form elements automatically. Possible values are:

• None - no placeholder
• Caption - use field caption (see Field Setup) as placeholder attribute value (default)
• Title - use field title (see Field Setup) as placeholder attribute value

AdminLTE layout class. Possible values are: layout-fixed, layout-top-nav, layout-boxed, layout-navbar-fixed, or layout-footer-fixed. Default is layout-fixed.

Specify the page title style. Possible values are:

• None - no page title (with Breadcrumbs)
• Caption - table caption (without Breadcrumbs)
• Breadcrumbs - table caption (with Breadcrumbs) (default)
• Title - site title (with Breadcrumbs)

Authentication mode: Possible values are: Windows or Cookie. Default is Cookie.

If "Use LDAP" is enabled, the following three LDAP settings are required (see below).

Enable Google Sign-In. Requires both Google client ID and Google client secret. To create client id and secret, read Creating a Google API Console project and client ID.

Also read Configuring Google authentication.

Enable Facebook Login. Requires both Facebook app ID and Facebook app secret. To implement Facebook Login, you need a Facebook App ID before you start, which you can create and retrieve on the App Dashboard. Read Register and Configure an App.

Also read Configuring Facebook authentication.

Specifies if custom tag helpers should be used, see Authoring Tag Helpers for detail.

There is an example in the file ewtaghelpers.cs of the template, if you want to add your own tag helpers, add your code there.

Specifies if dotnet watch should be used. dotnet watch is a tool that runs a .NET Core CLI command when source files change. See Develop ASP.NET Core apps using a file watcher for details.

Specifies HTTP.sys port number.

Use HTTPS redirection. See EU General Data Protection Regulation (GDPR) support in ASP.NET Core and Preventing open redirects for details.

.NET Core only. Possible values: net5.0. Default value is net5.0.

The dotnet publish command supports packaging your app into a platform-specific single-file executable. The executable is self-extracting and contains all dependencies (including native) that are required to run your app. When the app is first run, the application is extracted to a directory based on the app name and build identifier. Startup is faster when the application is run again. The application doesn't need to extract itself a second time unless a new version was used.

Default is false.

Output <handlers> tag in web.config. If your project is a sub-application, you may need to disable this setting. Read Publishing to IIS for details:

If true, stdout and stderr for the process specified in processPath will be redirected to the file specified in stdoutLogFile. The default value is false. Read ASP.NET Core Module configuration reference for details.

Specifies the duration for which the ASP.NET Core Module will wait for a response from the process. The default value is "00:02:00". Read ASP.NET Core Module configuration reference for details.

Specifies whether the common language runtime runs server garbage collection. Default is true. Read Workstation and server garbage collection for more information.

Allow local redirection only to prevent open redirect attack. Default is true. Read Prevent open redirect attacks in ASP.NET Core for more information.

• Ymd
• mdY
• dmY
• YmdHis
• mdYHis
• dmYHis
• ymd
• mdy
• dmy
• ymdHis
• mdyHis
• dmyHis

where:

• Y - A full numeric representation of a year, 4 digits
• y - A two digit representation of a year
• m - Numeric representation of a month, with leading zeros, 01 through 12
• d - Day of the month, 2 digits with leading zeros, 01 to 31
• H - 24-hour format of an hour with leading zeros, 00 through 23
• i - Minutes with leading zeros, 00 to 59
• s - Seconds, with leading zeros, 00 through 59

Show the menu item at the top navbar instead of the vertical menu.