Skip to content

Class MultiTenancyGovernanceAspNetCoreOptions

Namespace: Cephalon.MultiTenancy.Governance.AspNetCore.Configuration
Assembly: Cephalon.MultiTenancy.Governance.AspNetCore.dll

Configures ASP.NET Core-specific multi-tenancy governance endpoints.

public sealed class MultiTenancyGovernanceAspNetCoreOptions

objectMultiTenancyGovernanceAspNetCoreOptions

object.Equals(object?), object.Equals(object?, object?), object.GetHashCode(), object.GetType(), object.ReferenceEquals(object?, object?), object.ToString()

MultiTenancyGovernanceAspNetCoreOptions()

Section titled “ MultiTenancyGovernanceAspNetCoreOptions()”

Initializes a new instance of the class.

public MultiTenancyGovernanceAspNetCoreOptions()

Gets or sets the cache-control header written for served proof files.

public string CacheControlHeader { get; set; }

string

Gets or sets a value indicating whether the HTTP proof publication endpoint should be mapped.

public bool EnableHttpProofPublicationEndpoint { get; set; }

bool

EnableTenantAdministrationCommandEndpoint

Section titled “ EnableTenantAdministrationCommandEndpoint”

Gets or sets a value indicating whether the tenant-administration command endpoint should be mapped.

public bool EnableTenantAdministrationCommandEndpoint { get; set; }

bool

EnableTenantInvitationDeliveryDispatchEndpoint

Section titled “ EnableTenantInvitationDeliveryDispatchEndpoint”

Gets or sets a value indicating whether the tenant-invitation delivery dispatch endpoint should be mapped.

public bool EnableTenantInvitationDeliveryDispatchEndpoint { get; set; }

bool

EnableTenantInvitationDeliveryStatusCallbackEndpoint

Section titled “ EnableTenantInvitationDeliveryStatusCallbackEndpoint”

Gets or sets a value indicating whether the tenant-invitation delivery status callback endpoint should be mapped.

public bool EnableTenantInvitationDeliveryStatusCallbackEndpoint { get; set; }

bool

EnableTenantInvitationDeliveryStatusCallbackReplayProtection

Section titled “ EnableTenantInvitationDeliveryStatusCallbackReplayProtection”

Gets or sets a value indicating whether signed delivery-status callbacks should be protected against replay inside the current process.

public bool EnableTenantInvitationDeliveryStatusCallbackReplayProtection { get; set; }

bool

Replay protection is active only when is configured and the request signature verifies successfully. The built-in guard stores bounded signature fingerprints in memory and does not claim durable inbox storage, cross-node deduplication, or distributed exactly-once delivery.

EnableTenantInvitationDeliveryStatusObservationEndpoint

Section titled “ EnableTenantInvitationDeliveryStatusObservationEndpoint”

Gets or sets a value indicating whether the delivery status observation read endpoint should be mapped.

public bool EnableTenantInvitationDeliveryStatusObservationEndpoint { get; set; }

bool

Gets or sets a value indicating whether the proof endpoint should be excluded from OpenAPI descriptions.

public bool ExcludeFromDescription { get; set; }

bool

ExcludeTenantAdministrationEndpointFromDescription

Section titled “ ExcludeTenantAdministrationEndpointFromDescription”

Gets or sets a value indicating whether the tenant-administration command endpoint should be excluded from OpenAPI descriptions.

public bool ExcludeTenantAdministrationEndpointFromDescription { get; set; }

bool

ExcludeTenantInvitationDeliveryDispatchEndpointFromDescription

Section titled “ ExcludeTenantInvitationDeliveryDispatchEndpointFromDescription”

Gets or sets a value indicating whether the tenant-invitation delivery dispatch endpoint should be excluded from OpenAPI descriptions.

public bool ExcludeTenantInvitationDeliveryDispatchEndpointFromDescription { get; set; }

bool

ExcludeTenantInvitationDeliveryStatusCallbackEndpointFromDescription

Section titled “ ExcludeTenantInvitationDeliveryStatusCallbackEndpointFromDescription”

Gets or sets a value indicating whether the delivery status callback endpoint should be excluded from OpenAPI descriptions.

public bool ExcludeTenantInvitationDeliveryStatusCallbackEndpointFromDescription { get; set; }

bool

ExcludeTenantInvitationDeliveryStatusObservationEndpointFromDescription

Section titled “ ExcludeTenantInvitationDeliveryStatusObservationEndpointFromDescription”

Gets or sets a value indicating whether the delivery status observation read endpoint should be excluded from OpenAPI descriptions.

public bool ExcludeTenantInvitationDeliveryStatusObservationEndpointFromDescription { get; set; }

bool

Gets or sets a value indicating whether the tenant-administration command endpoint should require authorization.

public bool RequireTenantAdministrationAuthorization { get; set; }

bool

The endpoint also performs a fail-closed in-handler authorization check so accidental hosts without ASP.NET Core authorization middleware do not execute tenant-administration commands anonymously.

RequireTenantInvitationDeliveryDispatchAuthorization

Section titled “ RequireTenantInvitationDeliveryDispatchAuthorization”

Gets or sets a value indicating whether the tenant-invitation delivery dispatch endpoint should require authorization.

public bool RequireTenantInvitationDeliveryDispatchAuthorization { get; set; }

bool

The endpoint also performs a fail-closed in-handler authorization check so accidental hosts without ASP.NET Core authorization middleware do not dispatch tenant invitations anonymously.

RequireTenantInvitationDeliveryStatusCallbackAuthorization

Section titled “ RequireTenantInvitationDeliveryStatusCallbackAuthorization”

Gets or sets a value indicating whether the delivery status callback endpoint should require authorization.

public bool RequireTenantInvitationDeliveryStatusCallbackAuthorization { get; set; }

bool

The endpoint also performs a fail-closed in-handler authorization check so accidental hosts without ASP.NET Core authorization middleware do not accept provider or adapter status callbacks anonymously.

RequireTenantInvitationDeliveryStatusCallbackProviderMessageMatch

Section titled “ RequireTenantInvitationDeliveryStatusCallbackProviderMessageMatch”

Gets or sets a value indicating whether callback requests must keep provider message matching enabled.

public bool RequireTenantInvitationDeliveryStatusCallbackProviderMessageMatch { get; set; }

bool

Provider message matching is enforced by default so a generic callback cannot opt out of the host-agnostic reconciliation safety check unless the host deliberately relaxes this setting.

RequireTenantInvitationDeliveryStatusObservationAuthorization

Section titled “ RequireTenantInvitationDeliveryStatusObservationAuthorization”

Gets or sets a value indicating whether the delivery status observation read endpoint should require authorization.

public bool RequireTenantInvitationDeliveryStatusObservationAuthorization { get; set; }

bool

The endpoint also performs a fail-closed in-handler authorization check so accidental hosts without ASP.NET Core authorization middleware do not expose invitation delivery audit data anonymously.

Gets or sets the endpoint route pattern used for published HTTP proof files.

public string RoutePattern { get; set; }

string

The default catch-all route is intentionally constrained under /.well-known/cephalon/ so it does not compete with application-owned routes.

Gets or sets the optional ASP.NET Core authorization policy required by the tenant-administration command endpoint.

public string? TenantAdministrationAuthorizationPolicy { get; set; }

string?

Gets or sets the endpoint route pattern used for tenant-administration workflow commands.

public string TenantAdministrationCommandRoutePattern { get; set; }

string

The default route stays under /engine because the endpoint is an operator/admin surface, not an application-owned public onboarding API.

TenantInvitationDeliveryDispatchAuthorizationPolicy

Section titled “ TenantInvitationDeliveryDispatchAuthorizationPolicy”

Gets or sets the optional ASP.NET Core authorization policy required by the tenant-invitation delivery dispatch endpoint.

public string? TenantInvitationDeliveryDispatchAuthorizationPolicy { get; set; }

string?

TenantInvitationDeliveryDispatchRoutePattern

Section titled “ TenantInvitationDeliveryDispatchRoutePattern”

Gets or sets the endpoint route pattern used for tenant-invitation delivery dispatch requests.

public string TenantInvitationDeliveryDispatchRoutePattern { get; set; }

string

The default route stays under /engine because the endpoint is an operator/action surface over the host-agnostic dispatcher, not a product-owned public onboarding API.

TenantInvitationDeliveryStatusCallbackAuthorizationPolicy

Section titled “ TenantInvitationDeliveryStatusCallbackAuthorizationPolicy”

Gets or sets the optional ASP.NET Core authorization policy required by the delivery status callback endpoint.

public string? TenantInvitationDeliveryStatusCallbackAuthorizationPolicy { get; set; }

string?

TenantInvitationDeliveryStatusCallbackReplayCacheLimit

Section titled “ TenantInvitationDeliveryStatusCallbackReplayCacheLimit”

Gets or sets the maximum number of signed callback replay fingerprints retained in the current process.

public int TenantInvitationDeliveryStatusCallbackReplayCacheLimit { get; set; }

int

When the bounded cache is full, the oldest fingerprint is evicted before recording a new accepted signed callback.

TenantInvitationDeliveryStatusCallbackReplayRetentionSeconds

Section titled “ TenantInvitationDeliveryStatusCallbackReplayRetentionSeconds”

Gets or sets the process-local retention window, in seconds, for signed callback replay fingerprints.

public int TenantInvitationDeliveryStatusCallbackReplayRetentionSeconds { get; set; }

int

The endpoint clamps the effective retention to at least one second. The default matches the signature timestamp tolerance.

TenantInvitationDeliveryStatusCallbackRoutePattern

Section titled “ TenantInvitationDeliveryStatusCallbackRoutePattern”

Gets or sets the endpoint route pattern used for normalized tenant-invitation delivery status callbacks.

public string TenantInvitationDeliveryStatusCallbackRoutePattern { get; set; }

string

The default route stays under /engine because the endpoint is an operator/provider-adapter ingress surface, not an application-owned public onboarding API.

TenantInvitationDeliveryStatusCallbackSignatureHeaderName

Section titled “ TenantInvitationDeliveryStatusCallbackSignatureHeaderName”

Gets or sets the request header that carries the callback signature.

public string TenantInvitationDeliveryStatusCallbackSignatureHeaderName { get; set; }

string

TenantInvitationDeliveryStatusCallbackSignatureKeyIdHeaderName

Section titled “ TenantInvitationDeliveryStatusCallbackSignatureKeyIdHeaderName”

Gets or sets the request header that carries the optional callback signing key identifier.

public string TenantInvitationDeliveryStatusCallbackSignatureKeyIdHeaderName { get; set; }

string

TenantInvitationDeliveryStatusCallbackSignatureTimestampHeaderName

Section titled “ TenantInvitationDeliveryStatusCallbackSignatureTimestampHeaderName”

Gets or sets the request header that carries the Unix timestamp included in the callback signature.

public string TenantInvitationDeliveryStatusCallbackSignatureTimestampHeaderName { get; set; }

string

TenantInvitationDeliveryStatusCallbackSignatureToleranceSeconds

Section titled “ TenantInvitationDeliveryStatusCallbackSignatureToleranceSeconds”

Gets or sets the allowed clock skew, in seconds, for signed delivery-status callback timestamps.

public int TenantInvitationDeliveryStatusCallbackSignatureToleranceSeconds { get; set; }

int

The endpoint clamps the effective tolerance to at least one second. The default is five minutes.

TenantInvitationDeliveryStatusCallbackSigningKeyId

Section titled “ TenantInvitationDeliveryStatusCallbackSigningKeyId”

Gets or sets the optional signing key identifier expected on signed delivery-status callback requests.

public string? TenantInvitationDeliveryStatusCallbackSigningKeyId { get; set; }

string?

TenantInvitationDeliveryStatusCallbackSigningSecret

Section titled “ TenantInvitationDeliveryStatusCallbackSigningSecret”

Gets or sets the shared secret used to verify normalized delivery-status callback request bodies with HMAC-SHA256.

public string? TenantInvitationDeliveryStatusCallbackSigningSecret { get; set; }

string?

When a value is configured, every callback request must include a valid Cephalon callback signature before the request is reconciled. Leave this empty when the host uses ASP.NET Core authorization or a provider-specific companion to authenticate callback ingress instead.

TenantInvitationDeliveryStatusObservationAuthorizationPolicy

Section titled “ TenantInvitationDeliveryStatusObservationAuthorizationPolicy”

Gets or sets the optional ASP.NET Core authorization policy required by the delivery status observation read endpoint.

public string? TenantInvitationDeliveryStatusObservationAuthorizationPolicy { get; set; }

string?

TenantInvitationDeliveryStatusObservationDefaultLimit

Section titled “ TenantInvitationDeliveryStatusObservationDefaultLimit”

Gets or sets the default number of observations returned when a read request does not specify a limit.

public int TenantInvitationDeliveryStatusObservationDefaultLimit { get; set; }

int

TenantInvitationDeliveryStatusObservationMaxLimit

Section titled “ TenantInvitationDeliveryStatusObservationMaxLimit”

Gets or sets the maximum number of observations returned by one read request.

public int TenantInvitationDeliveryStatusObservationMaxLimit { get; set; }

int

TenantInvitationDeliveryStatusObservationRoutePattern

Section titled “ TenantInvitationDeliveryStatusObservationRoutePattern”

Gets or sets the endpoint route pattern used for reading normalized tenant-invitation delivery status observations.

public string TenantInvitationDeliveryStatusObservationRoutePattern { get; set; }

string

The default route stays under /engine because the endpoint is an operator/audit surface over Cephalon’s normalized observation store, not a provider-specific callback inbox.

FromConfiguration(IConfiguration?, string)

Section titled “ FromConfiguration(IConfiguration?, string)”

Reads ASP.NET Core governance adapter options from configuration.

public static MultiTenancyGovernanceAspNetCoreOptions FromConfiguration(IConfiguration? configuration, string sectionPath = "Engine")

configuration IConfiguration?

The root configuration that contains the engine section.

sectionPath string

The engine root section path to read from.

MultiTenancyGovernanceAspNetCoreOptions

The parsed ASP.NET Core governance adapter options.