Merge branch 'dev'

Author: ismcagdas

blog-posts/en/Persist-DataProtection-Keys-To-Database.md

@@ -0,0 +1,49 @@
+# Persist Data Protection Keys to Database
+
+ ASP.NET Core provides a very sophisticated approach for protecting data. You can check [ASP.NET Core Data Protection Documentation](https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/introduction) for more information.
+
+ Just like you do in any other ASP.NET Core app, if you want to use data protection in ASP.NET Zero, you can easily configure it. However, if you want to store data protection keys in database (see [documentation](https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview)), you will face an error. That's because ASP.NET Core will try to create configured DbContext but at that time DbContext will not be configured by ASP.NET Zero. To overcome this problem, we need to configure data protection a bit different.
+
+ ## Default Configuration
+
+ First of all, you need to add related NuGet package to your project and add `DataProtectionKey` entity to your DbContext as explained [here](https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview). We will just configure data projecttion in a different way.
+
+ ## Dependency Injection
+
+ By default, ASP.NET Core's data protection must be configured in Startup.cs file. However, in our case, we must configure it in ASP.NET Zero's EF Core module. To do that, we must access the `IServiceCollection` in our EF Core module.
+
+Create classes below in the project;
+
+````csharp
+public interface IServiceCollectionProvider 
+{
+    IServiceCollection ServiceCollection { get; }
+}
+
+public sealed class ServiceCollectionProvider: IServiceCollectionProvider
+{
+    public ServiceCollectionProvider(IServiceCollection serviceCollection)
+    {
+        ServiceCollection = serviceCollection;
+    }
+
+    public IServiceCollection ServiceCollection { get; }
+}
+````
+
+Then, we can register IServiceCollectionProvider in our Startup.cs file as shown below;
+
+````csharp
+services.AddSingleton<IServiceCollectionProvider>(new ServiceCollectionProvider(services));
+````
+
+## Configure Data Protection
+
+Finally, configure data protection in the PostInitialize method of the EFCore module as shown below;
+
+````csharp
+var serviceCollectionProvider = IocManager.IocContainer.Resolve<IServiceCollectionProvider>();
+serviceCollectionProvider.ServiceCollection.AddDataProtection().PersistKeysToDbContext<YourDbContext>()
+	.SetApplicationName("YourApplicationName");
+````    
+

doc-obsolete/Development-Guide-Core.md

@@ -1902,7 +1902,7 @@ project. Here, a list of all libraries.
     -   [jQuery Ajax Forms](http://malsup.com/jquery/form/)
     -   [jQuery Timeago](https://github.com/rmm5t/jquery-timeago)
     -   [Json2](https://github.com/douglascrockford/JSON-js)
-    -   [Jcrop](https://github.com/tapmodo/Jcrop)
+    -   [jquery-cropper](https://github.com/fengyuanchen/jquery-cropper)
     -   [LocalForage](https://github.com/localForage/localForage)
     -   [Js Cookie](https://github.com/js-cookie/js-cookie)
     -   [Moment.js](http://momentjs.com/)

docs/en/Development-Guide-Xamarin.md

@@ -196,6 +196,10 @@ You can also, see the following docs from Microsoft:
 * [Set Up Device for Development](https://docs.microsoft.com/en-us/xamarin/android/get-started/installation/set-up-device-for-development)
 * [Create backend services for native mobile apps with ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/mobile/native-mobile-backend?view=aspnetcore-3.1)
 
+**Known Problems**
+
+- Long project name causes IOS app to not run on Windows machines while connecting to an IPhone or IPad. So, if you face such a problem, you can move your project to a directory with a shorter name.
+
 ## Xamarin.Forms
 
 A key component of building cross-platform applications is being able to share code across various platform-specific projects. ASP.NET Zero Xamarin is using `Xamarin.Forms` to maximize code sharing between two end platforms (iOS & Android). It is expected to write shared codes in `Mobile.Shared` project so that it will be used in both iOS and Android. If you need platform specific development then try to use class abstractions in shared project and implement/extend in end platforms.

docs/en/Features-Angular-Audit-Logs.md

@@ -14,17 +14,42 @@ Audit log report is provided by **AuditLogAppService** class.
 
 ### Periodic Log Deletion 
 
-ASP.NET Zero has built-in periodic log deletion system. To enable it, go to `*.Application/Auditing/ExpiredAuditLogDeleterWorker.cs`  and set `IsEnabled` to true;
-
-```csharp
- public class ExpiredAuditLogDeleterWorker : PeriodicBackgroundWorkerBase, ISingletonDependency
-    {
-   		...
-		public const bool IsEnabled = false;//default is false
-		...
+ASP.NET Zero has built-in periodic log deletion system (`*.Application/Auditing/ExpiredAuditLogDeleterWorker.cs`). To enable it, go to `appsettings.json` and set `App:AuditLog:AutoDeleteExpiredLogs:IsEnabled` to true; (default `false`)
+
+```json
+"App": {
+    "AuditLog": {
+      "AutoDeleteExpiredLogs": {
+        "IsEnabled": true
+      }
+    }
+}
 ```
 
-It has two more parameter.
+Then periodic log deletion will be enabled.
+
+#### Periodic Log Deletion Backup
+
+Periodic log deletion system also has backup implementation. It uses `IExpiredAndDeletedAuditLogBackupService` to backup deleted items. It's default implementation uses excel to create backup. To enable it, go to `appsettings.json` and set `App:AuditLog:AutoDeleteExpiredLogs:ExcelBackup:IsEnabled` to true; (default `false`). Then deleted items will be stored in the given file path as an excel file.
+
+```json
+"App": {
+    "AuditLog": {
+      "AutoDeleteExpiredLogs": {
+        "IsEnabled": true,
+        "ExcelBackup": {
+          "IsEnabled": true,
+          "FilePath": "App_Data/AuditLogsBackups/"
+        }
+      }
+    }
+}
+```
+
+________
+
+
+`*.Application/Auditing/ExpiredAuditLogDeleterWorker.cs` has two more parameter.
 
 **CheckPeriodAsMilliseconds:** Time to wait between two controls.
 

docs/en/Features-Angular-Azure-Key-Vault.md

@@ -2,30 +2,24 @@
 
 ASP.NET Core provides many configuration providers out of the box. One of them is Azure Key Vault Configuration Provider. **Azure Key Vault** is a cloud service that provides a secure store for secrets. You can securely store **keys**, passwords, certificates, and other secrets. For more information about Azure Key Vault, please refer to https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration.
 
-ASP.NET Zero provides built-in integration for Azure Key Vault. There are two modes of Azure Key Vault which are ```Certificate``` and ```Managed``` modes. You can easily configure Azure Key Vault for ASP.NET Zero by filling the configurations displayed below in appsettings.json of your application. For other environments like Production or Staging, use the correct setting file (appsettings.Production.json or appsettings.Staging.json). 
+ASP.NET Zero provides built-in integration for Azure Key Vault. You can easily configure Azure Key Vault for ASP.NET Zero by filling the configurations displayed below in appsettings.json of your application. For other environments like Production or Staging, use the correct setting file (appsettings.Production.json or appsettings.Staging.json). 
 
 ````json
  "Configuration": {
     "AzureKeyVault": {
       "IsEnabled": "false",
       "KeyVaultName": "",
-      "AzureADApplicationId": "",
-      "AzureADCertThumbprint": "",
+      "TenantId": "",
       "ClientId": "",
       "ClientSecret": ""
     }
   }
 ````
 
-
-
 * ```IsEnabled```: Enables or disables using Azure Key Vault configuration. 
 * ```KeyVaultName```: Key Vault Name.
-* ```AzureADApplicationId```: Azure AD Application ID.
-* ```AzureADCertThumbprint```: Azure AD Certificate Thumbprint
-* ```ClientId```: Azure Key Vault Client ID
-* ```ClientSecret```: Azure Key Vault Client Secret.
-
-In order to use ```Certificate``` mode, ```KeyVaultName```, ```AzureADApplicationId``` and ```AzureADCertThumbprint``` values must be filled.
+* ```TenantId```: Azure TenantId.
+* ```ClientId```: Key vault clientId.
+* ```ClientSecret```: Key vault client secret.
 
-In order to use ```Managed``` mode, ```ClientId``` and ```ClientSecret``` values must be filled.
+For more information, you can check documentation of [https://www.nuget.org/packages/Azure.Extensions.AspNetCore.Configuration.Secrets](https://www.nuget.org/packages/Azure.Extensions.AspNetCore.Configuration.Secrets)

docs/en/Features-Angular-Host-Settings.md

@@ -19,37 +19,31 @@ Clock.Provider = ClockProviders.Utc;
 
 <img src="images/host-settings-tenant-management.png" alt="Tenant Management Settings" class="img-thumbnail" />
 
-* You can configure settings related to tenant management under "Tenant Management" tab. 
+You can configure settings related to tenant management under "Tenant Management" tab. You can enable/disable tenants from registering the system. You can also make newly registered tenants active or passive.
 
-* You can enable/disable tenants from registering the system. 
+Enable/disable captcha on tenant registration page. 
 
-* You can make newly registered tenants active or passive.
-
-* Enable/disable captcha on tenant registration page. 
-
-* You can select a default edition, so a newly registered tenant will be assigned to this edition automatically unless the tenant subscribes to a specific edition.
+You can also select a default edition, so a newly registered tenant will be assigned to this edition automatically unless the tenant subscribes to a specific edition.
 
 ## User Management
 
-<img src="images/host-settings-user-management-3.png" alt="User Management Settings" class="img-thumbnail" />
-
-* You can force email confirmation for login. 
+<img src="images/host-settings-user-management-4.png" alt="User Management Settings" class="img-thumbnail" />
 
-* You can enable phone number verification. 
+User related settings can be configured under this tab. You can force email confirmation for login. You can enable phone number verification. Also, you can enable cookie consent so ASP.NET Zero shows a cookie consent bar for the users to accept cookie policy of your application.
 
-* You can enable cookie consent so ASP.NET Zero shows a cookie consent bar for the users to accept cookie policy of your application.
+You can enable/disable captcha on users login page.
 
-* You can enable/disable captcha on users login page.
+> Note: **Token Based Authentication** has `ReCaptchaIgnoreWhiteList` located in `WebConsts`. If you want a client app to be ignored for reCaptcha control during login, add a value to `ReCaptchaIgnoreWhiteList` and send the same value in the `User-Agent` request header for your login request from the client app. You can check the Xamarin mobile app in AspNet Zero to see how `ReCaptchaIgnoreWhiteList` works.
 
-* You can also enable/disable session timeout control. If it is enable and the user does not provide any input to the site during the timeout period, a countdown modal will be displayed to user. If the user still does not provide an entry to the site during the modal countdown period, user will be log out.
+You can also enable/disable session timeout control. If it is enable and the user does not provide any input to the site during the timeout period, a countdown modal will be displayed to user. If the user still does not provide an entry to the site during the modal countdown period, user will be log out.
 
-* Each tenant can allow tenant users to use Gravatar profile picture or not.
+Each tenant can allow tenant users to use Gravatar profile picture or not.
 
-* You can enable password expiration. If it is enabled, users will be forced to change their password after a specific period of time.
+##### Password
 
-* You can update password reset code expiration time. If a user requests a password reset code, ASP.NET Zero will send a code to the user's email address. This code will be valid for a specific period of time. You can configure this period of time in this setting.
+You can enable/disable password expiration on the settings page. If you enable it, users will have to change their password after defined days passed.
 
-> Note: **Token Based Authentication** has `ReCaptchaIgnoreWhiteList` located in `WebConsts`. If you want a client app to be ignored for reCaptcha control during login, add a value to `ReCaptchaIgnoreWhiteList` and send the same value in the `User-Agent` request header for your login request from the client app. You can check the Xamarin mobile app in AspNet Zero to see how `ReCaptchaIgnoreWhiteList` works.
+You can also prevent user's new password from being same as any of last x passwords. If you enable it, you will need to define how many previous password you want to prevent. Users will not be able to use some of the previously used password as a new password.
 
 ## Security
 

docs/en/Features-Mvc-Azure-Key-Vault.md

@@ -9,8 +9,7 @@ ASP.NET Zero provides built-in integration for Azure Key Vault. There are two mo
     "AzureKeyVault": {
       "IsEnabled": "false",
       "KeyVaultName": "",
-      "AzureADApplicationId": "",
-      "AzureADCertThumbprint": "",
+      "TenantId": "",
       "ClientId": "",
       "ClientSecret": ""
     }
@@ -21,10 +20,9 @@ ASP.NET Zero provides built-in integration for Azure Key Vault. There are two mo
 
 * ```IsEnabled```: Enables or disables using Azure Key Vault configuration. 
 * ```KeyVaultName```: Key Vault Name.
-* ```AzureADApplicationId```: Azure AD Application ID.
-* ```AzureADCertThumbprint```: Azure AD Certificate Thumbprint
-* ```ClientId```: Azure Key Vault Client ID
-* ```ClientSecret```: Azure Key Vault Client Secret.
+* ```TenantId```: Azure TenantId.
+* ```ClientId```: Key vault clientId.
+* ```ClientSecret```: Key vault client secret.
 
 In order to use ```Certificate``` mode, ```KeyVaultName```, ```AzureADApplicationId``` and ```AzureADCertThumbprint``` values must be filled.
 

docs/en/Features-Mvc-Core-Audit-Logs.md

@@ -13,17 +13,42 @@ Audit log report is provided by **AuditLogAppService** class.
 
 ### Periodic Log Deletion 
 
-ASP.NET Zero has built-in periodic log deletion system. To enable it, go to `*.Application/Auditing/ExpiredAuditLogDeleterWorker.cs`  and set `IsEnabled` to true;
-
-```csharp
- public class ExpiredAuditLogDeleterWorker : PeriodicBackgroundWorkerBase, ISingletonDependency
-    {
-   		...
-		public const bool IsEnabled = false;//default is false
-		...
+ASP.NET Zero has built-in periodic log deletion system (`*.Application/Auditing/ExpiredAuditLogDeleterWorker.cs`). To enable it, go to `appsettings.json` and set `AuditLog.AutoDeleteExpiredLogs.IsEnabled` to true; (default `false`)
+
+```json
+"App": {
+    "AuditLog": {
+      "AutoDeleteExpiredLogs": {
+        "IsEnabled": true
+      }
+    }
+}
 ```
 
-It has two more parameter.
+Then periodic log deletion will be enabled.
+
+#### Periodic Log Deletion Backup
+
+Periodic log deletion system also has backup implementation. It uses `IExpiredAndDeletedAuditLogBackupService` to backup deleted items. It's default implementation uses excel to create backup. To enable it, go to `appsettings.json` and set `AuditLog.AutoDeleteExpiredLogs.ExcelBackup.IsEnabled` to true; (default `false`). Then deleted items will be stored in the given file path as an excel file.
+
+```json
+"App": {
+    "AuditLog": {
+      "AutoDeleteExpiredLogs": {
+        "IsEnabled": true,
+        "ExcelBackup": {
+          "IsEnabled": true,
+          "FilePath": "App_Data/AuditLogsBackups/"
+        }
+      }
+    }
+}
+```
+
+________
+
+
+`*.Application/Auditing/ExpiredAuditLogDeleterWorker.cs` has two more parameter.
 
 **CheckPeriodAsMilliseconds:** Time to wait between two controls.
 

docs/en/Features-Mvc-Core-Host-Settings.md

@@ -19,35 +19,31 @@ Clock.Provider = ClockProviders.Utc;
 
 <img src="images/host-settings-tenant-management.png" alt="Tenant Management Settings" class="img-thumbnail" />
 
-* You can configure settings related to tenant management under "Tenant Management" tab. 
+You can configure settings related to tenant management under "Tenant Management" tab. You can enable/disable tenants from registering the system. You can also make newly registered tenants active or passive.
 
-* You can enable/disable tenants from registering the system. 
+Enable/disable captcha on tenant registration page. 
 
-* You can make newly registered tenants active or passive.
-
-* Enable/disable captcha on tenant registration page. 
-
-* You can select a default edition, so a newly registered tenant will be assigned to this edition automatically unless the tenant subscribes to a specific edition.
+You can also select a default edition, so a newly registered tenant will be assigned to this edition automatically unless the tenant subscribes to a specific edition.
 
 ## User Management
 
-<img src="images/host-settings-user-management-3.png" alt="User Management Settings" class="img-thumbnail" />
+<img src="images/host-settings-user-management-4.png" alt="User Management Settings" class="img-thumbnail" />
 
-* You can force email confirmation for login. You can enable phone number verification. 
+User related settings can be configured under this tab. You can force email confirmation for login. You can enable phone number verification. Also, you can enable cookie consent so ASP.NET Zero shows a cookie consent bar for the users to accept cookie policy of your application.
 
-* You can enable cookie consent so ASP.NET Zero shows a cookie consent bar for the users to accept cookie policy of your application.
+You can enable/disable captcha on login page.
 
-* You can enable/disable captcha on login page.
+> Note: **Token Based Authentication** has `ReCaptchaIgnoreWhiteList` located in `WebConsts`. If you want a client app to be ignored for reCaptcha control during login, add a value to `ReCaptchaIgnoreWhiteList` and send the same value in the `User-Agent` request header for your login request from the client app. You can check the Xamarin mobile app in AspNet Zero to see how `ReCaptchaIgnoreWhiteList` works.
 
-* You can enable/disable session timeout control. If it is enable and the user does not provide any input to the site during the timeout period, a countdown modal will be displayed to user. If the user still does not provide an entry to the site during the modal countdown period, user will be log out.
+You can also enable/disable session timeout control. If it is enable and the user does not provide any input to the site during the timeout period, a countdown modal will be displayed to user. If the user still does not provide an entry to the site during the modal countdown period, user will be log out.
 
-* Each tenant can allow tenant users to use Gravatar profile picture or not.
+Each tenant can allow tenant users to use Gravatar profile picture or not.
 
-* You can enable password expiration. If it is enabled, users will be forced to change their password after a specific period of time.
+##### Password
 
-* You can update password reset code expiration time. If a user requests a password reset code, ASP.NET Zero will send a code to the user's email address. This code will be valid for a specific period of time. You can configure this period of time in this setting.
+You can enable/disable password expiration on the settings page. If you enable it, users will have to change their password after defined days passed.
 
-> Note: **Token Based Authentication** has `ReCaptchaIgnoreWhiteList` located in `WebConsts`. If you want a client app to be ignored for reCaptcha control during login, add a value to `ReCaptchaIgnoreWhiteList` and send the same value in the `User-Agent` request header for your login request from the client app. You can check the Xamarin mobile app in AspNet Zero to see how `ReCaptchaIgnoreWhiteList` works.
+You can also prevent user's new password from being same as any of last x passwords. If you enable it, you will need to define how many previous password you want to prevent. Users will not be able to use some of the previously used password as a new password.
 
 ## Security
 
@@ -79,4 +75,4 @@ Under this tab, there is only one setting which is used to enable/disable quick
 
 ## Next
 
-- [Tenant Settings](Features-Mvc-Core-Tenant-Settings)
+- [Tenant Settings](Features-Mvc-Core-Tenant-Settings)