Update project version to 1.3.0

Updated `Version`, `FileVersion`, and `AssemblyVersion` in the `EnvelopeGenerator.API.csproj` file from `1.2.3` to `1.3.0`, indicating a minor version update with backward-compatible improvements or new features.

COPILOT_CONTEXT_EN.md

@@ -0,0 +1,182 @@
+# EnvelopeGenerator — Copilot Context Notes (English)
+
+## Purpose
+A digital document signing system. Senders upload PDFs and place signature annotation fields via PSPDFKit (EnvelopeGenerator.Web). Receivers open the document in a Blazor WASM viewer, confirm each signature field via a checkbox overlay, draw/type/upload their signature, and export the stamped PDF.
+
+---
+
+## Solution Structure
+
+| Project | Target | Description |
+|---|---|---|
+| `EnvelopeGenerator.API` | net8.0 | ASP.NET Core Web API. Receiver auth (cookie), annotation reading, PDF serving. |
+| `EnvelopeGenerator.ReceiverUI` | net8.0 WASM | Blazor WebAssembly. Receiver UI. YARP proxies API calls. |
+| `EnvelopeGenerator.Web` | net7/8/9 | Razor Pages. Sender UI + PSPDFKit annotation placement. |
+| `EnvelopeGenerator.Application` | multi | MediatR CQRS handlers. |
+| `EnvelopeGenerator.Domain` | multi | Domain models, constants, interfaces. |
+| `EnvelopeGenerator.Infrastructure` | multi | EF Core repos, DB context. |
+| `EnvelopeGenerator.PdfEditor` | multi | iText7 utilities. NOT used in ReceiverUI flow. |
+| `EnvelopeGenerator.DependencyInjection` | multi | DI registration helpers. |
+| VB.NET projects (Service/Form/BBTests) | net462 | Legacy. Do NOT touch. |
+
+---
+
+## Key Files
+
+| File | Purpose |
+|---|---|
+| `ReceiverUI/Pages/ReportViewer.razor` | Main receiver page. All signing logic. |
+| `ReceiverUI/wwwroot/js/receiver-signature.js` | JS: checkbox overlay, signature pad (draw/type/image). |
+| `ReceiverUI/wwwroot/fake-data/annotations.json` | Dev-mode fake annotations (YARP proxy target). |
+| `ReceiverUI/Models/AnnotationDto.cs` | Annotation position model. All properties non-nullable. |
+| `ReceiverUI/Services/AnnotationService.cs` | Fetches `List<AnnotationDto>` from API or fake-data. |
+| `ReceiverUI/Services/DocumentService.cs` | Fetches PDF bytes from API. |
+| `ReceiverUI/Services/AuthService.cs` | Manages receiver session cookie. |
+| `API/Controllers/AnnotationController.cs` | GET `api/Annotation/{key}` ? annotation list. |
+| `API/Controllers/DocumentController.cs` | GET `api/Document/{key}` ? PDF bytes. |
+
+---
+
+## AnnotationDto — Coordinate System
+
+```
+Unit   : 1/100 inch (DX units) — DevExpress XtraReports native
+Origin : Top-left corner of page
+X      : increases rightward
+Y      : increases downward
+
+A4 in DX units: Width = 827, Height = 1169
+
+Conversions:
+  PSPDFKit (pt, top-left):      xDX = xPsPdf * (100/72)
+  GDPicture (pt, bottom-left):  yDX = (pageHeightPt - yGD - elemHeightPt) * (100/72)
+  DX ? PDF points:              pt  = dx * (72/100)
+```
+
+---
+
+## ReceiverUI Signing Flow (ReportViewer.razor)
+
+### On Load (`OnInitializedAsync`)
+1. `AuthService.CheckEnvelopeAccessAsync` ? redirect to login if unauthorized
+2. `AnnotationService.GetAnnotationsAsync` ? fills `_annotations`
+3. `DocumentService.GetDocumentAsync` ? fills `_basePdfBytes` (real mode)
+4. `BuildFreshBaseReport()` ? `XtraReport` for `DxReportViewer`
+
+### Signature Popup
+- Tabs: Draw / Text / Image
+- Fields: full name (required), position (optional), place (required)
+- Saved to `_capturedSignature` record
+- If annotations exist ? popup closes ? JS checkbox overlays installed
+
+### JS Checkbox Overlay (`receiver-signature.js`)
+- `receiverSignature.installAnnotationCheckboxes(annotations, checkedIds, dotNetRef)`
+- One `.annot-sig-cb-wrapper` div per annotation, absolutely positioned over viewer scroll container
+- Position: `left = pageRect.left + ann.x * scaleX`, `top = pageRect.top + ann.y * scaleY`
+  - `scaleX = pagePixelWidth / 827`, `scaleY = pagePixelHeight / 1169`
+- Click ? `dotNetRef.invokeMethodAsync('OnAnnotationToggled', id, checked)`
+
+### Apply Signatures ("Unterschriften anwenden" — `SubmitSignaturesAsync`)
+
+**Real PDF mode (`_basePdfBytes` is set):**
+- Calls `StampSignaturesOnPdf` using **iText7** directly on PDF bytes
+- Coordinate conversion: `xPt = ann.X * (72/100)`, `yPt = pageHeight - ann.Y * (72/100) - sigHeight` (Y flip: DX top-down ? PDF bottom-up)
+- Returns stamped bytes ? loaded into new `XtraReport` with `XRPdfContent`
+- Viewer refreshed with `ViewerKey++`
+
+**Dev/fake mode (`_basePdfBytes` is null):**
+- Falls back to `AddSignatureAtAnnotation` (XtraReports DetailBand + BeforePrint counter)
+- This is intentionally left as a dev fallback only
+
+### Export
+- `reportViewer.ExportToAsync(ExportFormat.Pdf)`
+
+---
+
+## StampSignaturesOnPdf — iText7 Implementation
+
+```csharp
+// Located in ReportViewer.razor @code section
+// Called by SubmitSignaturesAsync when _basePdfBytes is available
+
+static byte[] StampSignaturesOnPdf(
+    byte[] sourcePdfBytes, byte[] signatureImageBytes,
+    string signerFullName, string signerPosition, string signaturePlace,
+    IReadOnlyList<AnnotationDto> annotations)
+{
+    // Opens PDF with PdfReader/PdfWriter
+    // For each annotation:
+    //   pageNum = ann.Page (clamped to totalPages)
+    //   xPt = ann.X * (72f/100f)
+    //   imgBottomY = pageHeight - ann.Y * (72f/100f) - sigHeightPt  ? Y-axis flip
+    //   PdfCanvas.AddImageFittedIntoRectangle(imageData, rect, false)
+    //   Separator line at bottom of image
+    //   Canvas text block below separator (font: Helvetica 7pt, color: RGB(73,80,87))
+    // Returns stamped byte[]
+}
+```
+
+---
+
+## BuildFreshBaseReport()
+
+```csharp
+// Real PDF mode:
+var report = new XtraReport();
+var detail = new DetailBand();
+report.Bands.Add(detail);
+detail.Controls.Add(new XRPdfContent { Source = _basePdfBytes, GenerateOwnPages = true });
+return report;
+
+// Dev/fake mode: returns pre-built report from ReportStorage
+```
+
+---
+
+## NuGet Packages in ReceiverUI
+
+| Package | Version | Purpose |
+|---|---|---|
+| `DevExpress.Blazor.Reporting.Viewer` | 25.2.3 | DxReportViewer component |
+| `DevExpress.Blazor.PdfViewer` | 25.2.3 | PDF viewer |
+| `DevExpress.Drawing.Skia` | 25.2.3 | Drawing backend |
+| `itext` | 8.0.5 | PDF stamping (iText7) |
+| `SkiaSharp.*` | 3.119.1 | WASM native rendering |
+
+---
+
+## Mistakes History — Do NOT Repeat
+
+| Mistake | Why Wrong |
+|---|---|
+| `BottomMarginBand` for per-page signatures | Repeats on every page; Y offset wrong |
+| `imageY = (page-1) * 1169 + ann.Y` | Inflates DetailBand; 35 pages ? 140 pages |
+| `e.Graph?.PrintingSystem` in BeforePrint | `Graph` not on `CancelEventArgs` |
+| `ctrl.Report?.PrintingSystem` | `PrintingSystem` not on `XtraReportBase` in WASM |
+| Adding stamp endpoint to `DocumentController` | Not needed; stamping is done client-side in ReceiverUI |
+| iText7 via API (server-side) | Unnecessary; iText7 runs fine in WASM directly |
+
+---
+
+## DevExpress Article (2023-08-28) — Why It Does NOT Apply
+
+The article describes **X.509 cryptographic digital signatures** via `PdfDocumentSigner` + `Pkcs7Signer`.  
+Our use case is **visual/image stamping** at specific page coordinates — different problem, different API.  
+`XRPdfSignature` in the article requires pre-placed fields in the report designer, not runtime coordinates.
+
+---
+
+## Change Log
+
+| Session | Date | Change |
+|---|---|---|
+| 1–3 | — | Core infrastructure: services, YARP proxy, JS overlay, signature pad |
+| 4 | — | `AddSignatureAtAnnotation` with BottomMarginBand — ? repeated on all pages |
+| 5 | — | `BeforePrint` + `e.Graph?.PrintingSystem` — ? compile error |
+| 6 | — | BeforePrint counter — ? correct pattern, wrong band |
+| 7 | — | Switched to DetailBand — ? correct band |
+| 8 | — | `(page-1)*1169+Y` offset — ? 35?140 page inflation |
+| 9 | — | Fixed: `BoundsF.Y = ann.Y` + counter; created COPILOT_CONTEXT.md |
+| 10 | — | Investigated DevExpress article — not applicable to our case |
+| 10 | — | Added iText7 to ReceiverUI; implemented `StampSignaturesOnPdf` — ? deterministic coordinates, no page count side effects |
+| 10 | — | Split COPILOT_CONTEXT.md into COPILOT_CONTEXT_EN.md and COPILOT_CONTEXT_TR.md |

COPILOT_CONTEXT_TR.md

@@ -0,0 +1,199 @@
+# EnvelopeGenerator — Copilot Ba?lam Notlar? (Türkçe)
+
+## Projenin Amac?
+Dijital belge imzalama sistemi. Göndericiler PDF yükleyip PSPDFKit üzerinden imza alan? (annotation) yerle?tirir. Al?c?lar Blazor WASM viewer'da belgeyi görür, annotation konumlar?nda checkbox overlay ile imza alanlar?n? onaylar, imzalar?n? olu?turur ve imzal? PDF'i export eder.
+
+---
+
+## Çözüm Yap?s?
+
+| Proje | Hedef | Aç?klama |
+|---|---|---|
+| `EnvelopeGenerator.API` | net8.0 | Web API. Receiver auth (cookie), annotation okuma, PDF sunma. |
+| `EnvelopeGenerator.ReceiverUI` | net8.0 WASM | Blazor WebAssembly. Al?c? arayüzü. YARP proxy ile API'ye ba?lan?r. |
+| `EnvelopeGenerator.Web` | net7/8/9 | Razor Pages. Gönderen UI + PSPDFKit ile annotation yerle?tirme. |
+| `EnvelopeGenerator.Application` | multi | MediatR CQRS handler'lar?. |
+| `EnvelopeGenerator.Domain` | multi | Domain modelleri, sabitler, arayüzler. |
+| `EnvelopeGenerator.Infrastructure` | multi | EF Core repo'lar?, DB context. |
+| `EnvelopeGenerator.PdfEditor` | multi | iText7 PDF yard?mc?lar?. ReceiverUI ak???nda KULLANILMIYOR. |
+| `EnvelopeGenerator.DependencyInjection` | multi | DI kay?t yard?mc?lar?. |
+| VB.NET projeleri (Service/Form/BBTests) | net462 | Eski legacy. DOKUNMA. |
+
+---
+
+## Önemli Dosyalar
+
+| Dosya | Amaç |
+|---|---|
+| `ReceiverUI/Pages/ReportViewer.razor` | Ana al?c? sayfas?. Tüm imzalama mant??? burada. |
+| `ReceiverUI/wwwroot/js/receiver-signature.js` | JS: checkbox overlay, imza pad (çizim/yaz?/resim). |
+| `ReceiverUI/wwwroot/fake-data/annotations.json` | Dev modda sahte annotation konumlar?. YARP proxy bu dosyaya yönlendirir. |
+| `ReceiverUI/Models/AnnotationDto.cs` | Annotation pozisyon modeli. Tüm property'ler non-nullable. |
+| `ReceiverUI/Services/AnnotationService.cs` | `List<AnnotationDto>` döner; gerçek modda API'den, dev modda fake-data'dan. |
+| `ReceiverUI/Services/DocumentService.cs` | PDF byte'lar?n? API'den al?r. |
+| `ReceiverUI/Services/AuthService.cs` | Al?c? session cookie'sini yönetir. |
+| `ReceiverUI/wwwroot/appsettings.json` | `ForceToUseFakeDocument: true` ? gerçek PDF yüklenmez, ?ablon rapor kullan?l?r. |
+| `API/Controllers/AnnotationController.cs` | GET `api/Annotation/{key}` ? annotation listesi. |
+| `API/Controllers/DocumentController.cs` | GET `api/Document/{key}` ? PDF byte'lar?. |
+
+---
+
+## AnnotationDto Koordinat Sistemi
+
+```
+Birim    : 1/100 inch (DX units) — DevExpress XtraReports'un yerel koordinat sistemi
+Köken    : Sol-üst kö?e
+X artar  : sa?a do?ru
+Y artar  : a?a??ya do?ru
+
+A4 boyutlar? DX units cinsinden: Geni?lik = 827, Yükseklik = 1169
+
+Dönü?ümler:
+  PSPDFKit (pt, sol-üst):      xDX = xPsPdf * (100/72)
+  GDPicture (pt, sol-alt):     yDX = (pageHeightPt - yGD - elemHeightPt) * (100/72)
+  DX ? PDF points:             pt  = dx * (72/100)
+  PDF Y ekseni çevirme:        imgBottomY = sayfaYüksekli?iPt - ann.Y*(72/100) - elemanYüksekli?iPt
+```
+
+---
+
+## ReceiverUI ?mzalama Ak??? (ReportViewer.razor)
+
+### Sayfa Yüklenince (`OnInitializedAsync`)
+1. `AuthService.CheckEnvelopeAccessAsync` ? yetkisizse login sayfas?na yönlendir
+2. `AnnotationService.GetAnnotationsAsync` ? `_annotations` listesi dolar
+3. `DocumentService.GetDocumentAsync` ? `_basePdfBytes` dolar (gerçek mod)
+4. `BuildFreshBaseReport()` ? `XtraReport` olu?turulur, `DxReportViewer`'a verilir
+
+### `BuildFreshBaseReport()` Mant???
+```
+_basePdfBytes dolu ? XtraReport + DetailBand + XRPdfContent { GenerateOwnPages = true }
+_basePdfBytes bo? (ForceToUseFakeDocument=true) ? ReportStorage'dan LargeDatasetReport ?ablonu (XtraReport, designer'dan geldi?i gibi)
+```
+
+> NOT: `_basePdfBytes` dal? korunur (gerçek PDF modu). Dev ve test sunucusunda `PredefinedReport` (LargeDatasetReport) `XtraReport` olarak do?rudan kullan?l?r — PDF'e export ED?LMEZ.
+
+### ?mza Popup'? ("Unterschrift erstellen")
+- Sekmeler: Çizim / Yaz? / Resim
+- Alanlar: Ad soyad (zorunlu), pozisyon (opsiyonel), yer (zorunlu)
+- `_capturedSignature` record'una kaydedilir
+- Annotation varsa popup kapan?r ? JS checkbox overlay kurulur
+
+### JS Checkbox Overlay (`receiver-signature.js`)
+- `receiverSignature.installAnnotationCheckboxes(annotations, checkedIds, dotNetRef)` C#'tan ça?r?l?r
+- Her annotation için `.annot-sig-cb-wrapper` div'i, viewer scroll container'?na absolute olarak yerle?tirilir
+- **Koordinat hesab?:** `left = pageRect.left + ann.x * scaleX`, `top = pageRect.top + ann.y * scaleY`
+  - `scaleX = sayfaPixelGeni?li?i / 827`, `scaleY = sayfaPixelYüksekli?i / 1169`
+  - Bu koordinatlar sayfa-relatif ve do?ru çal???yor
+- T?klan?nca `dotNetRef.invokeMethodAsync('OnAnnotationToggled', id, checked)` ça?r?l?r
+
+### ?mza Uygulama ("Unterschriften anwenden" — `SubmitSignaturesAsync`)
+
+**Tek ortak yol (her iki mod):**
+- `SubmitSignaturesAsync` ? `BuildFreshBaseReport()` + `WireAnnotationSignatures(report, _capturedSignature)`
+- `WireAnnotationSignatures` ? `report.AfterPrint` olay?na abone olur
+- Belge olu?unca `report.PrintingSystem.Pages` dolu olur; her annotation için `Pages[ann.Page-1]` sayfas?na:
+  - `ImageBrick { Image = imza görseli, Rect = (ann.X, ann.Y, 230, 70), SizeMode = ZoomImage }`
+  - `TextBrick  { Text = bilgi metni, Rect = (ann.X, ann.Y+75, 230, 65) }`
+  - `Page.AddBrick(brick)` ile bas?l?r
+- Brick `Rect`'leri annotation `X`/`Y` (1/100 inch) ? checkbox overlay ile birebir ayn? koordinat, do?ru sayfa+konum
+- `ViewerKey++` ile viewer yenilenir
+
+**Gerçek PDF modu (`_basePdfBytes` dolu):** Yukar?daki ile ayn?; rapor `XRPdfContent`'ten olu?ur, brick'ler yine `AfterPrint` ile `PrintingSystem.Pages` üzerine bas?l?r.
+
+---
+
+## ReceiverUI'daki NuGet Paketleri
+
+| Paket | Versiyon | Amaç |
+|---|---|---|
+| `DevExpress.Blazor.Reporting.Viewer` | 25.2.3 | DxReportViewer bile?eni |
+| `DevExpress.Blazor.PdfViewer` | 25.2.3 | PDF görüntüleyici |
+| `DevExpress.Drawing.Skia` | 25.2.3 | Çizim backend'i |
+| `SkiaSharp.*` | 3.119.1 | WASM native render |
+
+> Not: iText7, ReceiverUI imzalama ak???nda KULLANILMIYOR. ?mza yerle?tirme tamamen DevExpress XtraReports brick mekanizmas?yla (`PrintingSystem.Pages[i].AddBrick`) yap?l?r.
+
+---
+
+## GÖREV 1: ?mza Konum Hatas? (BUG) — ÇÖZÜLDÜ
+
+### Kullan?c?n?n ?ste?i
+Annotation'lardan okunan sayfa ve X/Y koordinatlar?na göre, t?pk? checkbox overlay'ler gibi, imzalar do?ru sayfa ve konumda görünsün. `_basePdfBytes` dal? korunsun; dev/test'te designer ile olu?turulan `PredefinedReport` `XtraReport` olarak do?rudan kullan?lmaya devam etsin (PDF'e export yok).
+
+### ÇÖZÜM (Oturum 12) ?
+`WireAnnotationSignatures` metodu, `report.AfterPrint` olay?nda `report.PrintingSystem.Pages[ann.Page-1].AddBrick(...)` ça??rarak imza görselini (`ImageBrick`) ve bilgi metnini (`TextBrick`) do?rudan hedef sayfaya, annotation `X`/`Y` (1/100 inch) konumunda basar.
+
+**Neden çal???r:**
+- `AfterPrint`, belge tamamen olu?tuktan sonra tetiklenir; `PrintingSystem.Pages` art?k gerçek/nihai sayfalar? içerir.
+- Sayfa indeksleme (`Pages[ann.Page-1]`) band veya veri-sat?r? tekrar?ndan **ba??ms?zd?r** ? `LargeDatasetReport`'un veri-ba?l? `detailBand1` sorununu tamamen atlar.
+- Brick `Rect` koordinatlar? raporun yerel 1/100 inch sistemindedir ? checkbox overlay ile birebir ayn?, do?ru konum.
+- Yeni sayfa eklenmedi?i için sayfa say?s? katlanmaz (35 sayfa ? 35 sayfa).
+
+**Derleme s?ras?nda ö?renilen API gerçekleri:**
+- `PrintOnPage` olay? `e.Page` VERMEZ (yaln?zca `PageIndex`/`PageCount`) ? brick eklenemez. Do?ru olay `AfterPrint` + `PrintingSystem.Pages`.
+- `Page` tipinde `InsertBrick` YOK; do?ru metot `Page.AddBrick(brick)` (brick'in `Rect`'i konumu belirler).
+- `ImageBrick.BorderStyle` tipi `BrickBorderStyle`'dir (`BorderDashStyle` de?il). Border için `Sides` + `BorderColor` kullan?ld?.
+
+### Denenen Eski Çözümler (ba?ar?s?z — referans)
+
+| Deneme | Yakla??m | Sonuç | Ba?ar?s?zl?k Sebebi |
+|---|---|---|---|
+| 1 | `BottomMarginBand` + `XRPictureBox`/`XRLabel` | Her sayfan?n alt?na ç?kt? | Band her sayfada tekrarlan?r, sayfa filtresi yok |
+| 2 | `BeforePrint` + `e.Graph?.PrintingSystem` | Derleme hatas? | `CancelEventArgs`'ta `Graph` yok |
+| 3–6 | `DetailBand` + `BeforePrint` counter | Yanl?? sayfa/konum | ?ablonun `detailBand1`'i veri sat?r? ba??na tetiklenir, sayfa ba??na de?il |
+| 7 | iText7 export/reload döngüsü | 35 ? 70 sayfa | Margin uyu?mazl???, `GenerateOwnPages` sayfalar? böldü |
+| 8 | Fake modda `BottomMarginBand` fallback | Her sayfan?n alt?nda | Koordinat yanl?? |
+
+---
+
+## YAPILMAMASI GEREKENLER
+
+| Hata | Neden Yanl?? |
+|---|---|
+| `BottomMarginBand`/`DetailBand` ile sayfa-spesifik imza | Band veri-sat?r?/sayfa ba??na tekrarlan?r, koordinat kayar |
+| `BeforePrint` counter ile sayfa filtresi | Veri-ba?l? raporda sat?r ba??na tetiklenir, güvenilmez |
+| `PrintOnPage` ile brick ekleme | `e.Page` yok; brick eklenemez |
+| `Page.InsertBrick(...)` | Yok; do?ru metot `Page.AddBrick(...)` |
+| iText7 export+reload döngüsü | Margin uyu?mazl???ndan sayfa say?s? katlan?r |
+| ?ablonu PDF'e export edip `XRPdfContent`'e yükleme | ?stenmiyor; designer raporu do?rudan kullan?lmal? |
+| Stamplama için API endpoint ekleme | Gereksiz; brick'ler client'ta bas?l?r |
+
+---
+
+## BEKLEYEN D??ER GÖREVLER (Sonraki Chat'te Yap?lacak)
+
+### 2. ?mza Arka Plan? Özelli?i
+?mza görselinin ve bilgilerinin kaplad??? alan kadar, yar? saydam hafif gri opak dikdörtgen arka plan ekle. Böylece imza ve bilgiler arka plandaki metinlerden etkilenmez ve okunur kal?r. (Art?k brick tabanl?: `ImageBrick`/`TextBrick`'in arkas?na bir arka plan `Brick` dikdörtgeni eklenebilir.)
+
+### 3. Checkbox Renk ve Stil ?yile?tirmesi
+Mevcut checkbox'lar?n rengi ve kenarl?klar? çok dikkat çekici. Koyu füme tonlar?nda, desenli, sade ve profesyonel görünümlü bir stil olsun. (`receiver-signature.js` ve ilgili CSS.)
+
+### 4. Sayfa Aç?l???nda Otomatik ?mza Popup'?
+Sayfa aç?l?r aç?lmaz imza popup'? ç?ks?n. "Kay?tl? hiç bir imzan?z yok, tan?mlay?n?z" mesaj? gösterilsin. Kullan?c? imzas?n? tan?mlamadan ilerleyemesin. Mevcut "Unterschrift erstellen" butonu "?mzay? de?i?tir" olarak güncellensin.
+
+### 5. Otomatik ?mza Uygulama
+Kullan?c? tüm checkbox'lar? onaylad??? anda imzalar otomatik olarak uygulanmaya ba?las?n (butona t?klamaya gerek kalmas?n). Sayfan?n üstünde imza say?s? ve imzalanmas? gereken sayfalar hakk?nda bilgi gösterilsin.
+
+### 6. Checkbox - DevExpress Toolbar Pozisyon Uyumsuzlu?u (BUG)
+- Checkbox'lar browser'?n boyut/konumuna neredeyse anl?k tepki veriyor
+- DevExpress toolbar de?i?ikliklerine geç tepki gösteriyor
+- Zoom de?i?ince bazen 2-3 PDF yan yana gelebiliyor; checkbox o konumda do?ru görünüyor ama iki PDF'in yan yana gelmesi kald?r?lmal?
+- `DocumentViewer.razor`'daki `DxDocumentViewer` + `DxDocumentViewerTabPanelSettings` bile?enleri daha uygun olabilir mi? De?erlendirmesi yap?lacak.
+
+---
+
+## De?i?iklik Günlü?ü
+
+| Oturum | De?i?iklik |
+|---|---|
+| 1–3 | Temel altyap?: servisler, YARP proxy, JS overlay, imza pad |
+| 4 | `AddSignatureAtAnnotation` + BottomMarginBand ? ? her sayfada tekrar |
+| 5 | `BeforePrint` + `e.Graph?.PrintingSystem` ? ? derleme hatas? |
+| 6 | BeforePrint counter ? ? do?ru yakla??m, yanl?? band |
+| 7 | DetailBand'e geçi? ? ? do?ru band, koordinat hâlâ yanl?? |
+| 8 | `(page-1)*1169+Y` ? ? sayfa ?i?mesi (35?140) |
+| 9 | `BoundsF.Y = ann.Y` + counter ? (?ablon raporda çal??m?yor) |
+| 10 | iText7 `StampSignaturesOnPdf` gerçek modda ?, fake modda export+reload ? (35?70), BottomMarginBand fallback ? |
+| 11 | COPILOT_CONTEXT_TR.md ve COPILOT_CONTEXT_EN.md ayr? dosyalar olarak yeniden olu?turuldu |
+| **12** | **GÖREV 1 ÇÖZÜLDÜ ?** — `WireAnnotationSignatures`: `report.AfterPrint` + `PrintingSystem.Pages[ann.Page-1].AddBrick(ImageBrick/TextBrick)`. Sayfa hedefleme band'dan ba??ms?z, sayfa say?s? katlanm?yor. iText7 ReceiverUI ak???ndan ç?kar?ld?. `AddSignatureAtAnnotation`/`RemoveExistingSignatureById` kald?r?ld?. Derleme ba?ar?l?. |

EnvelopeGenerator.API/Controllers/AuthController.cs

@@ -1,3 +1,4 @@
+using DigitalData.Auth.Claims;
 using EnvelopeGenerator.API.Controllers.Interfaces;
 using EnvelopeGenerator.API.Models;
 using EnvelopeGenerator.Domain.Constants;
@@ -73,4 +74,44 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions,
         => role is not null && !User.IsInRole(role)
             ? Unauthorized()
             : Ok();
+
+    /// <summary>
+    /// Checks whether the caller holds a valid per-envelope receiver token for the given envelope key.
+    /// The request must carry a cookie named <c>AuthTokenSignFLOWReceiver.{envelopeKey}</c>.
+    /// </summary>
+    /// <param name="envelopeKey">The unique envelope key extracted from the route.</param>
+    /// <response code="200">Valid per-envelope token found.</response>
+    /// <response code="401">Token is missing, expired or invalid.</response>
+    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
+    [Authorize(Policy = AuthPolicy.Receiver)]
+    [HttpGet("check/envelope/{envelopeKey}")]
+    public IActionResult CheckEnvelopeReceiver([FromRoute] string envelopeKey) => Ok();
+
+    /// <summary>
+    /// Removes the per-envelope receiver cookie for the given envelope key.
+    /// </summary>
+    /// <param name="envelopeKey">The unique envelope key whose cookie should be deleted.</param>
+    /// <response code="200">Cookie successfully deleted.</response>
+    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
+    [HttpPost("logout/envelope/{envelopeKey}")]
+    public IActionResult LogoutEnvelopeReceiver([FromRoute] string envelopeKey)
+    {
+        var cookieName = CookieNames.GetEnvelopeReceiverCookieName(authTokenKeys.Cookie, envelopeKey);
+        Response.Cookies.Delete(cookieName);
+        return Ok();
+    }
+
+    /// <summary>
+    /// Removes all per-envelope receiver cookies from the current request.
+    /// </summary>
+    /// <response code="200">All envelope receiver cookies successfully deleted.</response>
+    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
+    [HttpPost("logout/envelope")]
+    public IActionResult LogoutAllEnvelopeReceivers()
+    {
+        foreach (var cookieName in Request.Cookies.Keys.Where(k => CookieNames.IsEnvelopeReceiverCookie(k, authTokenKeys.Cookie)))
+            Response.Cookies.Delete(cookieName);
+        return Ok();
+    }
 }

EnvelopeGenerator.API/Controllers/DocumentController.cs

@@ -1,3 +1,4 @@
+using DigitalData.Auth.Claims;
 using EnvelopeGenerator.API.Controllers.Interfaces;
 using EnvelopeGenerator.API.Extensions;
 using EnvelopeGenerator.Application.Documents.Queries;
@@ -14,10 +15,9 @@ namespace EnvelopeGenerator.API.Controllers;
 /// <remarks>
 /// Initializes a new instance of the <see cref="DocumentController"/> class.
 /// </remarks>
-[Authorize]
 [ApiController]
 [Route("api/[controller]")]
-public class DocumentController(IMediator mediator, IAuthorizationService authService) : ControllerBase, IAuthController
+public class DocumentController(IMediator mediator, IAuthorizationService authService, ILogger<DocumentController> logger) : ControllerBase, IAuthController
 {
     /// <summary>
     /// 
@@ -60,4 +60,34 @@ public class DocumentController(IMediator mediator, IAuthorizationService authSe
 
         return Unauthorized();
     }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="envelopeKey"></param>
+    /// <param name="cancel"></param>
+    /// <returns></returns>
+    [HttpGet("{envelopeKey}")]
+    public async Task<IActionResult> GetDocumentOfReceiver(string envelopeKey, CancellationToken cancel)
+    {
+        var envelopeIdStr = User.FindFirst(EnvelopeClaimNames.EnvelopeId)?.Value;
+
+        if (!int.TryParse(envelopeIdStr, out int envelopeId))
+        {
+            logger.LogError(
+                "Inner service error: Failed to parse Envelope ID from claims. Claim '{ClaimName}' had an invalid or missing value: '{ClaimValue}'.",
+                EnvelopeClaimNames.EnvelopeId,
+                envelopeIdStr ?? "null");
+
+            return StatusCode(StatusCodes.Status500InternalServerError, "Inner service error: Invalid envelope claim.");
+        }
+
+        var senderDoc = await mediator.Send(new ReadDocumentQuery() { EnvelopeId = envelopeId }, cancel);
+
+        if (senderDoc.ByteData is not byte[] senderDocByte)
+            return NotFound("Document is empty.");
+
+        Response.Headers.ContentDisposition = $"inline; filename=\"{envelopeKey}.pdf\"";
+        return File(senderDocByte, "application/pdf");
+    }
 }

EnvelopeGenerator.API/Controllers/EnvelopeController.cs

@@ -98,7 +98,7 @@ public class EnvelopeController : ControllerBase
     [HttpPost]
     public async Task<IActionResult> CreateAsync([FromBody] CreateEnvelopeCommand command)
     {
-        var res = await _mediator.Send(command.Authorize(User.GetId()));
+        var res = await _mediator.Send(command.WithAuth(User.GetId()));
 
         if (res is null)
         {

EnvelopeGenerator.API/Controllers/EnvelopeReceiverController.cs

@@ -14,6 +14,7 @@ using EnvelopeGenerator.Application.Common.SQL;
 using EnvelopeGenerator.Application.Common.Dto.Receiver;
 using EnvelopeGenerator.Application.Common.Interfaces.SQLExecutor;
 using EnvelopeGenerator.API.Extensions;
+using EnvelopeGenerator.Domain.Constants;
 
 namespace EnvelopeGenerator.API.Controllers;
 
@@ -73,6 +74,24 @@ public class EnvelopeReceiverController : ControllerBase
         return Ok(result);
     }
 
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="envelopeKey"></param>
+    /// <param name="cancel"></param>
+    /// <returns></returns>
+    [Authorize(Policy = AuthPolicy.Receiver)]
+    [HttpGet("{envelopeKey}")]
+    public async Task<IActionResult> GetEnvelopeReceiverOfReceiver([FromRoute] string envelopeKey, CancellationToken cancel)
+    {
+        var er = await _mediator.Send(new ReadEnvelopeReceiverQuery()
+        {
+            Key = envelopeKey
+        }, cancel);
+
+        return Ok(er.SingleOrDefault());
+    }
+
     /// <summary>
     /// Ruft den Namen des zuletzt verwendeten Empfängers basierend auf der angegebenen E-Mail-Adresse ab.
     /// </summary>

EnvelopeGenerator.API/Documentation/AuthProxyDocumentFilter.cs

@@ -16,6 +16,12 @@ public sealed class AuthProxyDocumentFilter : IDocumentFilter
     /// <param name="swaggerDoc"></param>
     /// <param name="context"></param>
     public void Apply(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+    {
+        AddLoginOperation(swaggerDoc, context);
+        AddEnvelopeReceiverLoginOperation(swaggerDoc, context);
+    }
+
+    private static void AddLoginOperation(OpenApiDocument swaggerDoc, DocumentFilterContext context)
     {
         const string path = "/api/auth";
 
@@ -67,4 +73,51 @@ public sealed class AuthProxyDocumentFilter : IDocumentFilter
             }
         };
     }
+
+    private static void AddEnvelopeReceiverLoginOperation(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+    {
+        const string path = "/api/Auth/envelope-receiver/{key}";
+
+        var bodySchema = context.SchemaGenerator.GenerateSchema(typeof(EnvelopeReceiverLogin), context.SchemaRepository);
+
+        var operation = new OpenApiOperation
+        {
+            Summary = "Envelope receiver login (auth-hub proxy)",
+            Description = "Proxies the envelope receiver login to the auth service. " +
+                          "The `cookie` query parameter is always forwarded as `true` so the auth service sets the per-envelope cookie automatically.",
+            Tags = [new() { Name = "Auth" }],
+            Parameters =
+            {
+                new OpenApiParameter
+                {
+                    Name = "key",
+                    In = ParameterLocation.Path,
+                    Required = true,
+                    Schema = new OpenApiSchema { Type = "string" },
+                    Description = "The unique envelope receiver key."
+                }
+            },
+            RequestBody = new OpenApiRequestBody
+            {
+                Required = false,
+                Content =
+                {
+                    ["multipart/form-data"] = new OpenApiMediaType { Schema = bodySchema }
+                }
+            },
+            Responses =
+            {
+                ["200"] = new OpenApiResponse { Description = "OK – per-envelope cookie set by auth service." },
+                ["401"] = new OpenApiResponse { Description = "Unauthorized – invalid or missing access code." }
+            }
+        };
+
+        swaggerDoc.Paths[path] = new OpenApiPathItem
+        {
+            Operations =
+            {
+                [OperationType.Post] = operation
+            }
+        };
+    }
 }

EnvelopeGenerator.API/EnvelopeGenerator.API.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net9.0</TargetFrameworks>
+    <TargetFrameworks>net8.0</TargetFrameworks>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
@@ -10,9 +10,9 @@
     <Authors>Digital Data GmbH</Authors>
     <Company>Digital Data GmbH</Company>
     <Product>EnvelopeGenerator.GeneratorAPI</Product>
-    <Version>1.2.3</Version>
-    <FileVersion>1.2.3</FileVersion>
-    <AssemblyVersion>1.2.3</AssemblyVersion>
+    <Version>1.3.0</Version>
+    <FileVersion>1.3.0</FileVersion>
+    <AssemblyVersion>1.3.0</AssemblyVersion>
     <PackageOutputPath>Copyright © 2025 Digital Data GmbH. All rights reserved.</PackageOutputPath>
 	<DocumentationFile>bin\$(Configuration)\$(TargetFramework)\$(AssemblyName).xml</DocumentationFile>
   </PropertyGroup>
@@ -30,11 +30,16 @@
 
   <ItemGroup>
     <PackageReference Include="AspNetCore.Scalar" Version="1.1.8" />
+    <PackageReference Include="DigitalData.Auth.Claims" Version="1.0.3" />
     <PackageReference Include="DigitalData.Auth.Client" Version="1.3.7" />
     <PackageReference Include="DigitalData.Core.API" Version="2.2.1" />
     <PackageReference Include="HtmlSanitizer" Version="9.0.892" />
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.4" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="9.0.6" />
+    <PackageReference Include="itext" Version="8.0.5" />
+    <PackageReference Include="itext.bouncy-castle-adapter" Version="8.0.5" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.4" Condition="'$(TargetFramework)' == 'net9.0'" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.11" Condition="'$(TargetFramework)' == 'net8.0'" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="9.0.6" Condition="'$(TargetFramework)' == 'net9.0'" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.17" Condition="'$(TargetFramework)' == 'net8.0'" />
     <PackageReference Include="Microsoft.Identity.Client" Version="4.82.1" />
     <PackageReference Include="NLog" Version="5.2.5" />
     <PackageReference Include="NLog.Web.AspNetCore" Version="5.3.0" />
@@ -71,6 +76,7 @@
     <ProjectReference Include="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj" />
     <ProjectReference Include="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj" />
     <ProjectReference Include="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj" />
+    <ProjectReference Include="..\EnvelopeGenerator.PdfEditor\EnvelopeGenerator.PdfEditor.csproj" />
   </ItemGroup>
 
 </Project>

EnvelopeGenerator.API/Models/EnvelopeReceiverLogin.cs

@@ -0,0 +1,7 @@
+namespace EnvelopeGenerator.API.Models;
+
+/// <summary>
+/// Request body for the envelope-receiver login endpoint.
+/// </summary>
+/// <param name="AccessCode">The access code sent to the receiver.</param>
+public record EnvelopeReceiverLogin(string? AccessCode = null);

EnvelopeGenerator.API/Program.cs

@@ -19,6 +19,7 @@ using DigitalData.Core.Abstractions.Security.Extensions;
 using EnvelopeGenerator.API.Middleware;
 using NLog.Web;
 using NLog;
+using DigitalData.Auth.Claims;
 
 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Info("Logging initialized!");
@@ -110,7 +111,9 @@ try
 
         options.DocumentFilter<EnvelopeGenerator.API.Documentation.AuthProxyDocumentFilter>();
     });
+#if NET9_0_OR_GREATER
     builder.Services.AddOpenApi();
+#endif
 
     //Add EF Core dbcontext
     var useDbMigration = Environment.GetEnvironmentVariable("MIGRATION_TEST_MODE") == true.ToString() || config.GetValue<bool>("UseDbMigration");
@@ -126,6 +129,9 @@ try
 
     var authTokenKeys = config.GetOrDefault<AuthTokenKeys>();
 
+    // Scheme name used for per-envelope receiver JWT authentication.
+    const string EnvelopeReceiverScheme = "EnvelopeReceiverJwt";
+
     builder.Services.AddAuthentication(options =>
     {
         options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -163,6 +169,61 @@ try
                     return Task.CompletedTask;
                 }
             };
+        })
+        // Per-envelope receiver scheme: reads the JWT from the cookie named
+        // AuthTokenSignFLOWReceiver.{envelope_key} where envelope_key is the
+        // last path segment of the request URL.
+        // This enables simultaneous authentication for multiple envelopes
+        // within the same browser session.
+        .AddJwtBearer(EnvelopeReceiverScheme, opt =>
+        {
+            opt.TokenValidationParameters = new TokenValidationParameters
+            {
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
+                {
+                    var clientParams = deferredProvider.GetOptions<ClientParams>();
+                    var publicKey = clientParams!.PublicKeys.Get(authTokenKeys.Issuer, authTokenKeys.Audience);
+                    return [publicKey.SecurityKey];
+                },
+                ValidateIssuer = true,
+                ValidIssuer = authTokenKeys.Issuer,
+                ValidateAudience = true,
+                ValidAudience = authTokenKeys.Audience,
+            };
+
+            opt.Events = new JwtBearerEvents
+            {
+                OnMessageReceived = context =>
+                {
+                    var paths = context.Request.Path.Value?.Split('/', StringSplitOptions.RemoveEmptyEntries);
+
+                    // Derive the envelope key from the last route segment: /{envelope_key}
+                    var envelopeKey = paths?.LastOrDefault();
+
+                    if (envelopeKey is not null)
+                    {
+                        var cookieName = CookieNames.GetEnvelopeReceiverCookieName(authTokenKeys.Cookie, envelopeKey);
+                        if (context.Request.Cookies.TryGetValue(cookieName, out var cookieToken) && cookieToken is not null)
+                            context.Token = cookieToken;
+                    }
+
+                    return Task.CompletedTask;
+                },
+                OnTokenValidated = context =>
+                {
+                    var paths = context.Request.Path.Value?.Split('/', StringSplitOptions.RemoveEmptyEntries);
+                    var envelopeKey = paths?.LastOrDefault();
+
+                    var sub = context.Principal?.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value
+                           ?? context.Principal?.FindFirst("sub")?.Value;
+
+                    if (envelopeKey is null || sub != envelopeKey)
+                        context.Fail("Envelope key in the path does not match the token subject.");
+
+                    return Task.CompletedTask;
+                }
+            };
         });
 
     // Authentication
@@ -182,8 +243,13 @@ try
             policy.RequireRole(Role.Sender, Role.Receiver.Full))
         .AddPolicy(AuthPolicy.Sender, policy =>
             policy.RequireRole(Role.Sender))
+        // Per-envelope policy: uses the dedicated EnvelopeReceiverJwt scheme so it
+        // never conflicts with the default JwtBearer scheme.
         .AddPolicy(AuthPolicy.Receiver, policy =>
-            policy.RequireRole(Role.Receiver.Full))
+            policy
+                .AddAuthenticationSchemes(EnvelopeReceiverScheme)
+                .RequireAuthenticatedUser()
+            .RequireRole(Role.Receiver.Full, "receiver"))
         .AddPolicy(AuthPolicy.ReceiverTFA, policy =>
             policy.RequireRole(Role.Receiver.TFA));
 
@@ -224,7 +290,9 @@ try
 
     app.UseMiddleware<ExceptionHandlingMiddleware>();
 
+#if NET9_0_OR_GREATER
     app.MapOpenApi();
+#endif
 
     // Configure the HTTP request pipeline.
     if (app.Environment.IsDevelopment() || (app.IsDevOrDiP() && config.GetValue<bool>("UseSwagger")))
@@ -258,9 +326,19 @@ try
     app.UseAuthentication();
     app.UseAuthorization();
 
-    app.MapReverseProxy();
     app.MapControllers();
 
+    // Catch-all YARP proxy — only forward requests that are not swagger/scalar/openapi paths.
+    app.MapWhen(
+        ctx =>
+        {
+            var path = ctx.Request.Path.Value ?? string.Empty;
+            return !path.StartsWith("/swagger", StringComparison.OrdinalIgnoreCase) &&
+                   !path.StartsWith("/scalar", StringComparison.OrdinalIgnoreCase) &&
+                   !path.StartsWith("/openapi", StringComparison.OrdinalIgnoreCase);
+        },
+        branch => branch.UseRouting().UseEndpoints(e => e.MapReverseProxy()));
+
     app.Run();
 }
 catch (Exception ex)

EnvelopeGenerator.API/appsettings.json

@@ -1,6 +1,6 @@
 {
   "UseSwagger": true,
-  "UseDbMigration": true,
+  "UseDbMigration": false,
   "DiPMode": true,
   "Logging": {
     "LogLevel": {

EnvelopeGenerator.API/yarp.json

@@ -1,6 +1,62 @@
 {
   "ReverseProxy": {
     "Routes": {
+      "receiver-ui-receiver": {
+        "ClusterId": "receiver-ui",
+        "Order": 100,
+        "Match": {
+          "Path": "/receiver/{**catch-all}",
+          "Methods": [ "GET", "HEAD" ]
+        }
+      },
+      "receiver-ui-login": {
+        "ClusterId": "receiver-ui",
+        "Order": 100,
+        "Match": {
+          "Path": "/login/{**catch-all}",
+          "Methods": [ "GET", "HEAD" ]
+        }
+      },
+      "receiver-ui-sender": {
+        "ClusterId": "receiver-ui",
+        "Order": 100,
+        "Match": {
+          "Path": "/sender/{**catch-all}",
+          "Methods": [ "GET", "HEAD" ]
+        }
+      },
+      "receiver-ui-envelope": {
+        "ClusterId": "receiver-ui",
+        "Order": 100,
+        "Match": {
+          "Path": "/envelope/{**catch-all}",
+          "Methods": [ "GET", "HEAD" ]
+        }
+      },
+      "receiver-ui-static-assets": {
+        "ClusterId": "receiver-ui",
+        "Order": 999,
+        "Match": {
+          "Path": "{**catch-all}",
+          "Methods": [ "GET", "HEAD" ]
+        },
+        "Transforms": [
+          { "ResponseHeader": "Cache-Control", "Set": "no-cache, no-store, must-revalidate", "When": "Always" },
+          { "ResponseHeader": "Pragma", "Set": "no-cache", "When": "Always" },
+          { "ResponseHeader": "Expires", "Set": "0", "When": "Always" }
+        ]
+      },
+      "receiver-ui-annotation-fake": {
+        "ClusterId": "receiver-ui",
+        "Order": 10,
+        "Match": {
+          "Path": "/api/Annotation/{envelopeKey}",
+          "Methods": [ "GET", "HEAD" ]
+        },
+        "Transforms": [
+          { "PathSet": "/fake-data/annotations.json" }
+        ]
+      },
       "auth-login": {
         "ClusterId": "auth-hub",
         "Match": {
@@ -10,9 +66,27 @@
         "Transforms": [
           { "PathSet": "/api/auth/sign-flow" }
         ]
+      },
+      "auth-envelope-receiver-login": {
+        "ClusterId": "auth-hub",
+        "Match": {
+          "Path": "/api/Auth/envelope-receiver/{key}",
+          "Methods": [ "POST" ]
+        },
+        "Transforms": [
+          { "PathPattern": "/api/auth/envelope-receiver/{key}" },
+          { "QueryValueParameter": "cookie", "Set": "true" }
+        ]
       }
     },
     "Clusters": {
+      "receiver-ui": {
+        "Destinations": {
+          "primary": {
+            "Address": "https://localhost:52936"
+          }
+        }
+      },
       "auth-hub": {
         "Destinations": {
           "primary": {
@@ -23,3 +97,4 @@
     }
   }
 }
+

EnvelopeGenerator.Application/Common/Dto/AnnotationDto.cs

@@ -8,42 +8,74 @@ public record AnnotationCreateDto
     /// <summary>
     /// 
     /// </summary>
-    public int ElementId { get; init; }
+    public long Id { get; set; }
 
     /// <summary>
     /// 
     /// </summary>
-    public string Name { get; init; } = null!;
+    [Obsolete("Not required for DevExpress")]
+    public int ElementId { get; init; } = -1;
 
     /// <summary>
     /// 
     /// </summary>
-    public string Value { get; init; } = null!;
+    [Obsolete("Not required for DevExpress")]
+    public string Name { get; init; } = string.Empty;
 
     /// <summary>
     /// 
     /// </summary>
-    public string Type { get; init; } = null!;
+    [Obsolete("Not required for DevExpress")]
+    public string Value { get; init; } = string.Empty;
 
     /// <summary>
     /// 
     /// </summary>
+    [Obsolete("Not required for DevExpress")]
+    public string Type { get; init; } = string.Empty;
+
+    /// <summary>
+    /// Horizontal position of the signature field on the page.
+    /// <br/><br/>
+    /// <b>DevExpress unit:</b> Hundredths of an inch (1/100 inch ≈ 2.83 PDF points), origin at the <b>top-left</b> corner of the page, X increases to the right.
+    /// <br/>
+    /// <b>Difference from PSPDFKit:</b> PSPDFKit also uses top-left origin but measures in PDF points (1/72 inch).
+    /// To convert: <c>xDevExpress = xPsPdfKit * (100.0 / 72.0)</c>
+    /// <br/>
+    /// <b>Difference from GDPicture:</b> GDPicture uses PDF points with <b>bottom-left</b> origin (standard PDF coordinate system).
+    /// The X axis is the same direction, only unit conversion is needed: <c>xDevExpress = xGdPicture * (100.0 / 72.0)</c>
+    /// </summary>
     public double? X { get; init; }
 
     /// <summary>
-    /// 
+    /// Vertical position of the signature field on the page.
+    /// <br/><br/>
+    /// <b>DevExpress unit:</b> Hundredths of an inch (1/100 inch ≈ 2.83 PDF points), origin at the <b>top-left</b> corner of the page, Y increases downward.
+    /// <br/>
+    /// <b>Difference from PSPDFKit:</b> PSPDFKit also uses top-left origin and Y increases downward, but measures in PDF points (1/72 inch).
+    /// To convert: <c>yDevExpress = yPsPdfKit * (100.0 / 72.0)</c>
+    /// <br/>
+    /// <b>Difference from GDPicture:</b> GDPicture uses PDF points with <b>bottom-left</b> origin, so Y increases <b>upward</b> (PDF standard).
+    /// To convert: <c>yDevExpress = (pageHeightInPt - yGdPicture - elementHeightInPt) * (100.0 / 72.0)</c>
     /// </summary>
     public double? Y { get; init; }
 
     /// <summary>
     /// 
     /// </summary>
+    [Obsolete("Not required for DevExpress")]
     public double? Width { get; init; }
 
     /// <summary>
     /// 
     /// </summary>
+    [Obsolete("Not required for DevExpress")]
     public double? Height { get; init; }
+
+    /// <summary>
+    /// Added to eliminate the need for SignatureDto in DevExpress 
+    /// </summary>
+    public int? Page { get; init; }
 }
 
 /// <summary>

EnvelopeGenerator.Application/EnvelopeReceivers/Queries/ReadEnvelopeReceiverSecretQuery.cs

@@ -0,0 +1,127 @@
+using AutoMapper;
+using DigitalData.Core.Abstraction.Application.Repository;
+using EnvelopeGenerator.Application.Envelopes.Queries;
+using EnvelopeGenerator.Application.Receivers.Queries;
+using MediatR;
+using EnvelopeGenerator.Domain.Entities;
+using Microsoft.EntityFrameworkCore;
+using EnvelopeGenerator.Application.Common.Dto.EnvelopeReceiver;
+using EnvelopeGenerator.Application.Common.Query;
+using EnvelopeGenerator.Application.Common.Extensions;
+
+namespace EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
+
+/// <summary>
+/// Represents a query for reading an envelope receiver including sensitive fields
+/// (access code, phone number) that are excluded from the standard <see cref="ReadEnvelopeReceiverQuery"/>.
+/// </summary>
+/// <remarks>
+/// Returns a single <see cref="EnvelopeReceiverSecretDto"/> matched by UUID and receiver signature.
+/// Equivalent to the legacy <c>ReadWithSecretByUuidSignatureAsync</c> service method.
+/// </remarks>
+public record ReadEnvelopeReceiverSecretQuery
+    : EnvelopeReceiverQueryBase<ReadEnvelopeQuery, ReadReceiverQuery>,
+      IRequest<EnvelopeReceiverSecretDto?>;
+
+/// <summary>
+/// Extension methods for dispatching <see cref="ReadEnvelopeReceiverSecretQuery"/> via <see cref="IMediator"/>.
+/// </summary>
+public static class ReadEnvelopeReceiverSecretQueryExtensions
+{
+    /// <summary>
+    /// Sends a <see cref="ReadEnvelopeReceiverSecretQuery"/> using the composite key (uuid::signature).
+    /// </summary>
+    /// <param name="mediator">The mediator instance.</param>
+    /// <param name="key">Composite key in the format <c>uuid::signature</c>.</param>
+    /// <param name="cancel">Cancellation token.</param>
+    /// <returns>The matching <see cref="EnvelopeReceiverSecretDto"/>, or <c>null</c> if not found.</returns>
+    public static Task<EnvelopeReceiverSecretDto?> ReadEnvelopeReceiverSecretAsync(
+        this IMediator mediator,
+        string key,
+        CancellationToken cancel = default)
+        => mediator.Send(new ReadEnvelopeReceiverSecretQuery { Key = key }, cancel);
+
+    /// <summary>
+    /// Sends a <see cref="ReadEnvelopeReceiverSecretQuery"/> using UUID and receiver signature.
+    /// </summary>
+    /// <param name="mediator">The mediator instance.</param>
+    /// <param name="uuid">Envelope UUID.</param>
+    /// <param name="signature">Receiver signature.</param>
+    /// <param name="cancel">Cancellation token.</param>
+    /// <returns>The matching <see cref="EnvelopeReceiverSecretDto"/>, or <c>null</c> if not found.</returns>
+    public static Task<EnvelopeReceiverSecretDto?> ReadEnvelopeReceiverSecretAsync(
+        this IMediator mediator,
+        string uuid,
+        string signature,
+        CancellationToken cancel = default)
+    {
+        var q = new ReadEnvelopeReceiverSecretQuery();
+        q.Envelope.Uuid = uuid;
+        q.Receiver.Signature = signature;
+        return mediator.Send(q, cancel);
+    }
+
+    /// <summary>
+    /// Handles <see cref="ReadEnvelopeReceiverSecretQuery"/> and returns a
+    /// <see cref="EnvelopeReceiverSecretDto"/> containing sensitive fields.
+    /// </summary>
+    public class ReadEnvelopeReceiverSecretQueryHandler
+        : IRequestHandler<ReadEnvelopeReceiverSecretQuery, EnvelopeReceiverSecretDto?>
+    {
+        private readonly IRepository<EnvelopeReceiver> _repo;
+        private readonly IRepository<Receiver> _rcvRepo;
+        private readonly IMapper _mapper;
+
+        /// <summary>
+        /// Initializes a new instance of <see cref="ReadEnvelopeReceiverSecretQueryHandler"/>.
+        /// </summary>
+        /// <param name="envelopeReceiver">Repository for <see cref="EnvelopeReceiver"/>.</param>
+        /// <param name="rcvRepo">Repository for <see cref="Receiver"/>.</param>
+        /// <param name="mapper">AutoMapper instance.</param>
+        public ReadEnvelopeReceiverSecretQueryHandler(
+            IRepository<EnvelopeReceiver> envelopeReceiver,
+            IRepository<Receiver> rcvRepo,
+            IMapper mapper)
+        {
+            _repo = envelopeReceiver;
+            _rcvRepo = rcvRepo;
+            _mapper = mapper;
+        }
+
+        /// <summary>
+        /// Handles the query and returns the matching <see cref="EnvelopeReceiverSecretDto"/>.
+        /// </summary>
+        /// <param name="request">The query containing filter criteria.</param>
+        /// <param name="cancel">Cancellation token.</param>
+        /// <returns>
+        /// The matched <see cref="EnvelopeReceiverSecretDto"/>, or <c>null</c> if no record is found.
+        /// </returns>
+        public async Task<EnvelopeReceiverSecretDto?> Handle(
+            ReadEnvelopeReceiverSecretQuery request,
+            CancellationToken cancel)
+        {
+            var q = _repo.Query.Where(request, notnull: false);
+
+            var envRcvs = await q
+                .Include(er => er.Envelope).ThenInclude(e => e!.Documents!).ThenInclude(d => d.Elements)
+                .Include(er => er.Envelope).ThenInclude(e => e!.Histories)
+                .Include(er => er.Envelope).ThenInclude(e => e!.User)
+                .Include(er => er.Receiver)
+                .ToListAsync(cancel);
+
+            if (request.Receiver.HasAnyCriteria && envRcvs.Count != 0)
+            {
+                var receiver = await _rcvRepo.Query.Where(request.Receiver).FirstAsync(cancel);
+
+                foreach (var item in envRcvs)
+                    item.Envelope?.Documents?.FirstOrDefault()?.Elements?.RemoveAll(s => s.ReceiverId != receiver.Id);
+            }
+
+            var envRcv = envRcvs.FirstOrDefault();
+            if (envRcv is null)
+                return null;
+
+            return _mapper.Map<EnvelopeReceiverSecretDto>(envRcv);
+        }
+    }
+}

EnvelopeGenerator.Application/Envelopes/Commands/CreateEnvelopeCommand.cs

@@ -40,10 +40,10 @@ public record CreateEnvelopeCommand : IRequest<EnvelopeDto?>
     /// </summary>
     /// <param name="userId"></param>
     /// <returns></returns>
-    public bool Authorize(int userId)
+    public CreateEnvelopeCommand WithAuth(int userId)
     {
         UserId = userId;
-        return true;
+        return this;
     }
 
     /// <summary>

EnvelopeGenerator.DependencyInjection/DependencyInjection.cs

@@ -0,0 +1,145 @@
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using EnvelopeGenerator.Application;
+using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.Application.Services;
+using EnvelopeGenerator.Infrastructure;
+using DigitalData.EmailProfilerDispatcher;
+using DigitalData.UserManager.DependencyInjection;
+
+namespace EnvelopeGenerator.DependencyInjection;
+
+/// <summary>
+/// Controls which optional services are registered by <see cref="DependencyInjection.AddEnvelopeGenerator"/>.
+/// All flags default to <c>true</c>. Set a flag to <c>false</c> if the consuming project
+/// already registers that service itself or simply does not need it.
+/// </summary>
+public sealed class EnvelopeGeneratorOptions
+{
+    /// <summary>Calls <c>AddHttpContextAccessor()</c>. Default: <c>true</c>.</summary>
+    public bool AddHttpContextAccessor { get; set; } = true;
+
+    /// <summary>
+    /// Calls <c>AddDistributedSqlServerCache()</c> with the supplied <see cref="SqlCacheOptions"/>.
+    /// Requires <see cref="SqlCacheOptions"/> to be configured. Default: <c>true</c>.
+    /// </summary>
+    public bool AddDistributedSqlServerCache { get; set; } = true;
+
+    /// <summary>
+    /// Options for the distributed SQL Server cache.
+    /// Required when <see cref="AddDistributedSqlServerCache"/> is <c>true</c>.
+    /// </summary>
+    public SqlCacheOptions? SqlCacheOptions { get; set; }
+
+    /// <summary>Calls <c>AddDispatcher&lt;TDbContext&gt;()</c>. Default: <c>true</c>.</summary>
+    public bool AddDispatcher { get; set; } = true;
+
+    /// <summary>Calls <c>AddMemoryCache()</c>. Default: <c>true</c>.</summary>
+    public bool AddMemoryCache { get; set; } = true;
+
+    /// <summary>Calls <c>AddUserManager&lt;TDbContext&gt;()</c>. Default: <c>true</c>.</summary>
+    public bool AddUserManager { get; set; } = true;
+}
+
+/// <summary>Options for <c>AddDistributedSqlServerCache</c>.</summary>
+public sealed class SqlCacheOptions
+{
+    /// <summary>SQL Server connection string.</summary>
+    public string ConnectionString { get; set; } = string.Empty;
+
+    /// <summary>Schema name. Default: <c>dbo</c>.</summary>
+    public string SchemaName { get; set; } = "dbo";
+
+    /// <summary>Table name. Default: <c>TBDD_CACHE</c>.</summary>
+    public string TableName { get; set; } = "TBDD_CACHE";
+}
+
+/// <summary>
+/// Extension methods for registering EnvelopeGenerator services into an <see cref="IServiceCollection"/>.
+/// Use <see cref="AddEnvelopeGenerator{TDbContext}"/> as the single entry-point for projects that need both the
+/// application layer (MediatR, AutoMapper, CRUD services, configuration sections) and the infrastructure
+/// layer (repositories, DbContext, SQL executors).
+/// For projects that do not need a database (e.g. lightweight API gateways or unit-test hosts), use
+/// <see cref="AddEnvelopeGeneratorCore"/> to register only the application layer.
+/// </summary>
+public static class DependencyInjection
+{
+    /// <summary>
+    /// Registers the full EnvelopeGenerator stack using <see cref="EGDbContext"/> as the DbContext type.
+    /// </summary>
+    public static IServiceCollection AddEnvelopeGenerator(
+        this IServiceCollection services,
+        IConfiguration configuration,
+        Action<EnvelopeGenerator.Infrastructure.DependencyInjection.Config>? infrastructureOptions = null,
+        Action<EnvelopeGeneratorOptions>? options = null)
+    {
+        var opt = new EnvelopeGeneratorOptions();
+        options?.Invoke(opt);
+
+#pragma warning disable CS0618
+        // Application layer: CRUD services, MediatR, AutoMapper, configuration sections.
+        services.AddEnvelopeGeneratorServices(configuration);
+
+        // Infrastructure layer: repositories, DbContext, Dapper type maps, SQL executors.
+        services.AddEnvelopeGeneratorInfrastructureServices(cfg =>
+        {
+            infrastructureOptions?.Invoke(cfg);
+        });
+#pragma warning restore CS0618
+
+        if (opt.AddHttpContextAccessor)
+            services.AddHttpContextAccessor();
+
+        if (opt.AddDistributedSqlServerCache && opt.SqlCacheOptions is { } cacheOpts)
+            services.AddDistributedSqlServerCache(o =>
+            {
+                o.ConnectionString = cacheOpts.ConnectionString;
+                o.SchemaName = cacheOpts.SchemaName;
+                o.TableName = cacheOpts.TableName;
+            });
+
+        if (opt.AddDispatcher)
+            services.AddDispatcher<EGDbContext>();
+
+        if (opt.AddMemoryCache)
+            services.AddMemoryCache();
+
+#pragma warning disable CS0618
+        if (opt.AddUserManager)
+            services.AddUserManager<EGDbContext>();
+#pragma warning restore CS0618
+
+        return services;
+    }
+
+    /// <summary>
+    /// Registers only the <em>application</em> layer services (MediatR handlers, AutoMapper profiles,
+    /// CRUD services, configuration sections) without any infrastructure / database dependencies.
+    /// </summary>
+    /// <param name="services">Service collection to register services into.</param>
+    /// <param name="configuration">Application configuration used to bind application-level option sections.</param>
+    /// <returns>The updated <see cref="IServiceCollection"/>.</returns>
+#pragma warning disable CS0618
+    public static IServiceCollection AddEnvelopeGeneratorCore(
+        this IServiceCollection services,
+        IConfiguration configuration)
+    {
+        services.AddEnvelopeGeneratorServices(configuration);
+        return services;
+    }
+#pragma warning restore CS0618
+
+    /// <summary>
+    /// Registers <see cref="EnvelopeMailService"/> as the <see cref="IEnvelopeMailService"/> scoped
+    /// implementation.
+    /// </summary>
+    /// <param name="services">Service collection to register services into.</param>
+    /// <returns>The updated <see cref="IServiceCollection"/>.</returns>
+#pragma warning disable CS0618
+    public static IServiceCollection AddEnvelopeMailService(this IServiceCollection services)
+    {
+        services.AddScoped<IEnvelopeMailService, EnvelopeMailService>();
+        return services;
+    }
+#pragma warning restore CS0618
+}

EnvelopeGenerator.DependencyInjection/EnvelopeGenerator.DependencyInjection.csproj

@@ -0,0 +1,176 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFrameworks>net7.0;net8.0;net9.0</TargetFrameworks>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+
+    <!-- NuGet package metadata -->
+    <PackageId>EnvelopeGenerator</PackageId>
+    <Authors>Digital Data GmbH</Authors>
+    <Company>Digital Data GmbH</Company>
+    <Product>EnvelopeGenerator</Product>
+    <Description>
+      Envelope Generator ist eine Bibliothek zur Verwaltung und Verarbeitung digitaler Umschläge (Envelopes).
+      Dieses Paket enthält die Dependency-Injection-Erweiterungsmethoden und bündelt die Application-
+      sowie Infrastructure-Schicht in einer einzigen NuGet-Referenz.
+    </Description>
+    <Copyright>Copyright 2024 Digital Data GmbH</Copyright>
+    <RepositoryUrl>http://git.dd:3000/AppStd/EnvelopeGenerator.git</RepositoryUrl>
+    <PackageTags>digital data envelope generator di dependency injection</PackageTags>
+    <PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
+    <Version>1.2.0.3</Version>
+    <AssemblyVersion>1.2.0.3</AssemblyVersion>
+    <FileVersion>1.2.0.3</FileVersion>
+    <GeneratePackageOnBuild>false</GeneratePackageOnBuild>
+  </PropertyGroup>
+
+  <!-- ASP.NET Core shared framework (AddHttpContextAccessor, AddMemoryCache, etc.) -->
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+  </ItemGroup>
+
+  <!--
+    All dependencies are declared here.
+    Because Application and Infrastructure DLLs are bundled via PrivateAssets=all,
+    their PackageReferences have been moved to this project so that the correct
+    dependencies are written to the nuspec and a consuming project works with
+    a single package install.
+  -->
+  <ItemGroup>
+    <!-- DigitalData BaGet packages -->
+    <PackageReference Include="DigitalData.Core.Abstraction.Application" Version="1.6.0" />
+    <PackageReference Include="DigitalData.Core.Application" Version="3.4.0" />
+    <PackageReference Include="DigitalData.Core.Client" Version="2.1.0" />
+    <PackageReference Include="DigitalData.Core.Exceptions" Version="1.1.0" />
+    <PackageReference Include="DigitalData.Core.Infrastructure" Version="2.6.1" />
+    <PackageReference Include="DigitalData.EmailProfilerDispatcher" Version="3.1.1" />
+    <PackageReference Include="UserManager" Version="1.1.3" />
+
+    <!-- ORM / Database -->
+    <PackageReference Include="Dapper" Version="2.1.66" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
+
+    <!-- Application services -->
+    <PackageReference Include="MediatR" Version="12.5.0" />
+    <PackageReference Include="QRCoder" Version="1.6.0" />
+    <PackageReference Include="QRCoder-ImageSharp" Version="0.10.0" />
+    <PackageReference Include="QuestPDF" Version="2025.7.1" />
+    <PackageReference Include="Otp.NET" Version="1.4.0" />
+
+    <!-- Security / Identity -->
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.82.1" />
+
+    <!-- Utilities -->
+    <PackageReference Include="HtmlSanitizer" Version="9.0.892" />
+    <PackageReference Include="SixLabors.ImageSharp" Version="3.1.12" />
+    <PackageReference Include="System.Formats.Asn1" Version="10.0.3" />
+    <PackageReference Include="System.Security.AccessControl" Version="6.0.1" />
+
+    <!-- DI abstractions -->
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.6" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.6" />
+  </ItemGroup>
+
+  <!-- TFM-specific packages -->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net7.0'">
+    <PackageReference Include="AutoMapper" Version="13.0.1" />
+    <PackageReference Include="CommandDotNet" Version="7.0.5" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.20" />
+    <PackageReference Include="Microsoft.Extensions.Caching.SqlServer" Version="7.0.20" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="7.0.20" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="7.0.20" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.20" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="AutoMapper" Version="14.0.0" />
+    <PackageReference Include="CommandDotNet" Version="8.1.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.17" />
+    <PackageReference Include="Microsoft.Extensions.Caching.SqlServer" Version="8.0.17" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.17" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="8.0.17" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.17" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net9.0'">
+    <PackageReference Include="AutoMapper" Version="14.0.0" />
+    <PackageReference Include="CommandDotNet" Version="8.1.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.6" />
+    <PackageReference Include="Microsoft.Extensions.Caching.SqlServer" Version="9.0.6" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.6" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="9.0.6" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="9.0.6" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj">
+      <PrivateAssets>all</PrivateAssets>
+    </ProjectReference>
+    <ProjectReference Include="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj">
+      <PrivateAssets>all</PrivateAssets>
+    </ProjectReference>
+    <ProjectReference Include="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj">
+      <PrivateAssets>all</PrivateAssets>
+    </ProjectReference>
+  </ItemGroup>
+
+  <!-- Bundle dependency DLLs into the package lib folder -->
+  <Target Name="IncludeDependencyDlls" BeforeTargets="_GetPackageFiles">
+    <ItemGroup>
+      <_DepDlls Include="&#xD;&#xA;        ..\EnvelopeGenerator.Application\bin\$(Configuration)\%(ProjectReference.TargetFramework)\EnvelopeGenerator.Application.dll;&#xD;&#xA;        ..\EnvelopeGenerator.Domain\bin\$(Configuration)\%(ProjectReference.TargetFramework)\EnvelopeGenerator.Domain.dll;&#xD;&#xA;        ..\EnvelopeGenerator.Infrastructure\bin\$(Configuration)\%(ProjectReference.TargetFramework)\EnvelopeGenerator.Infrastructure.dll" />
+    </ItemGroup>
+  </Target>
+
+  <!--
+    Rebuild all dependency projects for every TFM before packing so that
+    the DLLs bundled into the package are always up-to-date.
+    Run with: dotnet pack -c Release
+  -->
+  <Target Name="RebuildDependenciesBeforePack" BeforeTargets="GenerateNuspec">
+    <MSBuild Projects="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net7.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net8.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net9.0" />
+
+    <MSBuild Projects="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net7.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net8.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Domain\EnvelopeGenerator.Domain.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net9.0" />
+
+    <MSBuild Projects="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net7.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net8.0" />
+    <MSBuild Projects="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj"
+             Targets="Build"
+             Properties="Configuration=$(Configuration);TargetFramework=net9.0" />
+  </Target>
+
+  <Target Name="BundleReferencedDlls" AfterTargets="Build">
+    <ItemGroup>
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Application\bin\$(Configuration)\net7.0\EnvelopeGenerator.Application.dll" TargetFramework="net7.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Application\bin\$(Configuration)\net8.0\EnvelopeGenerator.Application.dll" TargetFramework="net8.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Application\bin\$(Configuration)\net9.0\EnvelopeGenerator.Application.dll" TargetFramework="net9.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Domain\bin\$(Configuration)\net7.0\EnvelopeGenerator.Domain.dll" TargetFramework="net7.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Domain\bin\$(Configuration)\net8.0\EnvelopeGenerator.Domain.dll" TargetFramework="net8.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Domain\bin\$(Configuration)\net9.0\EnvelopeGenerator.Domain.dll" TargetFramework="net9.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Infrastructure\bin\$(Configuration)\net7.0\EnvelopeGenerator.Infrastructure.dll" TargetFramework="net7.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Infrastructure\bin\$(Configuration)\net8.0\EnvelopeGenerator.Infrastructure.dll" TargetFramework="net8.0" />
+      <BuildOutputInPackage Include="..\EnvelopeGenerator.Infrastructure\bin\$(Configuration)\net9.0\EnvelopeGenerator.Infrastructure.dll" TargetFramework="net9.0" />
+    </ItemGroup>
+  </Target>
+
+</Project>

EnvelopeGenerator.ReceiverUI/EnvelopeGenerator.ReceiverUI.csproj

@@ -14,16 +14,20 @@
 	<PackageIcon>Assets\icon.ico</PackageIcon>
 	<PackageTags>digital data envelope generator web</PackageTags>
 	<Description>EnvelopeGenerator.ReceiverUI is a Blazor WebAssembly application developed to manage signing processes. It uses Entity Framework Core (EF Core) for database operations. The user interface for signing processes is developed with Razor View Engine (.cshtml files) and JavaScript under wwwroot, integrated with PSPDFKit. This integration allows users to view and sign documents seamlessly.</Description>
-	<Version>1.0.1</Version>
+	<Version>1.2.0</Version>
 	<!-- NuGet package version -->
-	<AssemblyVersion>1.0.1.0</AssemblyVersion>
+	<AssemblyVersion>1.2.0.0</AssemblyVersion>
 	<!-- Assembly version for API compatibility -->
-	<FileVersion>1.0.1.0</FileVersion>
+	<FileVersion>1.2.0.0</FileVersion>
 	<!-- Windows file version -->
 	<Copyright>Copyright © 2026 Digital Data GmbH. All rights reserved.</Copyright>
 	  
   </PropertyGroup>
   <ItemGroup>
+    <PackageReference Include="DevExpress.Blazor.PdfViewer" Version="25.2.3" />
+    <PackageReference Include="DevExpress.Blazor.Reporting.JSBasedControls" Version="25.2.3" />
+    <PackageReference Include="DevExpress.Blazor.Reporting.Viewer" Version="25.2.3" />
+    <PackageReference Include="DevExpress.Drawing.Skia" Version="25.2.3" />
     <PackageReference Include="HarfBuzzSharp.NativeAssets.WebAssembly" Version="8.3.1.2" />
     <PackageReference Include="SkiaSharp.NativeAssets.WebAssembly" Version="3.119.1" />
     <PackageReference Include="SkiaSharp.Views.Blazor" Version="3.119.1" />
@@ -32,11 +36,16 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="8.0.11" />
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="8.0.11" PrivateAssets="all" />
-    <PackageReference Include="DevExpress.Drawing.Skia" Version="25.2.3" />
-    <PackageReference Include="DevExpress.Blazor.Reporting.JSBasedControls" Version="25.2.3" />
-    <PackageReference Include="DevExpress.Blazor.Reporting.Viewer" Version="25.2.3" />
   </ItemGroup>
   <ItemGroup>
     <Folder Include="Properties\PublishProfiles\" />
   </ItemGroup>
+  <ItemGroup>
+    <Content Update="wwwroot\docs\privacy-policy.en-US.html">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </Content>
+    <Content Update="wwwroot\docs\privacy-policy.fr-FR.html">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </Content>
+  </ItemGroup>
 </Project>

EnvelopeGenerator.ReceiverUI/Models/AnnotationDto.cs

@@ -0,0 +1,29 @@
+namespace EnvelopeGenerator.ReceiverUI.Models;
+
+/// <summary>
+/// Represents a pre-assigned signature annotation position on a specific page.
+/// <br/><br/>
+/// <b>Coordinate unit (X, Y):</b> Hundredths of an inch (1/100 inch ? 2.83 PDF points),
+/// origin at the <b>top-left</b> corner of the page, both axes increase downward/rightward.
+/// This matches the DevExpress XtraReports coordinate system (<see cref="System.Drawing.RectangleF"/>).
+/// <br/><br/>
+/// <b>Difference from PSPDFKit:</b> Same origin (top-left) and direction, but PSPDFKit uses PDF points (1/72 inch).
+/// Convert: <c>xDX = xPsPdf * (100.0 / 72.0)</c>
+/// <br/>
+/// <b>Difference from GDPicture:</b> GDPicture uses PDF points with <b>bottom-left</b> origin (PDF standard); Y is flipped.
+/// Convert: <c>yDX = (pageHeightPt - yGD - elemHeightPt) * (100.0 / 72.0)</c>
+/// </summary>
+public record AnnotationDto
+{
+    /// <summary>Unique identifier of the annotation.</summary>
+    public long Id { get; init; }
+
+    /// <summary>1-based page number within the document.</summary>
+    public int Page { get; init; }
+
+    /// <summary>Horizontal position in hundredths of an inch from the left edge of the page.</summary>
+    public double X { get; init; }
+
+    /// <summary>Vertical position in hundredths of an inch from the top edge of the page.</summary>
+    public double Y { get; init; }
+}

EnvelopeGenerator.ReceiverUI/Models/EnvelopeReceiverDto.cs

@@ -0,0 +1,106 @@
+namespace EnvelopeGenerator.ReceiverUI.Models;
+
+/// <summary>
+/// Client-side model for the envelope receiver returned by
+/// <c>GET api/EnvelopeReceiver/{envelopeKey}</c>.
+/// </summary>
+public record EnvelopeReceiverDto
+{
+    public int EnvelopeId { get; init; }
+    public int ReceiverId { get; init; }
+    public int Sequence { get; init; }
+
+    public string? Name { get; init; }
+    public string? JobTitle { get; init; }
+    public string? CompanyName { get; init; }
+    public string? PrivateMessage { get; init; }
+
+    public DateTime AddedWhen { get; init; }
+    public DateTime? ChangedWhen { get; init; }
+    public bool HasPhoneNumber { get; init; }
+
+    public EnvelopeClientDto? Envelope { get; init; }
+    public ReceiverClientDto? Receiver { get; init; }
+}
+
+/// <summary>
+/// Client-side model for the envelope data embedded in <see cref="EnvelopeReceiverDto"/>.
+/// </summary>
+public record EnvelopeClientDto
+{
+    public int Id { get; init; }
+    public int UserId { get; init; }
+    public int Status { get; init; }
+    public string StatusName { get; init; } = string.Empty;
+    public string Uuid { get; init; } = string.Empty;
+    public string Title { get; init; } = string.Empty;
+    public string Message { get; init; } = string.Empty;
+    public DateTime AddedWhen { get; init; }
+    public DateTime? ChangedWhen { get; init; }
+    public string Language { get; init; } = "de-DE";
+    public int? EnvelopeTypeId { get; init; }
+    public string? EnvelopeTypeTitle { get; init; }
+    public int? ContractType { get; init; }
+    public int? CertificationType { get; init; }
+    public bool UseAccessCode { get; init; }
+    public bool TFAEnabled { get; init; }
+    public IEnumerable<DocumentClientDto>? Documents { get; init; }
+    public EnvelopeSenderDto? User { get; init; }
+}
+
+/// <summary>
+/// Sender (user) information embedded in <see cref="EnvelopeClientDto"/>.
+/// </summary>
+public record EnvelopeSenderDto
+{
+    public int Id { get; init; }
+    public string? Username { get; init; }
+    public string? FullName { get; init; }
+    public string? Email { get; init; }
+}
+
+/// <summary>
+/// Client-side model for a document embedded in <see cref="EnvelopeClientDto"/>.
+/// </summary>
+public record DocumentClientDto
+{
+    public int Id { get; init; }
+    public int EnvelopeId { get; init; }
+    public DateTime AddedWhen { get; init; }
+    public IEnumerable<SignatureClientDto>? Elements { get; init; }
+}
+
+/// <summary>
+/// Client-side model for a signature/annotation element embedded in <see cref="DocumentClientDto"/>.
+/// </summary>
+public record SignatureClientDto
+{
+    public int Id { get; init; }
+    public int DocumentId { get; init; }
+    public int ReceiverId { get; init; }
+    public int ElementType { get; init; }
+    public double X { get; init; }
+    public double Y { get; init; }
+    public double Width { get; init; }
+    public double Height { get; init; }
+    public int Page { get; init; }
+    public bool Required { get; init; }
+    public string? Tooltip { get; init; }
+    public bool ReadOnly { get; init; }
+    public int AnnotationIndex { get; init; }
+    public DateTime AddedWhen { get; init; }
+    public DateTime? ChangedWhen { get; init; }
+}
+
+/// <summary>
+/// Client-side model for the receiver data embedded in <see cref="EnvelopeReceiverDto"/>.
+/// </summary>
+public record ReceiverClientDto
+{
+    public int Id { get; init; }
+    public string? EmailAddress { get; init; }
+    public string? Signature { get; init; }
+    public DateTime AddedWhen { get; init; }
+    public DateTime? TfaRegDeadline { get; init; }
+}
+

EnvelopeGenerator.ReceiverUI/Options/ApiOptions.cs

@@ -0,0 +1,10 @@
+namespace EnvelopeGenerator.ReceiverUI.Options;
+
+public class ApiOptions
+{
+    public const string SectionName = "Api";
+
+    public string BaseUrl { get; set; } = string.Empty;
+
+    public bool ForceToUseFakeDocument { get; set; } = false;
+}

EnvelopeGenerator.ReceiverUI/Pages/Index.razor

@@ -1,40 +1,60 @@
 @page "/"
-@inject NavigationManager NavigationManager
 
-<div class="d-flex justify-content-center align-items-center" style="min-height: 70vh;">
-    <div class="card shadow-sm border-0" style="max-width: 560px; width: 100%;">
-        <div class="card-body p-5 text-center">
-            <div class="rounded-circle bg-primary bg-opacity-10 d-inline-flex align-items-center justify-content-center mb-4" style="width: 72px; height: 72px;">
-                <span class="oi oi-document text-primary" aria-hidden="true" style="font-size: 2rem;"></span>
+<link href="_content/DevExpress.Blazor.Themes/blazing-berry.bs5.min.css" rel="stylesheet" />
+
+<div class="home-page-wrapper">
+
+    <div class="home-hero-header">
+        <div class="home-hero-header__inner">
+            <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" fill="currentColor" class="home-hero-header__icon" viewBox="0 0 16 16">
+                <path d="M0 4a2 2 0 0 1 2-2h12a2 2 0 0 1 2 2v8a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2V4Zm2-1a1 1 0 0 0-1 1v.217l7 4.2 7-4.2V4a1 1 0 0 0-1-1H2Zm13 2.383-4.708 2.825L15 11.105V5.383Zm-.034 6.876-5.64-3.471L8 9.583l-1.326-.795-5.64 3.47A1 1 0 0 0 2 13h12a1 1 0 0 0 .966-.741ZM1 11.105l4.708-2.897L1 5.383v5.722Z"/>
+            </svg>
+            <div>
+                <h1 class="home-hero-header__title">SignFlow</h1>
+                <p class="home-hero-header__subtitle">Willkommen im eSign-Portal</p>
             </div>
-            <h2 class="mb-3">Empfänger-UI</h2>
-            <p class="text-muted mb-4">
-                Sie werden zur Empfänger-UI weitergeleitet. Bitte warten Sie einen Moment.
+        </div>
+    </div>
+
+    <div class="home-content">
+        <div class="home-card card shadow border-0">
+            <div class="card-body p-4 p-md-5 text-center">
+
+                <p class="text-muted mb-4" style="font-size: 0.92rem; line-height: 1.7;">
+                    Das digitale Unterschriftenportal ist eine Plattform, die entwickelt wurde, um Ihre Dokumente sicher zu unterschreiben und zu verwalten.
+                    Mit seiner benutzerfreundlichen Oberfläche können Sie Ihre Dokumente schnell hochladen, die Unterschriftsprozesse verfolgen und Ihre digitalen Unterschriftenanwendungen einfach durchführen.
+                    Dieses Portal beschleunigt Ihren Arbeitsablauf mit rechtlich gültigen Unterschriften und erhöht gleichzeitig die Sicherheit Ihrer Dokumente.
                 </p>
 
-            <DxLoadingPanel Visible="true"
-                            Text=""
-                            IndicatorVisible="false"
-                            IndicatorAreaVisible="false"
-                            IsContentBlocked="false"
-                            ApplyBackgroundShading="false">
-                <div class="d-flex flex-column align-items-center gap-3 py-3">
-                    <div class="spinner-border text-primary" role="status" style="width: 2rem; height: 2rem;">
-                        <span class="visually-hidden">Wird geladen...</span>
+                <div class="mt-4 pt-3 border-top">
+                    <div class="d-flex flex-wrap justify-content-center gap-3">
+                        <div class="home-feature-badge">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                                <path d="M8 1a2 2 0 0 1 2 2v4H6V3a2 2 0 0 1 2-2zm3 6V3a3 3 0 0 0-6 0v4a2 2 0 0 0-2 2v5a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2z"/>
+                            </svg>
+                            Sicherer Zugang
                         </div>
-                    <div class="text-muted small">Weiterleitung wird vorbereitet...</div>
+                        <div class="home-feature-badge">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                                <path d="M13.854 3.646a.5.5 0 0 1 0 .708l-7 7a.5.5 0 0 1-.708 0l-3.5-3.5a.5.5 0 1 1 .708-.708L6.5 10.293l6.646-6.647a.5.5 0 0 1 .708 0z"/>
+                            </svg>
+                            Digitale Unterschrift
                         </div>
-            </DxLoadingPanel>
+                        <div class="home-feature-badge">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                                <path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/>
+                                <path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/>
+                            </svg>
+                            PDF-Export
                         </div>
                     </div>
                 </div>
 
+            </div>
+        </div>
+    </div>
+
+</div>
+
 @code {
-    protected override async Task OnAfterRenderAsync(bool firstRender) {
-        if(!firstRender)
-            return;
-
-        await Task.Delay(1200);
-        NavigationManager.NavigateTo("/receiver");
-    }
 }

EnvelopeGenerator.ReceiverUI/Pages/Login.razor

@@ -0,0 +1,158 @@
+@page "/login/{EnvelopeKey}"
+@using EnvelopeGenerator.ReceiverUI.Services
+@inject AuthService AuthService
+@inject NavigationManager Navigation
+
+<link href="_content/DevExpress.Blazor.Themes/blazing-berry.bs5.min.css" rel="stylesheet" />
+
+<div class="login-page-wrapper d-flex align-items-center justify-content-center min-vh-100">
+    <div class="login-card card shadow border-0" style="max-width: 440px; width: 100%;">
+
+        <div class="card-header text-white text-center py-4 border-0" style="background: linear-gradient(135deg, #2c3e50 0%, #3498db 100%); border-radius: calc(0.375rem - 1px) calc(0.375rem - 1px) 0 0;">
+            <div class="mb-2">
+                <svg xmlns="http://www.w3.org/2000/svg" width="40" height="40" fill="currentColor" viewBox="0 0 16 16">
+                    <path d="M8 1a2 2 0 0 1 2 2v4H6V3a2 2 0 0 1 2-2zm3 6V3a3 3 0 0 0-6 0v4a2 2 0 0 0-2 2v5a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2z"/>
+                </svg>
+            </div>
+            <h5 class="mb-0 fw-semibold">Dokument öffnen</h5>
+            <p class="mb-0 mt-1 opacity-75" style="font-size: 0.85rem;">Sicherer Zugang mit Zugangscode</p>
+        </div>
+
+        <div class="card-body p-4">
+
+            <p class="text-muted mb-4" style="font-size: 0.875rem; line-height: 1.5;">
+                Bitte geben Sie den Zugangscode ein, den Sie per E-Mail erhalten haben, um das Dokument sicher zu öffnen.
+            </p>
+
+            @if (LoginResult == EnvelopeLoginResult.NotFound) {
+                <div class="alert alert-warning d-flex align-items-start gap-2 py-2" role="alert">
+                    <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" fill="currentColor" class="flex-shrink-0 mt-1" viewBox="0 0 16 16">
+                        <path d="M8.982 1.566a1.13 1.13 0 0 0-1.96 0L.165 13.233c-.457.778.091 1.767.98 1.767h13.713c.889 0 1.438-.99.98-1.767L8.982 1.566zM8 5c.535 0 .954.462.9.995l-.35 3.507a.552.552 0 0 1-1.1 0L7.1 5.995A.905.905 0 0 1 8 5zm.002 6a1 1 0 1 1 0 2 1 1 0 0 1 0-2z"/>
+                    </svg>
+                    <div>
+                        <strong>Dokument nicht gefunden.</strong><br />
+                        <span style="font-size:0.85rem;">Der angegebene Zugangscode konnte keinem Dokument zugeordnet werden. Bitte prüfen Sie den Link in Ihrer E-Mail.</span>
+                    </div>
+                </div>
+            } else if (LoginResult == EnvelopeLoginResult.InvalidCode) {
+                <div class="alert alert-danger d-flex align-items-start gap-2 py-2" role="alert">
+                    <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" fill="currentColor" class="flex-shrink-0 mt-1" viewBox="0 0 16 16">
+                        <path d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM5.354 4.646a.5.5 0 1 0-.708.708L7.293 8l-2.647 2.646a.5.5 0 0 0 .708.708L8 8.707l2.646 2.647a.5.5 0 0 0 .708-.708L8.707 8l2.647-2.646a.5.5 0 0 0-.708-.708L8 7.293 5.354 4.646z"/>
+                    </svg>
+                    <div>
+                        <strong>Ungültiger Zugangscode.</strong><br />
+                        <span style="font-size:0.85rem;">Der eingegebene Code ist falsch. Bitte versuchen Sie es erneut.</span>
+                    </div>
+                </div>
+            } else if (LoginResult == EnvelopeLoginResult.Error) {
+                <div class="alert alert-secondary d-flex align-items-start gap-2 py-2" role="alert">
+                    <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" fill="currentColor" class="flex-shrink-0 mt-1" viewBox="0 0 16 16">
+                        <path d="M8 15A7 7 0 1 1 8 1a7 7 0 0 1 0 14zm0 1A8 8 0 1 0 8 0a8 8 0 0 0 0 16z"/>
+                        <path d="M7.002 11a1 1 0 1 1 2 0 1 1 0 0 1-2 0zM7.1 4.995a.905.905 0 1 1 1.8 0l-.35 3.507a.552.552 0 0 1-1.1 0L7.1 4.995z"/>
+                    </svg>
+                    <div>
+                        <strong>Serverfehler.</strong><br />
+                        <span style="font-size:0.85rem;">Ein unerwarteter Fehler ist aufgetreten. Bitte versuchen Sie es später erneut.</span>
+                    </div>
+                </div>
+            }
+
+            <div class="mb-4">
+                <label class="form-label fw-medium" for="login-access-code">
+                    Zugangscode
+                    <span class="text-danger ms-1">*</span>
+                </label>
+                <div class="input-group">
+                    <span class="input-group-text bg-light border-end-0">
+                        <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="#6c757d" viewBox="0 0 16 16">
+                            <path d="M3.5 11.5a3.5 3.5 0 1 1 3.163-5H14L15.5 8 14 9.5l-1-1-1 1-1-1-1 1-1-1-1.837 1.337A3.5 3.5 0 0 1 3.5 11.5zm0-1a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
+                        </svg>
+                    </span>
+                    <input id="login-access-code"
+                           type="@(ShowCode ? "text" : "password")"
+                           class="form-control border-start-0 border-end-0 @(LoginResult == EnvelopeLoginResult.InvalidCode ? "is-invalid" : null)"
+                           placeholder="Zugangscode eingeben"
+                           @bind="AccessCode"
+                           @bind:event="oninput"
+                           @onkeydown="OnKeyDownAsync"
+                           disabled="@IsLoading"
+                           autocomplete="one-time-code" />
+                    <button type="button"
+                            class="btn btn-outline-secondary border-start-0"
+                            style="border-left: none;"
+                            tabindex="-1"
+                            @onclick="() => ShowCode = !ShowCode">
+                        @if (ShowCode) {
+                            <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
+                                <path d="M13.359 11.238C15.06 9.72 16 8 16 8s-3-5.5-8-5.5a7.028 7.028 0 0 0-2.79.588l.77.771A5.944 5.944 0 0 1 8 3.5c2.12 0 3.879 1.168 5.168 2.457A13.134 13.134 0 0 1 14.828 8c-.058.087-.122.183-.195.288-.335.48-.83 1.12-1.465 1.755-.165.165-.337.328-.517.486l.708.709z"/>
+                                <path d="M11.297 9.176a3.5 3.5 0 0 0-4.474-4.474l.823.823a2.5 2.5 0 0 1 2.829 2.829l.822.822zm-2.943 1.299.822.822a3.5 3.5 0 0 1-4.474-4.474l.823.823a2.5 2.5 0 0 0 2.829 2.829z"/>
+                                <path d="M3.35 5.47c-.18.16-.353.322-.518.487A13.134 13.134 0 0 0 1.172 8l.195.288c.335.48.83 1.12 1.465 1.755C4.121 11.332 5.881 12.5 8 12.5c.716 0 1.39-.133 2.02-.36l.77.772A7.029 7.029 0 0 1 8 13.5C3 13.5 0 8 0 8s.939-1.721 2.641-3.238l.708.709z"/>
+                                <path fill-rule="evenodd" d="M13.646 14.354l-12-12 .708-.708 12 12-.708.708z"/>
+                            </svg>
+                        } else {
+                            <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
+                                <path d="M16 8s-3-5.5-8-5.5S0 8 0 8s3 5.5 8 5.5S16 8 16 8zM1.173 8a13.133 13.133 0 0 1 1.66-2.043C4.12 4.668 5.88 3.5 8 3.5c2.12 0 3.879 1.168 5.168 2.457A13.133 13.133 0 0 1 14.828 8c-.058.087-.122.183-.195.288-.335.48-.83 1.12-1.465 1.755C11.879 11.332 10.119 12.5 8 12.5c-2.12 0-3.879-1.168-5.168-2.457A13.134 13.134 0 0 1 1.172 8z"/>
+                                <path d="M8 5.5a2.5 2.5 0 1 0 0 5 2.5 2.5 0 0 0 0-5zM4.5 8a3.5 3.5 0 1 1 7 0 3.5 3.5 0 0 1-7 0z"/>
+                            </svg>
+                        }
+                    </button>
+                </div>
+            </div>
+
+            <button class="btn btn-primary w-100 py-2 fw-medium"
+                    style="background: linear-gradient(135deg, #2c3e50 0%, #3498db 100%); border: none;"
+                    @onclick="SubmitAsync"
+                    disabled="@(IsLoading || string.IsNullOrWhiteSpace(AccessCode))">
+                @if (IsLoading) {
+                    <span class="spinner-border spinner-border-sm me-2" role="status" aria-hidden="true"></span>
+                    <span>Überprüfen …</span>
+                } else {
+                    <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="me-2" viewBox="0 0 16 16">
+                        <path d="M8 1a2 2 0 0 1 2 2v4H6V3a2 2 0 0 1 2-2zm3 6V3a3 3 0 0 0-6 0v4a2 2 0 0 0-2 2v5a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2z"/>
+                    </svg>
+                    <span>Dokument öffnen</span>
+                }
+            </button>
+
+        </div>
+
+        <div class="card-footer text-center text-muted py-3 border-0 bg-transparent" style="font-size: 0.78rem;">
+            Bei Problemen wenden Sie sich bitte an den Absender des Dokuments.
+        </div>
+
+    </div>
+</div>
+
+@code {
+    [Parameter] public string EnvelopeKey { get; set; } = string.Empty;
+
+    string AccessCode = string.Empty;
+    bool ShowCode;
+    bool IsLoading;
+    EnvelopeLoginResult? LoginResult;
+
+    async Task OnKeyDownAsync(Microsoft.AspNetCore.Components.Web.KeyboardEventArgs e) {
+        if (e.Key == "Enter")
+            await SubmitAsync();
+    }
+
+    async Task SubmitAsync() {
+        if (string.IsNullOrWhiteSpace(AccessCode) || IsLoading) return;
+
+        IsLoading = true;
+        LoginResult = null;
+        await InvokeAsync(StateHasChanged);
+
+        var result = await AuthService.LoginEnvelopeReceiverAsync(EnvelopeKey, AccessCode.Trim());
+
+        if (result == EnvelopeLoginResult.Success) {
+            Navigation.NavigateTo($"/receiver/{Uri.EscapeDataString(EnvelopeKey)}", forceLoad: true);
+            return;
+        }
+
+        LoginResult = result;
+        IsLoading = false;
+        await InvokeAsync(StateHasChanged);
+    }
+}
+

EnvelopeGenerator.ReceiverUI/Pages/ReportViewer.razor

@@ -1,18 +1,31 @@
-@page "/receiver"
+@page "/receiver/{EnvelopeKey}"
 @using System.Drawing
+@using DevExpress.Blazor
 @using DevExpress.Drawing
 @using DevExpress.Utils
 @using DevExpress.XtraPrinting
 @using DevExpress.XtraPrinting.Drawing
+@using Microsoft.JSInterop
 @using XtraReport = DevExpress.XtraReports.UI.XtraReport
 @using BottomMarginBand = DevExpress.XtraReports.UI.BottomMarginBand
 @using XRLabel = DevExpress.XtraReports.UI.XRLabel
 @using XRPictureBox = DevExpress.XtraReports.UI.XRPictureBox
 @using XRControl = DevExpress.XtraReports.UI.XRControl
 @using ImageSizeMode = DevExpress.XtraPrinting.ImageSizeMode
-@using EnvelopeGenerator.ReceiverUI.Services;
+@using EnvelopeGenerator.ReceiverUI.Services
+@using DevExpress.Blazor.Reporting
+@using Microsoft.Extensions.Options
+@using EnvelopeGenerator.ReceiverUI.Options
+@using EnvelopeGenerator.ReceiverUI.Models
+@implements IDisposable
 @inject IJSRuntime JSRuntime
+@inject AnnotationService AnnotationService
+@inject IOptions<ApiOptions> AppOptions
+@inject NavigationManager Navigation
 @inject InMemoryReportStorageWebExtension ReportStorage
+@inject EnvelopeGenerator.ReceiverUI.Services.DocumentService DocumentService
+@inject EnvelopeGenerator.ReceiverUI.Services.AuthService AuthService
+@inject EnvelopeGenerator.ReceiverUI.Services.EnvelopeReceiverService EnvelopeReceiverService
 
 <link href="_content/DevExpress.Blazor.Themes/blazing-berry.bs5.min.css" rel="stylesheet" />
 <link href="_content/DevExpress.Blazor.Reporting.Viewer/css/dx-blazor-reporting-components.bs5.css" rel="stylesheet" />
@@ -20,35 +33,161 @@
 <div class="receiver-page-layout">
 
 <div class="receiver-signature-panel">
-<div class="card m-3">
-    <div class="card-body">
-        <h5 class="card-title">Unterschrift</h5>
-        <p class="card-text text-muted mb-2">
-            @if(SignatureApplied) {
-                <span>Die Unterschrift wurde dem Bericht hinzugefuegt. Sie koennen die Unterschrift erneuern oder das signierte PDF exportieren.</span>
+
+@* ?? Envelope info header ???????????????????????????????????????????????? *@
+@if (_envelopeReceiver is not null) {
+<div class="receiver-info-header">
+    <div class="receiver-info-header__gradient">
+        <div class="receiver-info-header__left">
+            <svg xmlns="http://www.w3.org/2000/svg" width="22" height="22" fill="currentColor" class="receiver-info-header__icon" viewBox="0 0 16 16">
+                <path d="M0 4a2 2 0 0 1 2-2h12a2 2 0 0 1 2 2v8a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2V4Zm2-1a1 1 0 0 0-1 1v.217l7 4.2 7-4.2V4a1 1 0 0 0-1-1H2Zm13 2.383-4.708 2.825L15 11.105V5.383Zm-.034 6.876-5.64-3.471L8 9.583l-1.326-.795-5.64 3.47A1 1 0 0 0 2 13h12a1 1 0 0 0 .966-.741ZM1 11.105l4.708-2.897L1 5.383v5.722Z"/>
+            </svg>
+            <div>
+                <div class="receiver-info-header__title">@(_envelopeReceiver.Envelope?.Title ?? "Dokument")</div>
+                @if (!string.IsNullOrWhiteSpace(_envelopeReceiver.Envelope?.User?.FullName) || !string.IsNullOrWhiteSpace(_envelopeReceiver.Envelope?.User?.Email)) {
+                    <div class="receiver-info-header__sender">
+                        Von
+                        @if (!string.IsNullOrWhiteSpace(_envelopeReceiver.Envelope?.User?.FullName)) {
+                            <strong>@_envelopeReceiver.Envelope!.User!.FullName</strong>
+                        }
+                        @if (!string.IsNullOrWhiteSpace(_envelopeReceiver.Envelope?.User?.Email)) {
+                            <span class="opacity-75">&lt;@_envelopeReceiver.Envelope!.User!.Email&gt;</span>
+                        }
+                        &nbsp;&middot;&nbsp; @_envelopeReceiver.Envelope?.AddedWhen.ToString("dd.MM.yyyy")
+                    </div>
+                }
+            </div>
+        </div>
+        <div class="receiver-info-header__badges">
+            @if (!string.IsNullOrWhiteSpace(_envelopeReceiver.Name)) {
+                <span class="receiver-info-badge">
+                    <svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                        <path d="M8 8a3 3 0 1 0 0-6 3 3 0 0 0 0 6Zm2-3a2 2 0 1 1-4 0 2 2 0 0 1 4 0Zm4 8c0 1-1 1-1 1H3s-1 0-1-1 1-4 6-4 6 3 6 4Z"/>
+                    </svg>
+                    @_envelopeReceiver.Name
+                </span>
+            }
+            @if (!string.IsNullOrWhiteSpace(_envelopeReceiver.CompanyName)) {
+                <span class="receiver-info-badge">
+                    <svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                        <path d="M14.763.075A.5.5 0 0 1 15 .5v15a.5.5 0 0 1-.5.5h-3a.5.5 0 0 1-.5-.5V14h-1v1.5a.5.5 0 0 1-.5.5h-9a.5.5 0 0 1-.5-.5V10a.5.5 0 0 1 .342-.474L6 7.64V4.5a.5.5 0 0 1 .276-.447l8-4a.5.5 0 0 1 .487.022Z"/>
+                    </svg>
+                    @_envelopeReceiver.CompanyName
+                </span>
+            }
+            @if (!string.IsNullOrWhiteSpace(_envelopeReceiver.JobTitle)) {
+                <span class="receiver-info-badge receiver-info-badge--muted">@_envelopeReceiver.JobTitle</span>
+            }
+            @{
+                var docElements = _envelopeReceiver.Envelope?.Documents?.FirstOrDefault()?.Elements;
+                int sigCount = docElements?.Count() ?? _annotations.Count;
+            }
+            @if (sigCount > 0) {
+                <span class="receiver-info-badge receiver-info-badge--accent">
+                    <svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                        <path d="M12.146.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1 0 .708l-10 10a.5.5 0 0 1-.168.11l-5 2a.5.5 0 0 1-.65-.65l2-5a.5.5 0 0 1 .11-.168l10-10zM11.207 2.5 13.5 4.793 14.793 3.5 12.5 1.207 11.207 2.5zm1.586 3L10.5 3.207 4 9.707V10h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.293l6.5-6.5zm-9.761 5.175-.106.106-1.528 3.821 3.821-1.528.106-.106A.5.5 0 0 1 5 12.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.468-.325z"/>
+                    </svg>
+                    @sigCount @(sigCount == 1 ? "Unterschriftsfeld" : "Unterschriftsfelder")
+                </span>
+            }
+        </div>
+    </div>
+    @if (!string.IsNullOrWhiteSpace(_envelopeReceiver.Envelope?.Message)) {
+        <div class="receiver-info-message">@_envelopeReceiver.Envelope!.Message</div>
+    }
+    @if (!string.IsNullOrWhiteSpace(_envelopeReceiver.PrivateMessage)) {
+        <div class="receiver-info-private-message">
+            <svg xmlns="http://www.w3.org/2000/svg" width="13" height="13" fill="currentColor" class="me-1 flex-shrink-0" viewBox="0 0 16 16">
+                <path d="M8 1a2 2 0 0 1 2 2v4H6V3a2 2 0 0 1 2-2zm3 6V3a3 3 0 0 0-6 0v4a2 2 0 0 0-2 2v5a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2z"/>
+            </svg>
+            @_envelopeReceiver.PrivateMessage
+        </div>
+    }
+</div>
+}
+
+@* ?? Signature action bar ???????????????????????????????????????????????? *@
+<div class="receiver-action-bar">
+    <div class="receiver-action-bar__inner">
+        <button class="btn btn-sm @(_capturedSignature is not null ? "btn-outline-success" : "btn-primary")" @onclick="OpenSignaturePopupAsync">
+            @if (_capturedSignature is not null) {
+                <svg xmlns="http://www.w3.org/2000/svg" width="13" height="13" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                    <path d="M13.854 3.646a.5.5 0 0 1 0 .708l-7 7a.5.5 0 0 1-.708 0l-3.5-3.5a.5.5 0 1 1 .708-.708L6.5 10.293l6.646-6.647a.5.5 0 0 1 .708 0z"/>
+                </svg>
+                <span>Unterschrift gespeichert</span>
             } else {
-                <span>Bitte fuegen Sie vor dem PDF-Export Ihre Unterschrift hinzu.</span>
+                <svg xmlns="http://www.w3.org/2000/svg" width="13" height="13" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                    <path d="M12.146.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1 0 .708l-10 10a.5.5 0 0 1-.168.11l-5 2a.5.5 0 0 1-.65-.65l2-5a.5.5 0 0 1 .11-.168l10-10zM11.207 2.5 13.5 4.793 14.793 3.5 12.5 1.207 11.207 2.5zm1.586 3L10.5 3.207 4 9.707V10h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.293l6.5-6.5zm-9.761 5.175-.106.106-1.528 3.821 3.821-1.528.106-.106A.5.5 0 0 1 5 12.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.468-.325z"/>
+                </svg>
+                <span>Unterschrift erstellen</span>
             }
-        </p>
-        @if(!string.IsNullOrWhiteSpace(SignatureValidationMessage)) {
-            <div class="text-danger mb-2">@SignatureValidationMessage</div>
-        }
-        <div class="d-flex gap-2 flex-wrap">
-            <button class="btn btn-primary" @onclick="OpenSignaturePopupAsync">
-                @(SignatureApplied ? "Unterschrift erneuern" : "Unterschrift hinzufuegen")
         </button>
-            <button class="btn btn-success" disabled="@(!SignatureApplied)" @onclick="ExportSignedPdfAsync">Signiertes PDF exportieren</button>
+
+        @if (_annotations.Count > 0 && !SignatureApplied) {
+            <div class="receiver-action-bar__progress">
+                <div class="progress" style="height:5px; min-width:70px; width:90px;">
+                    <div class="progress-bar @(_checkedAnnotations.Count == _annotations.Count ? "bg-success" : "bg-primary")"
+                         style="width:@(_annotations.Count > 0 ? (_checkedAnnotations.Count * 100 / _annotations.Count) : 0)%"
+                         role="progressbar"></div>
+                </div>
+                <span class="text-muted" style="font-size:0.75rem;">
+                    @_checkedAnnotations.Count&thinsp;/&thinsp;@_annotations.Count
+                    Seite@(AnnotationPages.Count() == 1 ? "" : "n")&nbsp;@string.Join(",", AnnotationPages)
+                </span>
+                @if (_capturedSignature is null) {
+                    <span class="text-muted fst-italic" style="font-size:0.72rem;">Zuerst Unterschrift erstellen</span>
+                } else if (_checkedAnnotations.Count == _annotations.Count) {
+                    <span class="text-success fw-semibold" style="font-size:0.72rem;">&#10003; Wird angewendet&hellip;</span>
+                }
+            </div>
+        }
+
+        @if (!string.IsNullOrWhiteSpace(SignatureValidationMessage)) {
+            <span class="text-danger" style="font-size:0.78rem;">@SignatureValidationMessage</span>
+        }
+        @if (SignatureApplied) {
+            <span class="text-success" style="font-size:0.78rem;">
+                <svg xmlns="http://www.w3.org/2000/svg" width="13" height="13" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                    <path d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zm-3.97-3.03a.75.75 0 0 0-1.08.022L7.477 9.417 5.384 7.323a.75.75 0 0 0-1.06 1.06L6.97 11.03a.75.75 0 0 0 1.079-.02l3.992-4.99a.75.75 0 0 0-.01-1.05z"/>
+                </svg>
+                Unterschrift angewendet
+            </span>
+        }
+
+        <div class="ms-auto d-flex align-items-center gap-2">
+            <button class="btn btn-sm btn-success" disabled="@(!SignatureApplied)" @onclick="ExportSignedPdfAsync">
+                <svg xmlns="http://www.w3.org/2000/svg" width="13" height="13" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                    <path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/>
+                    <path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/>
+                </svg>
+                PDF exportieren
+            </button>
+            @if (!string.IsNullOrWhiteSpace(EnvelopeKey)) {
+                <button class="btn btn-sm btn-outline-danger" @onclick="LogoutAsync" disabled="@IsLoggingOut" title="Abmelden">
+                    @if (IsLoggingOut) {
+                        <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span>
+                    } else {
+                        <svg xmlns="http://www.w3.org/2000/svg" width="14" height="14" fill="currentColor" viewBox="0 0 16 16">
+                            <path fill-rule="evenodd" d="M10 12.5a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-9a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v2a.5.5 0 0 0 1 0v-2A1.5 1.5 0 0 0 9.5 2h-8A1.5 1.5 0 0 0 0 3.5v9A1.5 1.5 0 0 0 1.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-2a.5.5 0 0 0-1 0v2z"/>
+                            <path fill-rule="evenodd" d="M15.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 0 0-.708.708L14.293 7.5H5.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
+                        </svg>
+                    }
+                </button>
+            }
         </div>
     </div>
 </div>
+
 </div>
 
 <DxPopup @bind-Visible="SignaturePopupVisible"
 HeaderText="Unterschrift erfassen"
 Width="620px"
 ShowFooter="true"
-         CloseOnEscape="true"
-         CloseOnOutsideClick="false">
+CloseOnEscape="false"
+ShowCloseButton="false"
+CloseOnOutsideClick="false"
+Shown="OnPopupShownAsync">
     <BodyContentTemplate>
         <ul class="nav nav-tabs mb-3">
             <li class="nav-item">
@@ -112,21 +251,21 @@
     <FooterContentTemplate>
         <div class="d-flex gap-2 flex-wrap justify-content-end w-100">
             <button class="btn btn-outline-secondary" @onclick="RenewSignatureAsync">Unterschrift erneuern</button>
-            <button class="btn btn-primary" @onclick="ApplySignatureAsync">Zum Bericht hinzufuegen</button>
-            <button class="btn btn-secondary" @onclick="CloseSignaturePopup">Schliessen</button>
+            <button class="btn btn-primary" @onclick="SaveSignatureAsync">Speichern</button>
         </div>
     </FooterContentTemplate>
 </DxPopup>
 
 <div class="receiver-viewer-wrapper">
 @if(Report is not null) {
-    <DxReportViewer @key="ViewerKey" @ref="reportViewer" Report="Report" RootCssClasses="w-100 h-100" />
+    <DxReportViewer @key="ViewerKey" @ref="reportViewer" Report="Report" RootCssClasses="w-100 h-100" Zoom="1.3" />
 }
 </div>
 
 </div>
 
 @code {
+
     const string SignatureTabDraw = "draw";
     const string SignatureTabText = "text";
     const string SignatureTabImage = "image";
@@ -143,7 +282,9 @@
     ("Cursive", "cursive")
 };
 
-    DxReportViewer reportViewer;
+    [Parameter] public string EnvelopeKey { get; set; } = string.Empty;
+
+    DxReportViewer? reportViewer;
     XtraReport? Report;
     bool SignatureApplied;
     bool SignaturePopupVisible;
@@ -156,20 +297,98 @@
     string SignerPosition = string.Empty;
     string SignaturePlace = string.Empty;
     int ViewerKey;
+    bool IsLoggingOut;
 
-    protected override async Task OnInitializedAsync() {
-        Report = CreateReportInstance();
+    IReadOnlyList<AnnotationDto> _annotations = [];
+    IEnumerable<int> AnnotationPages => _annotations.Select(a => a.Page).Distinct().OrderBy(p => p);
+    EnvelopeReceiverDto? _envelopeReceiver;
+    record SignatureCapture(string DataUrl, string FullName, string Position, string Place);
+    SignatureCapture? _capturedSignature;
+    byte[]? _basePdfBytes;
+    // annotation IDs the user has checked via overlay checkboxes
+    readonly HashSet<long> _checkedAnnotations = [];
+    DotNetObjectReference<ReportViewer>? _dotNetRef;
+    int _lastOverlayViewerKey = -1;
 
-        await Task.CompletedTask;
+    async Task LogoutAsync() {
+        if (string.IsNullOrWhiteSpace(EnvelopeKey) || IsLoggingOut) return;
+        IsLoggingOut = true;
+        await InvokeAsync(StateHasChanged);
+        await AuthService.LogoutEnvelopeReceiverAsync(EnvelopeKey);
+        Navigation.NavigateTo($"/login/{Uri.EscapeDataString(EnvelopeKey)}", forceLoad: true);
     }
 
-    async Task OpenSignaturePopupAsync() {
+    protected override async Task OnInitializedAsync() {
+
+        if (!string.IsNullOrWhiteSpace(EnvelopeKey)) {
+            var hasAccess = await AuthService.CheckEnvelopeAccessAsync(EnvelopeKey);
+            if (!hasAccess) {
+                Navigation.NavigateTo($"/login/{Uri.EscapeDataString(EnvelopeKey)}");
+                return;
+            }
+            else
+            {
                 ActiveSignatureTab = SignatureTabDraw;
                 SignaturePopupVisible = true;
                 SignatureValidationMessage = null;
                 PopupValidationMessage = null;
+            }
+        }
+
+        _annotations = await AnnotationService.GetAnnotationsAsync(EnvelopeKey ?? "fake");
+        _envelopeReceiver = await EnvelopeReceiverService.GetAsync(EnvelopeKey ?? "fake");
+
+        if (!AppOptions.Value.ForceToUseFakeDocument && !string.IsNullOrWhiteSpace(EnvelopeKey)) {
+            var (pdfBytes, _) = await DocumentService.GetDocumentAsync(EnvelopeKey);
+            if (pdfBytes is { Length: > 0 })
+                _basePdfBytes = pdfBytes;
+        }
+
+        var initialReport = BuildFreshBaseReport();
+        Report = initialReport;
+    }
+
+    protected override async Task OnAfterRenderAsync(bool firstRender) {
+        if (firstRender)
+            _dotNetRef = DotNetObjectReference.Create(this);
+
+
+        if (Report is not null && _annotations.Count > 0
+            && _capturedSignature is not null && !SignatureApplied
+            && _lastOverlayViewerKey != ViewerKey) {
+            _lastOverlayViewerKey = ViewerKey;
+            await JSRuntime.InvokeVoidAsync(
+                "receiverSignature.installAnnotationCheckboxes",
+                _annotations, _checkedAnnotations.ToArray(), _dotNetRef);
+        }
+    }
+
+    [JSInvokable]
+    public async Task OnAnnotationToggled(long annotationId, bool isChecked) {
+        if (isChecked)
+            _checkedAnnotations.Add(annotationId);
+        else
+            _checkedAnnotations.Remove(annotationId);
         await InvokeAsync(StateHasChanged);
-        await Task.Delay(50);
+
+        if (_capturedSignature is not null
+            && !SignatureApplied
+            && _annotations.Count > 0
+            && _checkedAnnotations.Count == _annotations.Count) {
+            // K?sa bekleme: kullan?c? son tick'in görsel feedback'ini görsün
+            await Task.Delay(400);
+            await SubmitSignaturesAsync();
+        }
+    }
+
+    void OpenSignaturePopupAsync() {
+        ActiveSignatureTab = SignatureTabDraw;
+        SignaturePopupVisible = true;
+        SignatureValidationMessage = null;
+        PopupValidationMessage = null;
+    }
+
+    async Task OnPopupShownAsync() {
         await InitializeActiveSignatureTabAsync();
     }
 
@@ -224,19 +443,16 @@
         await JSRuntime.InvokeVoidAsync("receiverSignature.renderTypedSignature", TypedCanvasId, TypedSignatureText, TypedSignatureFont);
     }
 
-    async Task ApplySignatureAsync() {
+    async Task SaveSignatureAsync() {
         if (string.IsNullOrWhiteSpace(SignerFullName)) {
             PopupValidationMessage = "Bitte geben Sie Vor- und Nachname ein.";
             return;
         }
-
         if (string.IsNullOrWhiteSpace(SignaturePlace)) {
             PopupValidationMessage = "Bitte geben Sie den Ort ein.";
             return;
         }
-
         var signatureDataUrl = await GetActiveSignatureDataUrlAsync();
-
         if (string.IsNullOrWhiteSpace(signatureDataUrl)) {
             PopupValidationMessage = "Die Unterschrift ist fuer den PDF-Export erforderlich.";
             return;
@@ -244,10 +460,44 @@
 
         PopupValidationMessage = null;
         SignatureValidationMessage = null;
-        Report = CreateSignedReportInstance(signatureDataUrl, SignerFullName.Trim(), SignerPosition.Trim(), SignaturePlace.Trim());
+        _capturedSignature = new(signatureDataUrl, SignerFullName.Trim(), SignerPosition.Trim(), SignaturePlace.Trim());
+
+        // If no annotations, apply immediately (no checkbox step needed)
+        if (_annotations.Count == 0) {
+            var freshReport = BuildFreshBaseReport();
+            AddSignature(freshReport, _capturedSignature.DataUrl, _capturedSignature.FullName, _capturedSignature.Position, _capturedSignature.Place);
+            Report = freshReport;
             SignatureApplied = true;
             SignaturePopupVisible = false;
             ViewerKey++;
+            return;
+        }
+
+        // Close popup; checkboxes will appear on the PDF via OnAfterRenderAsync
+        SignaturePopupVisible = false;
+        _lastOverlayViewerKey = -1; // force overlay reinstall
+        await InvokeAsync(StateHasChanged);
+    }
+
+    async Task SubmitSignaturesAsync() {
+        if (_checkedAnnotations.Count == 0) {
+            SignatureValidationMessage = "Bitte markieren Sie mindestens ein Unterschriftsfeld im Dokument.";
+            return;
+        }
+        if (_checkedAnnotations.Count < _annotations.Count) {
+            SignatureValidationMessage = $"Bitte markieren Sie alle {_annotations.Count} Unterschriftsfelder. Noch {_annotations.Count - _checkedAnnotations.Count} offen.";
+            return;
+        }
+
+        SignatureValidationMessage = null;
+        var freshReport = BuildFreshBaseReport();
+        foreach (var ann in _annotations)
+            AddSignatureAtAnnotation(freshReport, ann, _capturedSignature!.DataUrl, _capturedSignature.FullName, _capturedSignature.Position, _capturedSignature.Place);
+
+        Report = freshReport;
+        SignatureApplied = true;
+        ViewerKey++;
+        await InvokeAsync(StateHasChanged);
     }
 
     async Task<string?> GetActiveSignatureDataUrlAsync() {
@@ -270,24 +520,66 @@
 
         try {
             SignatureValidationMessage = null;
-            await reportViewer.ExportToAsync(ExportFormat.Pdf);
+            await reportViewer!.ExportToAsync(ExportFormat.Pdf);
         } catch(Exception) {
             SignatureValidationMessage = "Das signierte PDF konnte nicht exportiert werden. Bitte laden Sie die Seite neu und versuchen Sie es erneut.";
         }
     }
 
+    XtraReport BuildFreshBaseReport() {
+        if (_basePdfBytes is { Length: > 0 }) {
+            var report = new XtraReport();
+            var detail = new DevExpress.XtraReports.UI.DetailBand();
+            report.Bands.Add(detail);
+            detail.Controls.Add(new DevExpress.XtraReports.UI.XRPdfContent { Source = _basePdfBytes, GenerateOwnPages = true });
+            return report;
+        }
+        return CreateReportInstance();
+    }
+
+    static void AddAnnotationPlaceholders(XtraReport report, IReadOnlyList<AnnotationDto> annotations) {
+        var bottomMargin = report.Bands.OfType<BottomMarginBand>().FirstOrDefault();
+        if (bottomMargin is null) {
+            bottomMargin = new BottomMarginBand();
+            report.Bands.Add(bottomMargin);
+        }
+
+        const float sigWidth      = 230F;
+        const float sigHeight     = 154F;
+        const float bottomPad     = 6F;
+        const float defaultTopPad = 8F;
+        const float maxBandHeight = 210F;
+
+        float requiredHeight = defaultTopPad + sigHeight + bottomPad;
+        bottomMargin.HeightF = Math.Min(maxBandHeight, Math.Max(bottomMargin.HeightF, requiredHeight));
+        float topPad = Math.Max(0F, bottomMargin.HeightF - bottomPad - sigHeight);
+
+        foreach (var ann in annotations) {
+            float sigX  = (float)(ann.X);
+            var annotId = ann.Id.ToString();
+
+            var placeholder = new XRLabel {
+                Name          = $"receiverSignaturePlaceholder_{annotId}",
+                Text          = "\u270e Bitte unterschreiben",
+                BoundsF       = new RectangleF(sigX, topPad, sigWidth, sigHeight),
+                Borders       = BorderSide.All,
+                BorderColor   = System.Drawing.Color.FromArgb(230, 81, 0),
+                BackColor     = System.Drawing.Color.FromArgb(30, 255, 236, 153),
+                Font          = new DXFont("Open Sans", 10F, DXFontStyle.Regular),
+                ForeColor     = System.Drawing.Color.FromArgb(94, 38, 0),
+                TextAlignment = TextAlignment.MiddleCenter
+            };
+
+            bottomMargin.Controls.Add(placeholder);
+        }
+    }
+
     XtraReport CreateReportInstance() {
         return ReportStorage.TryGetReport("LargeDatasetReport", out var savedReport)
             ? savedReport
             : PredefinedReports.ReportsFactory.GetReport("LargeDatasetReport");
     }
 
-    XtraReport CreateSignedReportInstance(string signatureDataUrl, string signerFullName, string signerPosition, string signaturePlace) {
-        var report = CreateReportInstance();
-        AddSignature(report, signatureDataUrl, signerFullName, signerPosition, signaturePlace);
-        return report;
-    }
-
     static void AddSignature(XtraReport report, string signatureDataUrl, string signerFullName, string signerPosition, string signaturePlace) {
         var imageBytes = Convert.FromBase64String(signatureDataUrl[(signatureDataUrl.IndexOf(',') + 1)..]);
         using var imageStream = new MemoryStream(imageBytes);
@@ -323,8 +615,8 @@
         float labelY = imageY + sigImgHeight + innerGap;
 
         var signatureInformation = string.IsNullOrWhiteSpace(signerPosition)
-            ? $"Empfaengerunterschrift\n{signerFullName}\n{signaturePlace}, {DateTime.Now:d}"
-            : $"Empfaengerunterschrift\n{signerFullName}\n{signerPosition}\n{signaturePlace}, {DateTime.Now:d}";
+            ? $"{signerFullName}\n{signaturePlace}, {DateTime.Now:d}"
+            : $"{signerFullName}\n{signerPosition}\n{signaturePlace}, {DateTime.Now:d}";
 
         var signature = new XRPictureBox {
             Name = "receiverSignatureImage",
@@ -357,4 +649,75 @@
         foreach(var control in controls)
             bottomMargin.Controls.Remove(control);
     }
+
+    static void AddSignatureAtAnnotation(XtraReport report, AnnotationDto? annotation, string signatureDataUrl, string signerFullName, string signerPosition, string signaturePlace) {
+        var imageBytes = Convert.FromBase64String(signatureDataUrl[(signatureDataUrl.IndexOf(',') + 1)..]);
+        using var imageStream = new MemoryStream(imageBytes);
+        var imageSource = new ImageSource(DXImage.FromStream(imageStream));
+        var bottomMargin = report.Bands.OfType<BottomMarginBand>().FirstOrDefault();
+
+        if (bottomMargin is null) {
+            bottomMargin = new BottomMarginBand();
+            report.Bands.Add(bottomMargin);
         }
+
+        var annotId = annotation?.Id.ToString() ?? "0";
+        RemoveExistingSignatureById(bottomMargin, annotId);
+
+        const float sigWidth      = 230F;
+        const float sigImgHeight  = 70F;
+        const float infoHeight    = 48.75F;
+        const float innerGap      = 5F;
+        const float bottomPad     = 6F;
+        const float defaultTopPad = 8F;
+        const float maxBandHeight = 210F;
+
+        float sigX           = (float)(annotation?.X ?? 390.0);
+        float requiredHeight = defaultTopPad + sigImgHeight + innerGap + infoHeight + bottomPad;
+        bottomMargin.HeightF = Math.Min(maxBandHeight, Math.Max(bottomMargin.HeightF, requiredHeight));
+        float topPad = Math.Max(0F, bottomMargin.HeightF - bottomPad - infoHeight - innerGap - sigImgHeight);
+        float imageY = topPad;
+        float labelY = imageY + sigImgHeight + innerGap;
+
+        var signatureInformation = string.IsNullOrWhiteSpace(signerPosition)
+            ? $"{signerFullName}\n{signaturePlace}, {DateTime.Now:d}"
+            : $"{signerFullName}\n{signerPosition}\n{signaturePlace}, {DateTime.Now:d}";
+
+        var signature = new XRPictureBox {
+            Name = $"receiverSignatureImage_{annotId}",
+            ImageSource = imageSource,
+            BoundsF = new RectangleF(sigX, imageY, sigWidth, sigImgHeight),
+            Sizing = ImageSizeMode.ZoomImage,
+            Borders = BorderSide.Bottom,
+            BorderColor = System.Drawing.Color.FromArgb(73, 80, 87),
+            BackColor = Color.FromArgb(219, 219, 219),
+        };
+
+        var signatureLabel = new XRLabel {
+            Name = $"receiverSignatureLabel_{annotId}",
+            Text = signatureInformation,
+            Multiline = true,
+            BoundsF = new RectangleF(sigX, labelY - 5, sigWidth, infoHeight),
+            Font = new DXFont("Open Sans", 8F, DXFontStyle.Regular),
+            ForeColor = System.Drawing.Color.FromArgb(73, 80, 87),
+            TextAlignment = TextAlignment.TopCenter,
+            BackColor = Color.FromArgb(219, 219, 219)
+        };
+
+        bottomMargin.Controls.AddRange(new XRControl[] { signature, signatureLabel });
+    }
+
+    static void RemoveExistingSignatureById(BottomMarginBand bottomMargin, string annotId) {
+        var controls = bottomMargin.Controls
+            .Cast<XRControl>()
+            .Where(c => c.Name == $"receiverSignatureImage_{annotId}" || c.Name == $"receiverSignatureLabel_{annotId}")
+            .ToArray();
+        foreach (var c in controls)
+            bottomMargin.Controls.Remove(c);
+    }
+
+    public void Dispose() {
+        _dotNetRef?.Dispose();
+    }
+}
+

EnvelopeGenerator.ReceiverUI/Pages/TestViewer.razor

@@ -0,0 +1,81 @@
+@page "/test"
+@using System.Drawing
+@using DevExpress.Drawing
+@using DevExpress.Utils
+@using DevExpress.XtraPrinting
+@using DevExpress.XtraPrinting.Drawing
+@using XtraReport = DevExpress.XtraReports.UI.XtraReport
+@using BottomMarginBand = DevExpress.XtraReports.UI.BottomMarginBand
+@using XRLabel = DevExpress.XtraReports.UI.XRLabel
+@using XRPictureBox = DevExpress.XtraReports.UI.XRPictureBox
+@using XRControl = DevExpress.XtraReports.UI.XRControl
+@using ImageSizeMode = DevExpress.XtraPrinting.ImageSizeMode
+@using EnvelopeGenerator.ReceiverUI.Services
+@using DevExpress.Blazor.Reporting
+@inject IJSRuntime JSRuntime
+@inject InMemoryReportStorageWebExtension ReportStorage
+@inject EnvelopeGenerator.ReceiverUI.Services.DocumentService DocumentService
+@inject Microsoft.Extensions.Configuration.IConfiguration Configuration
+@inject HttpClient Http
+@using System;
+
+<link href="_content/DevExpress.Blazor.Themes/blazing-berry.bs5.min.css" rel="stylesheet" />
+<link href="_content/DevExpress.Blazor.Reporting.Viewer/css/dx-blazor-reporting-components.bs5.css" rel="stylesheet" />
+
+<div class="receiver-page-layout">
+
+<div class="receiver-viewer-wrapper">
+        <embed class="w-100 h-50" src="/docs/Document.pdf" type="application/pdf" />
+        @if (PdfBytes is { Length: > 0 }) {
+            <DxPdfViewer DocumentContent="PdfBytes" CssClass="w-100 h-50" />
+        }
+        else{
+            <div>Not found</div>
+        }
+</div>
+
+</div>
+
+@code {
+
+    const string SignatureTabDraw = "draw";
+    const string SignatureTabText = "text";
+    const string SignatureTabImage = "image";
+    const string DrawCanvasId = "receiver-signature-pad";
+    const string TypedCanvasId = "receiver-typed-signature-pad";
+    const string ImageInputId = "receiver-signature-image-input";
+    const string ImageCanvasId = "receiver-image-signature-pad";
+
+    readonly (string Text, string Value)[] TypedSignatureFonts = {
+        ("Brush Script", "'Brush Script MT', cursive"),
+        ("Segoe Script", "'Segoe Script', cursive"),
+        ("Lucida Handwriting", "'Lucida Handwriting', cursive"),
+        ("Comic Sans", "'Comic Sans MS', cursive"),
+        ("Cursive", "cursive")
+    };
+
+    [Parameter] public string? EnvelopeKey { get; set; }
+
+    DxReportViewer? reportViewer;
+    XtraReport? Report;
+    string PdfViewerUrl = string.Empty;
+    byte[]? PdfBytes;
+    byte[]? SignedPdfBytes;
+    bool SignatureApplied;
+    bool SignaturePopupVisible;
+    string? PopupValidationMessage;
+    string ActiveSignatureTab = SignatureTabDraw;
+    string TypedSignatureText = string.Empty;
+    string TypedSignatureFont = "'Brush Script MT', cursive";
+    string SignerFullName = string.Empty;
+    string SignerPosition = string.Empty;
+    string SignaturePlace = string.Empty;
+    int ViewerKey;
+
+    protected override async Task OnInitializedAsync() {
+        PdfBytes = await Http.GetByteArrayAsync("/docs/Document.pdf");
+    }
+
+
+}
+

EnvelopeGenerator.ReceiverUI/Program.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Components.Web;
 using EnvelopeGenerator.ReceiverUI;
 using DevExpress.DataAccess.Web;
 using EnvelopeGenerator.ReceiverUI.Services;
+using EnvelopeGenerator.ReceiverUI.Options;
 using DevExpress.XtraReports.Services;
 using DevExpress.Blazor.Reporting;
 using DevExpress.XtraReports.Web.Extensions;
@@ -11,8 +12,15 @@ var builder = WebAssemblyHostBuilder.CreateDefault(args);
 builder.RootComponents.Add<App>("#app");
 builder.RootComponents.Add<HeadOutlet>("head::after");
 builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });
+builder.Services.Configure<ApiOptions>(opts =>
+builder.Configuration.GetSection(ApiOptions.SectionName).Bind(opts));
+builder.Services.AddScoped<EnvelopeGenerator.ReceiverUI.Services.DocumentService>();
+builder.Services.AddScoped<EnvelopeGenerator.ReceiverUI.Services.AuthService>();
+builder.Services.AddScoped<EnvelopeGenerator.ReceiverUI.Services.AnnotationService>();
+builder.Services.AddScoped<EnvelopeGenerator.ReceiverUI.Services.EnvelopeReceiverService>();
 
 builder.Services.AddDevExpressWebAssemblyBlazorReportViewer();
+builder.Services.AddDevExpressWebAssemblyBlazorPdfViewer();
 
 builder.Services.AddDevExpressBlazorReportingWebAssembly(configure => {
     configure.UseDevelopmentMode();

EnvelopeGenerator.ReceiverUI/Services/AnnotationService.cs

@@ -0,0 +1,32 @@
+using System.Net.Http.Json;
+using System.Text.Json;
+using EnvelopeGenerator.ReceiverUI.Models;
+using EnvelopeGenerator.ReceiverUI.Options;
+using Microsoft.Extensions.Options;
+
+namespace EnvelopeGenerator.ReceiverUI.Services;
+
+/// <summary>
+/// Retrieves annotation positions from the API.
+/// The URL is composed as <c>{BaseUrl}/api/Annotation/{envelopeKey}</c>.
+/// During development, <c>BaseUrl</c> is empty so the request resolves to the
+/// YARP-proxied route on the same origin, which currently serves
+/// <c>fake-data/annotations.json</c>. To switch to real data, update the
+/// YARP route in <c>yarp.json</c> — no code change required.
+/// </summary>
+public class AnnotationService(HttpClient http, IOptions<ApiOptions> apiOptions)
+{
+    private static readonly JsonSerializerOptions _jsonOptions = new(JsonSerializerDefaults.Web);
+
+    public async Task<IReadOnlyList<AnnotationDto>> GetAnnotationsAsync(string envelopeKey, CancellationToken cancel = default)
+    {
+        var url = $"{apiOptions.Value.BaseUrl}/api/Annotation/{Uri.EscapeDataString(envelopeKey)}";
+        var response = await http.GetAsync(url, cancel);
+
+        if (!response.IsSuccessStatusCode)
+            return [];
+
+        var result = await response.Content.ReadFromJsonAsync<List<AnnotationDto>>(_jsonOptions, cancel);
+        return result ?? [];
+    }
+}

EnvelopeGenerator.ReceiverUI/Services/AuthService.cs

@@ -0,0 +1,57 @@
+using System.Net;
+using EnvelopeGenerator.ReceiverUI.Options;
+using Microsoft.Extensions.Options;
+
+namespace EnvelopeGenerator.ReceiverUI.Services;
+
+public enum EnvelopeLoginResult { Success, InvalidCode, NotFound, Error }
+
+public class AuthService(HttpClient http, IOptions<ApiOptions> apiOptions)
+{
+    private readonly ApiOptions _api = apiOptions.Value;
+
+    /// <summary>
+    /// Checks whether the current user holds a valid receiver token for the given envelope key.
+    /// Calls GET /api/auth/check/envelope/{envelopeKey}.
+    /// </summary>
+    public async Task<bool> CheckEnvelopeAccessAsync(string envelopeKey, CancellationToken cancel = default)
+    {
+        var response = await http.GetAsync($"{_api.BaseUrl}/api/auth/check/envelope/{Uri.EscapeDataString(envelopeKey)}", cancel);
+        return response.StatusCode == HttpStatusCode.OK;
+    }
+
+    /// <summary>
+    /// Submits the access code for the given envelope key.
+    /// Calls POST /api/Auth/envelope-receiver/{key} with multipart/form-data.
+    /// On success the API sets an authentication cookie automatically.
+    /// </summary>
+    public async Task<EnvelopeLoginResult> LoginEnvelopeReceiverAsync(string envelopeKey, string accessCode, CancellationToken cancel = default)
+    {
+        var form = new MultipartFormDataContent();
+        form.Add(new StringContent(accessCode), "AccessCode");
+
+        var response = await http.PostAsync(
+            $"{_api.BaseUrl}/api/Auth/envelope-receiver/{Uri.EscapeDataString(envelopeKey)}",
+            form, cancel);
+
+        return response.StatusCode switch
+        {
+            HttpStatusCode.OK => EnvelopeLoginResult.Success,
+            HttpStatusCode.Unauthorized => EnvelopeLoginResult.InvalidCode,
+            HttpStatusCode.NotFound => EnvelopeLoginResult.NotFound,
+            _ => EnvelopeLoginResult.Error
+        };
+    }
+
+    /// <summary>
+    /// Removes the per-envelope receiver cookie for the given envelope key.
+    /// Calls POST /api/auth/logout/envelope/{envelopeKey}.
+    /// </summary>
+    public async Task<bool> LogoutEnvelopeReceiverAsync(string envelopeKey, CancellationToken cancel = default)
+    {
+        var response = await http.PostAsync(
+            $"{_api.BaseUrl}/api/auth/logout/envelope/{Uri.EscapeDataString(envelopeKey)}",
+            null, cancel);
+        return response.IsSuccessStatusCode;
+    }
+}

EnvelopeGenerator.ReceiverUI/Services/DocumentService.cs

@@ -0,0 +1,27 @@
+using System.Net;
+using System.Net.Http;
+using Microsoft.Extensions.Options;
+using EnvelopeGenerator.ReceiverUI.Options;
+
+namespace EnvelopeGenerator.ReceiverUI.Services;
+
+public class DocumentService(HttpClient http, IOptions<ApiOptions> apiOptions)
+{
+    private readonly ApiOptions _api = apiOptions.Value;
+
+    /// <summary>
+    /// Fetches the PDF bytes for the given envelope key from the API.
+    /// Returns null bytes with the HTTP status code on failure.
+    /// </summary>
+    public async Task<(byte[]? Bytes, HttpStatusCode StatusCode)> GetDocumentAsync(string envelopeKey, CancellationToken cancel = default)
+    {
+        var response = await http.GetAsync($"{_api.BaseUrl}/api/Document/{Uri.EscapeDataString(envelopeKey)}", cancel);
+
+        if (!response.IsSuccessStatusCode)
+            return (null, response.StatusCode);
+
+        var bytes = await response.Content.ReadAsByteArrayAsync(cancel);
+        return (bytes, response.StatusCode);
+    }
+}
+

EnvelopeGenerator.ReceiverUI/Services/EnvelopeReceiverService.cs

@@ -0,0 +1,27 @@
+using System.Net.Http.Json;
+using System.Text.Json;
+using EnvelopeGenerator.ReceiverUI.Models;
+using EnvelopeGenerator.ReceiverUI.Options;
+using Microsoft.Extensions.Options;
+
+namespace EnvelopeGenerator.ReceiverUI.Services;
+
+/// <summary>
+/// Retrieves the <see cref="EnvelopeReceiverDto"/> for the authenticated receiver
+/// from <c>GET api/EnvelopeReceiver/{envelopeKey}</c>.
+/// </summary>
+public class EnvelopeReceiverService(HttpClient http, IOptions<ApiOptions> apiOptions)
+{
+    private static readonly JsonSerializerOptions _jsonOptions = new(JsonSerializerDefaults.Web);
+
+    public async Task<EnvelopeReceiverDto?> GetAsync(string envelopeKey, CancellationToken cancel = default)
+    {
+        var url = $"{apiOptions.Value.BaseUrl}/api/EnvelopeReceiver/{Uri.EscapeDataString(envelopeKey)}";
+        var response = await http.GetAsync(url, cancel);
+
+        if (!response.IsSuccessStatusCode)
+            return null;
+
+        return await response.Content.ReadFromJsonAsync<EnvelopeReceiverDto>(_jsonOptions, cancel);
+    }
+}

EnvelopeGenerator.ReceiverUI/Shared/MainLayout.razor

@@ -3,14 +3,15 @@
 
 <div class="page">
 <main>
-        <div class="top-row px-4">
-            <a href="https://docs.microsoft.com/aspnet/" target="_blank">About</a>
-        </div>
-
         <article class="content">
             @Body
         </article>
     </main>
+    <footer class="receiver-footer">
+        <span>&copy; SignFlow 2023-2024 <a href="https://digitaldata.works" target="_blank" rel="noopener">Digital Data GmbH</a></span>
+        <span class="receiver-footer__sep">&#124;</span>
+        <a href="docs/privacy-policy.de-DE.html" target="_blank" rel="noopener">Datenschutz</a>
+    </footer>
 </div>
 
 @code {

EnvelopeGenerator.ReceiverUI/Shared/MainLayout.razor.css

@@ -7,75 +7,11 @@
 
 main {
     flex: 1;
+    margin: 0;
+    padding: 0;
 }
 
-.sidebar {
-    background-image: linear-gradient(180deg, rgb(5, 39, 103) 0%, #3a0647 70%);
-}
-
-.top-row {
-    background-color: #f7f7f7;
-    border-bottom: 1px solid #d6d5d5;
-    justify-content: flex-end;
-    height: 3.5rem;
-    display: flex;
-    align-items: center;
-}
-
-    .top-row ::deep a, .top-row ::deep .btn-link {
-        white-space: nowrap;
-        margin-left: 1.5rem;
-        text-decoration: none;
-    }
-
-    .top-row ::deep a:hover, .top-row ::deep .btn-link:hover {
-        text-decoration: underline;
-    }
-
-    .top-row ::deep a:first-child {
-        overflow: hidden;
-        text-overflow: ellipsis;
-    }
-
-@media (max-width: 640.98px) {
-    .top-row:not(.auth) {
-        display: none;
-    }
-
-    .top-row.auth {
-        justify-content: space-between;
-    }
-
-    .top-row ::deep a, .top-row ::deep .btn-link {
-        margin-left: 0;
-    }
-}
-
-@media (min-width: 641px) {
-    .page {
-        flex-direction: row;
-    }
-
-    .sidebar {
-        width: 300px;
-        height: 100vh;
-        position: sticky;
-        top: 0;
-    }
-
-    .top-row {
-        position: sticky;
-        top: 0;
-        z-index: 1;
-    }
-
-    .top-row.auth ::deep a:first-child {
-        flex: 1;
-        text-align: right;
-        width: 0;
-    }
-
-    .top-row, article {
-        padding: 2rem !important;
-    }
+article {
+    padding: 0 !important;
+    margin: 0 !important;
 }

EnvelopeGenerator.ReceiverUI/_Imports.razor

@@ -6,4 +6,5 @@
 @using EnvelopeGenerator.ReceiverUI
 @using EnvelopeGenerator.ReceiverUI.Shared
 @using DevExpress.Blazor.Reporting
+@using DevExpress.Blazor.PdfViewer
 @using DevExpress.Blazor

EnvelopeGenerator.ReceiverUI/wwwroot/appsettings.json

@@ -0,0 +1,6 @@
+{
+  "Api": {
+    "BaseUrl": "",
+    "ForceToUseFakeDocument": true
+  }
+}

EnvelopeGenerator.ReceiverUI/wwwroot/css/app.css

@@ -3,6 +3,8 @@
 html, body {
     font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
     padding: 0;
+    margin: 0;
+    width: 100%;
 }
 
 html, body {
@@ -10,13 +12,19 @@ html, body {
     overflow: hidden;
 }
 
+main, .page {
+    margin: 0;
+    padding: 0;
+    width: 100%;
+}
+
 article {
-    height: calc(100vh - 70px);
+    height: calc(100vh - 36px);
     display: flex;
     flex-direction: column;
-    overflow: hidden;
-    padding-left: 0 !important;
-    padding-right: 0 !important;
+    overflow-y: auto;
+    padding: 0 !important;
+    margin: 0 !important;
 }
 
 .receiver-page-layout {
@@ -68,6 +76,293 @@ article {
 }
 
 .dx-blazor-reporting-container {
-    height: calc(100vh - 130px) !important;
+    height: calc(100vh - 166px) !important;
     width: 100% !important;
 }
+
+/* ── Force DevExpress viewer pages into a single centered column ─────────── */
+.dxbrv-report-preview-content {
+    display: flex !important;
+    flex-direction: column !important;
+    align-items: center !important;
+}
+
+/* ── Annotation signature checkbox overlays ─────────────────────────────── */
+.annot-sig-cb-wrapper {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 8px;
+    border-radius: 6px;
+    font-size: 0.75rem;
+    font-weight: 600;
+    font-family: "Segoe UI", Arial, sans-serif;
+    padding: 0 12px;
+    overflow: hidden;
+    cursor: pointer;
+    user-select: none;
+    background: linear-gradient(135deg, #2c3e50 0%, #3498db 100%);
+    border: none;
+    color: #ffffff;
+    box-shadow: 0 2px 8px rgba(44, 62, 80, 0.35);
+    transition: box-shadow 0.18s, filter 0.18s;
+}
+
+.annot-sig-cb-wrapper:hover {
+    filter: brightness(1.12);
+    box-shadow: 0 4px 14px rgba(44, 62, 80, 0.45);
+}
+
+.annot-sig-cb-wrapper--checked {
+    background: linear-gradient(135deg, #1a6b2a 0%, #27ae60 100%);
+    box-shadow: 0 2px 8px rgba(26, 107, 42, 0.35);
+}
+
+.annot-sig-cb-wrapper--checked:hover {
+    filter: brightness(1.1);
+    box-shadow: 0 4px 14px rgba(26, 107, 42, 0.45);
+}
+
+.annot-sig-cb {
+    display: none;
+}
+
+.annot-sig-cb__label {
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    pointer-events: none;
+    letter-spacing: 0.01em;
+}
+
+/* ── Envelope info header ────────────────────────────────────────────────── */
+.receiver-info-header {
+    border-bottom: 1px solid rgba(0,0,0,.08);
+}
+
+.receiver-info-header__gradient {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    flex-wrap: wrap;
+    gap: 8px;
+    padding: 10px 16px 8px;
+    background: linear-gradient(135deg, #2c3e50 0%, #3498db 100%);
+    color: #fff;
+}
+
+.receiver-info-header__left {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+    min-width: 0;
+}
+
+.receiver-info-header__icon {
+    flex-shrink: 0;
+    opacity: .85;
+}
+
+.receiver-info-header__title {
+    font-size: 0.92rem;
+    font-weight: 600;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    max-width: 340px;
+}
+
+.receiver-info-header__sender {
+    font-size: 0.72rem;
+    opacity: .8;
+    margin-top: 1px;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    max-width: 400px;
+}
+
+.receiver-info-header__badges {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 5px;
+    align-items: center;
+}
+
+.receiver-info-badge {
+    display: inline-flex;
+    align-items: center;
+    background: rgba(255,255,255,.18);
+    color: #fff;
+    border-radius: 20px;
+    padding: 2px 9px;
+    font-size: 0.70rem;
+    font-weight: 500;
+    white-space: nowrap;
+}
+
+.receiver-info-badge--muted {
+    background: rgba(255,255,255,.10);
+    opacity: .8;
+}
+
+.receiver-info-badge--accent {
+    background: rgba(39,174,96,.35);
+    border: 1px solid rgba(39,174,96,.5);
+}
+
+.receiver-info-message {
+    padding: 7px 16px;
+    font-size: 0.78rem;
+    color: #444;
+    border-bottom: 1px solid rgba(0,0,0,.05);
+    white-space: pre-wrap;
+    line-height: 1.45;
+}
+
+.receiver-info-private-message {
+    display: flex;
+    align-items: flex-start;
+    gap: 4px;
+    padding: 5px 16px 6px;
+    font-size: 0.75rem;
+    color: #5a5a72;
+    background: #f8f7ff;
+    border-top: 1px solid rgba(90,80,180,.12);
+}
+
+/* ── Signature action bar ────────────────────────────────────────────────── */
+.receiver-action-bar {
+    border-bottom: 1px solid rgba(0,0,0,.08);
+    background: #fff;
+}
+
+.receiver-action-bar__inner {
+    display: flex;
+    align-items: center;
+    flex-wrap: wrap;
+    gap: 10px;
+    padding: 7px 14px;
+}
+
+.receiver-action-bar__progress {
+    display: flex;
+    align-items: center;
+    gap: 7px;
+    flex-wrap: wrap;
+}
+
+/* ── Home page ───────────────────────────────────────────────────────────── */
+.home-page-wrapper {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    min-height: calc(100vh - 36px);
+    background: linear-gradient(160deg, #1e2e3e 0%, #2c3e50 40%, #3498db 100%);
+    padding-bottom: 36px;
+}
+
+.home-hero-header {
+    width: 100%;
+    padding: 48px 24px 36px;
+    text-align: center;
+}
+
+.home-hero-header__inner {
+    display: inline-flex;
+    align-items: center;
+    gap: 20px;
+    color: #fff;
+}
+
+.home-hero-header__icon {
+    opacity: 0.90;
+    flex-shrink: 0;
+}
+
+.home-hero-header__title {
+    font-size: 2rem;
+    font-weight: 700;
+    margin: 0;
+    color: #fff;
+    letter-spacing: 0.02em;
+}
+
+.home-hero-header__subtitle {
+    font-size: 0.92rem;
+    margin: 4px 0 0;
+    color: rgba(255,255,255,0.75);
+}
+
+.home-content {
+    width: 100%;
+    max-width: 520px;
+    padding: 0 16px;
+}
+
+.home-card {
+    border-radius: 12px !important;
+    overflow: hidden;
+}
+
+.home-btn-primary {
+    background: linear-gradient(135deg, #2c3e50 0%, #3498db 100%);
+    border: none;
+    color: #fff;
+    font-weight: 500;
+    border-radius: 8px;
+    transition: filter 0.15s, box-shadow 0.15s;
+    box-shadow: 0 2px 10px rgba(44,62,80,0.30);
+}
+
+.home-btn-primary:hover {
+    filter: brightness(1.12);
+    box-shadow: 0 4px 16px rgba(44,62,80,0.40);
+    color: #fff;
+}
+
+.home-feature-badge {
+    display: inline-flex;
+    align-items: center;
+    background: rgba(52,152,219,0.10);
+    color: #3498db;
+    border: 1px solid rgba(52,152,219,0.25);
+    border-radius: 20px;
+    padding: 4px 12px;
+    font-size: 0.75rem;
+    font-weight: 500;
+}
+
+/* ── Footer ──────────────────────────────────────────────────────────────── */
+.receiver-footer {
+    position: fixed;
+    bottom: 0;
+    left: 0;
+    right: 0;
+    height: 36px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 10px;
+    padding: 0 20px;
+    background: linear-gradient(135deg, #2c3e50 0%, #3498db 100%);
+    color: rgba(255, 255, 255, 0.75);
+    font-size: 0.72rem;
+    z-index: 100;
+    flex-shrink: 0;
+}
+
+.receiver-footer a {
+    color: rgba(255, 255, 255, 0.90);
+    text-decoration: none;
+    transition: color 0.15s;
+}
+
+.receiver-footer a:hover {
+    color: #ffffff;
+    text-decoration: underline;
+}
+
+.receiver-footer__sep {
+    opacity: 0.4;
+}

EnvelopeGenerator.ReceiverUI/wwwroot/docs/privacy-policy.de-DE.html

@@ -0,0 +1,167 @@
+<!DOCTYPE html>
+<html lang="de">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Datenschutzinformation für das Fernsignatursystem: signFLOW</title>
+    <link rel="stylesheet" href="css/privacy-policy.min.css">
+</head>
+
+<body>
+    <header>
+        <h1>Datenschutzinformation für das Fernsignatursystem signFLOW</h1>
+        <p><strong>Stand:</strong> 18.11.2025</p>
+    </header>
+
+    <section>
+        <h2>1. Allgemeine Informationen</h2>
+        <p>In der heutigen schnelllebigen und zunehmend digitalen Welt, sind personenbezogene Daten eine wichtige
+            Ressource. Ihre Daten sind wertvoll und müssen daher mit der durch diverse Gesetze und Vorschriften (DSGVO,
+            TDDDG, ...) gebotenen Sorgfalt behandelt werden.</p>
+        <p>Als Anbieter von lokalen Lösungen (OnPremise) setzt der Hersteller des signFLOWs, die Digital Data GmbH,
+            einen klaren Schwerpunkt auf Datenschutz und Datensicherheit. Für Sie bedeutet dies, dass nur die nötigsten
+            Daten erhoben und gespeichert werden (Datensparsamkeit bzw. Datenminimierung). Außerdem kommen bei der
+            Verarbeitung aktuelle und als sicher geltende Technologien zum Einsatz.</p>
+        <p><strong>Kontaktdaten des Herstellers:</strong></p>
+        <address>
+            Digital Data GmbH<br>
+            Ludwig-Rinn-Straße 16<br>
+            35452 Heuchelheim<br>
+            <a href="https://digitaldata.works">https://digitaldata.works</a><br>
+            <a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
+            Telefon: 0049 641 202360<br>
+        </address>
+        <p><strong>Kontakt zum Datenschutzbeauftragten:</strong> <a
+                href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
+    </section>
+
+    <section>
+        <h2>2. Verantwortliche Stelle der Datenverarbeitung</h2>
+        <p>Ihre Daten werden vertrauensvoll verarbeitet von:</p>
+        <address>
+            Digital Data GmbH<br>
+            Ludwig-Rinn-Straße 16<br>
+            35452 Heuchelheim<br>
+            <a href="https://digitaldata.works">https://digitaldata.works</a><br>
+            <a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
+            Telefon: 0049 641 202360<br>
+        </address>
+        <p><strong>Kontakt zu unserer Datenschutzbeauftragten:</strong> <a
+                href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
+    </section>
+
+    <section>
+        <h2>3. Datenerhebung</h2>
+        <h3>3.1 Die folgenden Kategorien personenbezogener Daten werden verarbeitet</h3>
+        <ul>
+            <li>Namen: Benutzername, Vor- und Zunamen sowie Ihre digitale Unterschrift</li>
+            <li>Kontaktdaten: Telefonnummer, Mobilfunknummer und E-Mail-Adresse</li>
+            <li>Technische Daten: IP-Adresse, Zeitpunkt des Zugriffs oder Zugriffsversuchs</li>
+        </ul>
+
+        <h3>3.2 Ursprung der personenbezogenen Daten</h3>
+        <p>Sie haben die unter 3.1 stehenden Daten vorab an Ihren Geschäftspartner (die verantwortliche Stelle)
+            übermittelt. Diese Übermittlung kann mündlich per Telefon, im persönlichen Kontakt, per E-Mail oder per
+            Kontaktformular geschehen sein.</p>
+        <p>Ihre digitale Signatur übermitteln Sie eigenständig, bei der Unterzeichnung eines Dokuments.</p>
+
+        <h3>3.3 Aufbewahrungsfristen / Speicherungsdauer</h3>
+        <ul>
+            <li>Die automatische E-Mail Korrespondenz wird für 6 Jahre aufbewahrt.</li>
+            <li>Unterzeichnete Verträge werden für die Dauer ihrer Laufzeit + 10 Jahre aufbewahrt.</li>
+            <li>Der technische Vorgang wird in der signFLOW Softwarelösung je nach Dokumentart bzw. Vertragsart
+                unbegrenzt aufbewahrt.</li>
+        </ul>
+        <p>Ihre personenbezogenen Daten werden aber grundsätzlich anonymisiert, wenn:</p>
+        <ul>
+            <li>Der Vertrag ausgelaufen ist und die gesetzliche Aufbewahrungszeit vorbei ist.</li>
+            <li>Der Vertrag von Ihnen abgelehnt wurde bzw. nie unterschrieben wurde.</li>
+        </ul>
+        <p>Die gesetzlichen Grundlagen dieser Aufbewahrungsfristen bieten unter anderen:</p>
+        <ul>
+            <li>Handelsgesetzbuch (HGB)</li>
+            <li>Abgabenordnung (AO)</li>
+            <li>Grundsätze zur ordnungsgemäßen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in
+                elektronischer Form sowie zum Datenzugriff (GoBD)</li>
+        </ul>
+        <p>
+            Abhängig von der spezifischen Dokumentart, kann die Aufbewahrungsfrist variieren. Außerdem können sich
+            Zeiten
+            verlängern, falls Unregelmäßigkeiten auftreten. Z.B.: eine rechtliche Auseinandersetzung droht oder aktuell
+            läuft.
+        </p>
+
+        <h3>3.4 Verarbeitungszweck</h3>
+        <p>Die unter 3.1 definierten personenbezogenen Daten werden verarbeitet um:</p>
+        <ul>
+            <li>Den technisch notwendigen Prozess abzubilden bzw. anbieten zu können.</li>
+            <li>Damit Sie als Endbenutzer in der Lage sind, ein zu unterzeichnendes Dokument, digital zu unterschreiben,
+                ist die Feststellung der Identität des Antragstellers, Antragsprüfung und -abwicklung, Abrechnung sowie
+                die Wahrung der Dokumentationspflichten notwendig.</li>
+        </ul>
+        <p>In Einzelfällen werden Daten zur Fehlerbehebung insbesondere bei Supportanfragen von der IT-Abteilung
+            gesondert behandelt oder ggf. an den Hersteller weitergegeben.</p>
+        <p>Im Zuge der Maßnahmen zur Sicherstellung der Informationssicherheit, insbesondere zur Identifizierung und
+            Abwehr von Angriffen, sowie zur Durchführung interner und externer Audits, der Exportkontrolle und der
+            Prüfung von Sanktionslisten, erfolgt ebenfalls eine Datenverarbeitung. Bei Anfragen gemäß §8 Abs. 2 VDG
+            werden die entsprechenden Informationen an die zuständigen Stellen übermittelt.</p>
+
+        <h3>3.5 Rechtmäßigkeit der Verarbeitung</h3>
+        <p>Ihre Daten werden auf Grundlage einer sich anbahnenden oder bereits vorhandenen Geschäftsbeziehung erhoben.
+        </p>
+        <p>Die rechtliche Grundlage für die Übermittlung an zuständige Stellen bildet §8 Abs. 2 VDG. Anfragen von
+            Betroffenen werden gemäß den Artikeln 12 bis 23 der DSGVO sowie den Paragraphen 32 bis 37 des BDSG
+            bearbeitet.</p>
+
+        <h3>3.6 Berechtigte Interessen</h3>
+        <p>Ein berechtigtes Interesse der verantwortlichen Stelle gemäß Art. 6 Abs. 1 lit. f DSGVO besteht in den
+            folgenden Fällen:</p>
+        <p>Es werden Maßnahmen zur Informationssicherheit ergriffen, die sowohl präventive technische als auch
+            organisatorische Maßnahmen sowie die Behandlung von Vorfällen umfassen. Ziel ist es, potenzielle Schäden für
+            das Unternehmen, die von der Datenverarbeitung betroffenen Personen und die Nutzer der Vertrauensdienste zu
+            bewerten und zu vermeiden.</p>
+
+        <h3>3.7 Erforderlichkeit der Daten</h3>
+        <p>Die erhobenen Daten stellen das Minimum der nötigen Daten zwecks digitaler Unterschrift dar. Ohne die unter
+            3.1 genannten Daten, kann der Dienst nicht betrieben werden.</p>
+        <p>Besonders wichtig ist die Angabe einer Mobilfunknummer oder einer deutschen Festnetznummer, da diese für die
+            Authentifizierung und die Signaturauslösung als zweiter Faktor verwendet wird. Ohne diesen
+            Sicherheitsmechanismus kann der Dienst leider nicht bereitgestellt werden.</p>
+
+        <h3>3.8 Weitergabe von Daten</h3>
+        <p>Eine systemische Übermittlung von Daten findet nicht statt.</p>
+        <p>Daten werden nur in Ausnahmefällen, zwecks Supportleistungen, an den Hersteller weitergegeben. Mit der
+            Hersteller besteht ein gültiger Auftragsdatenverarbeitungsvertrag (AVV), welcher die Sicherheit und
+            Integrität des Umgangs mit Ihren Daten gewährleistet.</p>
+    </section>
+
+    <section>
+        <h2>4. Verwendung von Cookies</h2>
+        <p>
+            Beim Besuch bestimmter Seiten kommen temporäre Cookies zum Einsatz, die für die technische Bereitstellung
+            der Dienste notwendig sind. Diese sogenannten Session-Cookies enthalten keine personenbezogenen Daten und
+            werden nach Beendigung der Sitzung automatisch gelöscht. Methoden wie Java-Applets oder Active-X-Controls,
+            die das Nutzerverhalten nachvollziehbar machen könnten, werden nicht verwendet.
+        </p>
+    </section>
+
+    <section>
+        <h2>5. Betroffenenrechte</h2>
+        <p>
+            Wenn Sie Fragen zu Ihren Daten haben oder eine Berichtigung, Löschung oder Einschränkung der Verarbeitung
+            wünschen, senden Sie bitte Ihre Anfrage per Post oder E-Mail an die oben angegebene Adresse. Dies gilt auch,
+            wenn Sie gemäß Art. 21 DSGVO Widerspruch gegen die Verarbeitung einlegen möchten oder eine Anfrage zur
+            Datenübertragbarkeit haben.
+        </p>
+        <p>
+            Bei Fragen oder Beschwerden zu einem Verfahren können Sie sich ebenfalls über die genannten
+            Kontaktmöglichkeiten an uns wenden. Sollten Sie darüber hinaus einen Grund zur Beschwerde haben, haben Sie
+            die Möglichkeit, sich an unsere Aufsichtsbehörde zu wenden. Welche Aufsichtsbehörde für Sie zuständig ist,
+            erfahren Sie hier:
+            <a href="https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html">Laender-node.html</a>
+        </p>
+    </section>
+</body>
+
+</html>

EnvelopeGenerator.ReceiverUI/wwwroot/docs/privacy-policy.en-US.html

@@ -0,0 +1,158 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Data Protection Information for the Remote Signature System signFLOW</title>
+    <link rel="stylesheet" href="css/privacy-policy.min.css">
+</head>
+
+<body>
+    <header>
+        <h1>Data Protection Information for the Remote Signature System: signFLOW</h1>
+        <p><strong>As of:</strong> 18.11.2025</p>
+    </header>
+    <section>
+        <h2>1. General Information</h2>
+        <p>In today's fast-paced and increasingly digital world, personal data is an important resource. Your data is
+            valuable and must therefore be handled with the care required by various laws and regulations (GDPR, TDDDG,
+            ...).</p>
+        <p>As a provider of local solutions (OnPremise), the manufacturer of signFLOW, Digital Data GmbH, places a clear
+            focus on data protection and data security. For you, this means that only the necessary data is collected
+            and stored (data minimization). Furthermore, current and secure technologies are used in processing.</p>
+        <p><strong>Contact details of the manufacturer:</strong></p>
+        <address>
+            Digital Data GmbH<br>
+            Ludwig-Rinn-Straße 16<br>
+            35452 Heuchelheim<br>
+            <a href="https://digitaldata.works">https://digitaldata.works</a><br>
+            <a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
+            Phone: 0049 641 202360<br>
+        </address>
+        <p><strong>Contact the Data Protection Officer:</strong> <a
+                href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
+    </section>
+
+    <section>
+        <h2>2. Responsible Entity for Data Processing</h2>
+        <p>Your data is processed with confidence by:</p>
+        <address>
+            Digital Data GmbH<br>
+            Ludwig-Rinn-Straße 16<br>
+            35452 Heuchelheim<br>
+            <a href="https://digitaldata.works">https://digitaldata.works</a><br>
+            <a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
+            Phone: 0049 641 202360<br>
+        </address>
+        <p><strong>Contact our Data Protection Officer:</strong> <a
+                href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
+    </section>
+
+    <section>
+        <h2>3. Data Collection</h2>
+        <h3>3.1 The following categories of personal data are processed</h3>
+        <ul>
+            <li>Names: Username, first and last names as well as your digital signature</li>
+            <li>Contact details: Phone number, mobile phone number, and email address</li>
+            <li>Technical data: IP address, time of access, or access attempts</li>
+        </ul>
+
+        <h3>3.2 Source of the personal data</h3>
+        <p>You have previously provided the data mentioned under 3.1 to your business partner (the responsible entity).
+            This transmission may have occurred verbally over the phone, in personal contact, via email, or via a
+            contact form.</p>
+        <p>You transmit your digital signature independently when signing a document.</p>
+
+        <h3>3.3 Retention periods / Storage duration</h3>
+        <ul>
+            <li>Automatic email correspondence is stored for 6 years.</li>
+            <li>Signed contracts are retained for the duration of their term + 10 years.</li>
+            <li>The technical process is stored in the signFLOW software solution indefinitely, depending on the
+                document or contract type.</li>
+        </ul>
+        <p>Your personal data will generally be anonymized when:</p>
+        <ul>
+            <li>The contract has expired, and the statutory retention period is over.</li>
+            <li>The contract was rejected by you or never signed.</li>
+        </ul>
+        <p>The legal basis for these retention periods includes:</p>
+        <ul>
+            <li>Commercial Code (HGB)</li>
+            <li>Tax Code (AO)</li>
+            <li>Principles for the Proper Keeping and Retention of Books, Records, and Documents in Electronic Form and
+                for Data Access (GoBD)</li>
+        </ul>
+        <p>
+            Depending on the specific type of document, the retention period may vary. Additionally, the periods may be
+            extended in case of irregularities, such as a pending or ongoing legal dispute.
+        </p>
+
+        <h3>3.4 Purpose of processing</h3>
+        <p>The personal data defined under 3.1 is processed to:</p>
+        <ul>
+            <li>Support or provide the technically necessary process.</li>
+            <li>Enable you, as the end user, to sign a document digitally. This requires the identification of the
+                applicant, application verification and processing, billing, and compliance with documentation
+                requirements.</li>
+        </ul>
+        <p>In individual cases, data is processed separately by the IT department, particularly in response to support
+            requests, or possibly forwarded to the manufacturer for further processing.</p>
+        <p>Data processing also occurs to ensure information security, especially for the identification and prevention
+            of attacks, and for conducting internal and external audits, export controls, and sanctions list checks.
+            Information may also be transmitted to the relevant authorities in accordance with Section 8 (2) VDG.</p>
+
+        <h3>3.5 Legality of processing</h3>
+        <p>Your data is collected based on an impending or already existing business relationship.</p>
+        <p>The legal basis for the transmission to competent authorities is Section 8 (2) VDG. Requests from data
+            subjects are processed in accordance with Articles 12 to 23 of the GDPR and Sections 32 to 37 of the Federal
+            Data Protection Act (BDSG).</p>
+
+        <h3>3.6 Legitimate interests</h3>
+        <p>A legitimate interest of the responsible entity in accordance with Article 6 (1) (f) GDPR exists in the
+            following cases:</p>
+        <p>Measures are taken for information security, which include both preventive technical and organizational
+            measures as well as incident handling. The aim is to assess and avoid potential harm to the company, the
+            individuals affected by data processing, and the users of trust services.</p>
+
+        <h3>3.7 Necessity of data</h3>
+        <p>The collected data represents the minimum necessary for the digital signature. Without the data mentioned
+            under 3.1, the service cannot be operated.</p>
+        <p>It is particularly important to provide a mobile number or a German landline number, as this is used for
+            authentication and signature triggering as a second factor. Without this security mechanism, the service
+            cannot be provided.</p>
+
+        <h3>3.8 Data transfer</h3>
+        <p>Systematic data transmission does not take place.</p>
+        <p>Data is only forwarded to the manufacturer for support services in exceptional cases. A valid data processing
+            agreement (DPA) exists with the manufacturer, which ensures the security and integrity of the handling of
+            your data.</p>
+    </section>
+
+    <section>
+        <h2>4. Use of Cookies</h2>
+        <p>
+            When visiting certain pages, temporary cookies are used, which are necessary for the technical provision of
+            the services. These so-called session cookies do not contain any personal data and are automatically deleted
+            after the session ends. Methods such as Java applets or Active-X controls that could track user behavior are
+            not used.
+        </p>
+    </section>
+
+    <section>
+        <h2>5. Rights of Affected Persons</h2>
+        <p>
+            If you have questions about your data or wish to request correction, deletion, or restriction of processing,
+            please send your request by mail or email to the address provided above. This also applies if you wish to
+            object to the processing in accordance with Article 21 GDPR or request data portability.
+        </p>
+        <p>
+            If you have questions or complaints about a procedure, you can also contact us using the contact details
+            provided. If you have further grounds for complaint, you can contact our supervisory authority. You can find
+            out which supervisory authority is responsible for you here:
+            <a href="https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html">Laender-node.html</a>
+        </p>
+    </section>
+</body>
+
+</html>

EnvelopeGenerator.ReceiverUI/wwwroot/docs/privacy-policy.fr-FR.html

@@ -0,0 +1,126 @@
+<!DOCTYPE html>
+<html lang="fr">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Informations sur la protection des données pour le système de signature à distance signFLOW</title>
+    <link rel="stylesheet" href="css/privacy-policy.min.css">
+</head>
+
+<body>
+    <header>
+        <h1>Informations sur la protection des données pour le système de signature à distance : signFLOW</h1>
+        <p><strong>À jour au :</strong> 18.11.2025</p>
+    </header>
+
+    <section>
+        <h2>1. Informations générales</h2>
+        <p>Dans le monde actuel, rapide et de plus en plus numérique, les données personnelles sont une ressource précieuse. Vos données sont importantes et doivent donc être traitées avec le soin requis par les différentes lois et réglementations (RGPD, TDDDG, ...).</p>
+        <p>En tant que fournisseur de solutions locales (OnPremise), le fabricant de signFLOW, Digital Data GmbH, accorde une attention particulière à la protection et à la sécurité des données. Pour vous, cela signifie que seules les données nécessaires sont collectées et stockées (minimisation des données). De plus, des technologies actuelles et sécurisées sont utilisées lors du traitement.</p>
+        <p><strong>Coordonnées du fabricant :</strong></p>
+        <address>
+            Digital Data GmbH<br>
+            Ludwig-Rinn-Straße 16<br>
+            35452 Heuchelheim<br>
+            <a href="https://digitaldata.works">https://digitaldata.works</a><br>
+            <a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
+            Téléphone : 0049 641 202360<br>
+        </address>
+        <p><strong>Contactez le délégué à la protection des données :</strong> <a href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
+    </section>
+
+    <section>
+        <h2>2. Responsable du traitement des données</h2>
+        <p>Vos données sont traitées en toute confiance par :</p>
+        <address>
+            Digital Data GmbH<br>
+            Ludwig-Rinn-Straße 16<br>
+            35452 Heuchelheim<br>
+            <a href="https://digitaldata.works">https://digitaldata.works</a><br>
+            <a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
+            Téléphone : 0049 641 202360<br>
+        </address>
+        <p><strong>Contactez notre délégué à la protection des données :</strong> <a href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
+    </section>
+
+    <section>
+        <h2>3. Collecte des données</h2>
+        <h3>3.1 Catégories de données personnelles traitées</h3>
+        <ul>
+            <li>Noms : nom d’utilisateur, prénom et nom ainsi que votre signature numérique</li>
+            <li>Coordonnées : numéro de téléphone, numéro de mobile et adresse e-mail</li>
+            <li>Données techniques : adresse IP, heure d’accès ou tentatives d’accès</li>
+        </ul>
+
+        <h3>3.2 Source des données personnelles</h3>
+        <p>Vous avez précédemment fourni les données mentionnées en 3.1 à votre partenaire commercial (le responsable du traitement). Cette transmission a pu se faire verbalement par téléphone, lors d’un contact personnel, par e-mail ou via un formulaire de contact.</p>
+        <p>Vous transmettez votre signature numérique de manière autonome lors de la signature d’un document.</p>
+
+        <h3>3.3 Durée de conservation / stockage</h3>
+        <ul>
+            <li>La correspondance par e-mail automatique est conservée pendant 6 ans.</li>
+            <li>Les contrats signés sont conservés pendant leur durée + 10 ans.</li>
+            <li>Le processus technique est stocké dans la solution logicielle signFLOW indéfiniment, selon le type de document ou de contrat.</li>
+        </ul>
+        <p>Vos données personnelles seront généralement anonymisées lorsque :</p>
+        <ul>
+            <li>Le contrat a expiré et la période légale de conservation est terminée.</li>
+            <li>Le contrat a été refusé par vous ou jamais signé.</li>
+        </ul>
+        <p>La base légale de ces périodes de conservation comprend :</p>
+        <ul>
+            <li>Code de commerce (HGB)</li>
+            <li>Code fiscal (AO)</li>
+            <li>Principes de tenue correcte et de conservation des livres, registres et documents sous forme électronique et d’accès aux données (GoBD)</li>
+        </ul>
+        <p>
+            Selon le type spécifique de document, la période de conservation peut varier. De plus, ces périodes peuvent être prolongées en cas d’irrégularités, telles qu’un litige en cours ou imminent.
+        </p>
+
+        <h3>3.4 Finalité du traitement</h3>
+        <p>Les données personnelles définies en 3.1 sont traitées pour :</p>
+        <ul>
+            <li>Supporter ou fournir le processus techniquement nécessaire.</li>
+            <li>Permettre à l’utilisateur final de signer un document numériquement. Cela nécessite l’identification du demandeur, la vérification et le traitement de la demande, la facturation et le respect des obligations documentaires.</li>
+        </ul>
+        <p>Dans certains cas, les données sont traitées séparément par le département informatique, notamment en réponse à des demandes de support, ou éventuellement transmises au fabricant pour un traitement supplémentaire.</p>
+        <p>Le traitement des données intervient également pour garantir la sécurité de l’information, notamment pour identifier et prévenir les attaques, et pour effectuer des audits internes et externes, le contrôle des exportations et les vérifications des listes de sanctions. Les informations peuvent également être transmises aux autorités compétentes conformément à l’article 8 (2) VDG.</p>
+
+        <h3>3.5 Licéité du traitement</h3>
+        <p>Vos données sont collectées sur la base d’une relation commerciale existante ou imminente.</p>
+        <p>La base légale pour la transmission aux autorités compétentes est l’article 8 (2) VDG. Les demandes des personnes concernées sont traitées conformément aux articles 12 à 23 du RGPD et aux articles 32 à 37 de la loi fédérale sur la protection des données (BDSG).</p>
+
+        <h3>3.6 Intérêts légitimes</h3>
+        <p>Un intérêt légitime du responsable du traitement conformément à l’article 6 (1) (f) RGPD existe dans les cas suivants :</p>
+        <p>Des mesures sont prises pour la sécurité de l’information, incluant à la fois des mesures techniques et organisationnelles préventives ainsi que la gestion des incidents. L’objectif est d’évaluer et d’éviter les dommages potentiels pour l’entreprise, les personnes concernées par le traitement des données et les utilisateurs des services de confiance.</p>
+
+        <h3>3.7 Nécessité des données</h3>
+        <p>Les données collectées représentent le minimum nécessaire pour la signature numérique. Sans les données mentionnées en 3.1, le service ne peut pas être opéré.</p>
+        <p>Il est particulièrement important de fournir un numéro de mobile ou un numéro fixe allemand, car cela est utilisé pour l’authentification et le déclenchement de la signature comme second facteur. Sans ce mécanisme de sécurité, le service ne peut être fourni.</p>
+
+        <h3>3.8 Transfert de données</h3>
+        <p>Aucun transfert systématique de données n’a lieu.</p>
+        <p>Les données ne sont transmises au fabricant pour le support que dans des cas exceptionnels. Un accord de traitement des données (DPA) valide existe avec le fabricant, garantissant la sécurité et l’intégrité de la gestion de vos données.</p>
+    </section>
+
+    <section>
+        <h2>4. Utilisation des cookies</h2>
+        <p>
+            Lors de la visite de certaines pages, des cookies temporaires sont utilisés, nécessaires à la fourniture technique des services. Ces cookies de session ne contiennent aucune donnée personnelle et sont automatiquement supprimés à la fin de la session. Aucune méthode telle que les applets Java ou les contrôles Active-X, pouvant suivre le comportement de l’utilisateur, n’est utilisée.
+        </p>
+    </section>
+
+    <section>
+        <h2>5. Droits des personnes concernées</h2>
+        <p>
+            Si vous avez des questions concernant vos données ou souhaitez demander une correction, suppression ou limitation du traitement, veuillez envoyer votre demande par courrier ou e-mail à l’adresse indiquée ci-dessus. Cela s’applique également si vous souhaitez vous opposer au traitement conformément à l’article 21 RGPD ou demander la portabilité des données.
+        </p>
+        <p>
+            Si vous avez des questions ou des plaintes concernant une procédure, vous pouvez également nous contacter via les coordonnées fournies. Si vous avez d’autres motifs de plainte, vous pouvez contacter notre autorité de contrôle. Vous pouvez vérifier quelle autorité de contrôle est compétente pour vous ici :
+            <a href="https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html">Laender-node.html</a>
+        </p>
+    </section>
+</body>
+
+</html>

EnvelopeGenerator.ReceiverUI/wwwroot/fake-data/annotations.json

@@ -0,0 +1,20 @@
+[
+  {
+    "id": 1,
+    "page": 1,
+    "x": 390.0,
+    "y": 980.0
+  },
+  {
+    "id": 2,
+    "page": 2,
+    "x": 390.0,
+    "y": 980.0
+  },
+  {
+    "id": 3,
+    "page": 3,
+    "x": 390.0,
+    "y": 980.0
+  }
+]

EnvelopeGenerator.ReceiverUI/wwwroot/index.html

@@ -4,6 +4,9 @@
 <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
+    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
+    <meta http-equiv="Pragma" content="no-cache" />
+    <meta http-equiv="Expires" content="0" />
     <title>EnvelopeGenerator.ReceiverUI</title>
     <base href="/" />
     <link href="css/bootstrap/bootstrap.min.css" rel="stylesheet" />
@@ -62,7 +65,7 @@
         <a class="dismiss">X</a>
     </div>
     <script src="_content/DevExpress.Blazor.Resources/js/preload-script.js"></script>
-    <script src="js/receiver-signature.js"></script>
+    <script src="js/receiver-signature.js?v=9"></script>
     <script src="_framework/blazor.webassembly.js"></script>
 </body>
 

EnvelopeGenerator.ReceiverUI/wwwroot/js/receiver-signature.js

@@ -1,62 +1,253 @@
 window.receiverSignature = (() => {
+
+    // ?? State ???????????????????????????????????????????????????????????????
     const pads            = new Map();
     const typedSignatures = new Map();
     const imageSignatures = new Map();
+    const overlayButtons  = new Map(); // annotationId -> { btn, signed }
+    let   _dotNetRef      = null;
 
-    function getPosition(canvas, event) {
-        const rect = canvas.getBoundingClientRect();
-        const source = event.touches && event.touches.length ? event.touches[0] : event;
-        return {
-            x: (source.clientX - rect.left) * (canvas.width / rect.width),
-            y: (source.clientY - rect.top) * (canvas.height / rect.height)
+    // DevExpress Blazor Report Viewer selectors (confirmed via debugDumpViewerDom)
+    const PAGE_IMG_SEL         = '.dxbrv-report-preview-content-img';
+    const SCROLL_CONTAINER_SEL = '.dxbrv-surface-wrapper';
+    const VIEWER_WRAPPER_SEL   = '.receiver-viewer-wrapper';
+
+    // DX report coordinate space (1/100 inch, A4)
+    const DX_PAGE_WIDTH  = 827.0;
+    const DX_PAGE_HEIGHT = 1169.0;
+
+    // Signature field size in DX units
+    const SIG_WIDTH_DX  = 230.0;
+    const SIG_HEIGHT_DX = 154.0;
+
+    // ?? Annotation Checkboxes ????????????????????????????????????????????????
+
+    // Active install context — holds everything needed to reposition on resize/scroll
+    let _installCtx = null;
+
+    function installAnnotationCheckboxes(annotations, checkedIds, dotNetRef) {
+        _dotNetRef = dotNetRef;
+
+        // Tear down previous install completely
+        _teardownCheckboxes();
+
+        if (!annotations || annotations.length === 0) return;
+
+        const ctx = {
+            annotations,
+            checkedIds: new Set(Array.isArray(checkedIds) ? checkedIds : []),
+            scrollEl:   null,
+            pageEls:    [],
+            resizeObs:  null,
+            onScroll:   null,
+            onResize:   null,
+            resizeTimer: null,
         };
+        _installCtx = ctx;
+
+        _waitForCheckboxPages(ctx);
     }
 
-    function clearCanvas(canvas) {
-        canvas.getContext('2d').clearRect(0, 0, canvas.width, canvas.height);
+    function _teardownCheckboxes() {
+        document.querySelectorAll('.annot-sig-cb-wrapper').forEach(el => el.remove());
+        overlayButtons.clear();
+
+        if (!_installCtx) return;
+        const ctx = _installCtx;
+
+        if (ctx.resizeObs)  { ctx.resizeObs.disconnect(); ctx.resizeObs = null; }
+        if (ctx.scrollEl && ctx.onScroll)  ctx.scrollEl.removeEventListener('scroll', ctx.onScroll);
+        if (ctx.onResize)   window.removeEventListener('resize', ctx.onResize);
+        if (ctx.resizeTimer) clearTimeout(ctx.resizeTimer);
+
+        _installCtx = null;
     }
 
+    function _waitForCheckboxPages(ctx) {
+        const wrapper = document.querySelector(VIEWER_WRAPPER_SEL);
+        if (!wrapper) return;
+
+        if (!_tryInstallCheckboxes(ctx)) {
+            const observer = new MutationObserver(() => {
+                if (_tryInstallCheckboxes(ctx)) observer.disconnect();
+            });
+            observer.observe(wrapper, { childList: true, subtree: true });
+            setTimeout(() => observer.disconnect(), 15000);
+        }
+    }
+
+    function _tryInstallCheckboxes(ctx) {
+        const scrollEl = document.querySelector(SCROLL_CONTAINER_SEL);
+        if (!scrollEl) return false;
+
+        const pageEls = Array.from(document.querySelectorAll(PAGE_IMG_SEL));
+        if (pageEls.length === 0) return false;
+
+        if (getComputedStyle(scrollEl).position === 'static')
+            scrollEl.style.position = 'relative';
+
+        ctx.scrollEl = scrollEl;
+        ctx.pageEls  = pageEls;
+
+        // Initial render
+        _renderAllCheckboxes(ctx);
+
+        // ResizeObserver — watches every page image for size changes (zoom in/out)
+        const ro = new ResizeObserver(() => _repositionAll(ctx));
+        pageEls.forEach(el => ro.observe(el));
+        ctx.resizeObs = ro;
+
+        // Scroll — reposition when user scrolls the viewer
+        ctx.onScroll = () => _repositionAll(ctx);
+        scrollEl.addEventListener('scroll', ctx.onScroll, { passive: true });
+
+        // Window resize — debounced 60 ms
+        ctx.onResize = () => {
+            if (ctx.resizeTimer) clearTimeout(ctx.resizeTimer);
+            ctx.resizeTimer = setTimeout(() => _repositionAll(ctx), 60);
+        };
+        window.addEventListener('resize', ctx.onResize, { passive: true });
+
+        return true;
+    }
+
+    function _repositionAll(ctx) {
+        if (!ctx || !ctx.scrollEl) return;
+
+        const scrollEl = ctx.scrollEl;
+        const pageEls  = Array.from(document.querySelectorAll(PAGE_IMG_SEL)); // re-query in case DOM changed
+        if (pageEls.length === 0) return;
+
+        const scrollRect = scrollEl.getBoundingClientRect();
+
+        ctx.annotations.forEach(ann => {
+            const wrapper = document.querySelector(`.annot-sig-cb-wrapper[data-annot-id="${ann.id}"]`);
+            if (!wrapper) return;
+
+            const pageEl = pageEls[(ann.page || 1) - 1] ?? pageEls[pageEls.length - 1];
+            if (!pageEl) return;
+
+            const pageRect = pageEl.getBoundingClientRect();
+            if (pageRect.width === 0 || pageRect.height === 0) return;
+
+            const scaleX = pageRect.width  / DX_PAGE_WIDTH;
+            const scaleY = pageRect.height / DX_PAGE_HEIGHT;
+
+            const absLeft = pageRect.left - scrollRect.left + scrollEl.scrollLeft + (ann.x || 0) * scaleX;
+            const absTop  = pageRect.top  - scrollRect.top  + scrollEl.scrollTop  + (ann.y || 0) * scaleY;
+            const boxW    = SIG_WIDTH_DX  * scaleX;
+            const boxH    = SIG_HEIGHT_DX * scaleY;
+
+            wrapper.style.left   = Math.round(absLeft) + 'px';
+            wrapper.style.top    = Math.round(absTop)  + 'px';
+            wrapper.style.width  = Math.round(boxW)    + 'px';
+            wrapper.style.height = Math.round(boxH)    + 'px';
+        });
+    }
+
+    function _renderAllCheckboxes(ctx) {
+        const scrollEl  = ctx.scrollEl;
+        const pageEls   = ctx.pageEls;
+        const scrollRect = scrollEl.getBoundingClientRect();
+
+        ctx.annotations.forEach(ann => {
+            const pageEl = pageEls[(ann.page || 1) - 1] ?? pageEls[pageEls.length - 1];
+            if (!pageEl) return;
+
+            const pageRect = pageEl.getBoundingClientRect();
+            if (pageRect.width === 0 || pageRect.height === 0) return;
+
+            const scaleX = pageRect.width  / DX_PAGE_WIDTH;
+            const scaleY = pageRect.height / DX_PAGE_HEIGHT;
+
+            const absLeft = pageRect.left - scrollRect.left + scrollEl.scrollLeft + (ann.x || 0) * scaleX;
+            const absTop  = pageRect.top  - scrollRect.top  + scrollEl.scrollTop  + (ann.y || 0) * scaleY;
+            const boxW    = SIG_WIDTH_DX  * scaleX;
+            const boxH    = SIG_HEIGHT_DX * scaleY;
+
+            const isChecked = ctx.checkedIds.has(ann.id);
+            _createCheckboxOverlay(ann.id, scrollEl, absLeft, absTop, boxW, boxH, isChecked);
+        });
+    }
+
+    function _createCheckboxOverlay(annotationId, container, left, top, width, height, isChecked) {
+        const wrapper = document.createElement('div');
+        wrapper.className = 'annot-sig-cb-wrapper' + (isChecked ? ' annot-sig-cb-wrapper--checked' : '');
+        wrapper.setAttribute('data-annot-id', String(annotationId));
+
+        Object.assign(wrapper.style, {
+            position:   'absolute',
+            left:       Math.round(left)   + 'px',
+            top:        Math.round(top)    + 'px',
+            width:      Math.round(width)  + 'px',
+            height:     Math.round(height) + 'px',
+            zIndex:     '9999',
+            cursor:     'pointer',
+            boxSizing:  'border-box',
+        });
+
+        const cb = document.createElement('input');
+        cb.type = 'checkbox';
+        cb.checked = isChecked;
+        cb.className = 'annot-sig-cb';
+        cb.setAttribute('aria-label', 'Unterschriftsfeld bestaetigen');
+
+        const label = document.createElement('span');
+        label.className = 'annot-sig-cb__label';
+        label.textContent = isChecked ? '\u2713 Bestaetigt' : '\u270e Hier unterschreiben';
+
+        wrapper.appendChild(cb);
+        wrapper.appendChild(label);
+
+        wrapper.addEventListener('click', (e) => {
+            if (e.target !== cb) cb.checked = !cb.checked;
+            const checked = cb.checked;
+            wrapper.classList.toggle('annot-sig-cb-wrapper--checked', checked);
+            label.textContent = checked ? '\u2713 Bestaetigt' : '\u270e Hier unterschreiben';
+            if (_installCtx) {
+                if (checked) _installCtx.checkedIds.add(annotationId);
+                else         _installCtx.checkedIds.delete(annotationId);
+            }
+            if (_dotNetRef)
+                _dotNetRef.invokeMethodAsync('OnAnnotationToggled', annotationId, checked);
+        });
+
+        container.appendChild(wrapper);
+        overlayButtons.set(annotationId, { btn: wrapper, signed: isChecked });
+    }
+
+    function debugDumpViewerDom() {
+        const wrapper = document.querySelector(VIEWER_WRAPPER_SEL);
+        if (!wrapper) { console.warn('[annot] .receiver-viewer-wrapper not found'); return; }
+        console.group('[annot] viewer DOM snapshot');
+        const cs = new Set();
+        wrapper.querySelectorAll('*').forEach(el => el.classList.forEach(c => cs.add(c)));
+        console.log('classes:', [...cs].sort().join(', '));
+        console.log('scroll container:', document.querySelector(SCROLL_CONTAINER_SEL));
+        console.log('page images:', document.querySelectorAll(PAGE_IMG_SEL));
+        console.groupEnd();
+    }
+
+    // ?? Signature Pad ???????????????????????????????????????????????????????
+
+    function _pos(canvas, event) {
+        const r = canvas.getBoundingClientRect();
+        const s = (event.touches && event.touches.length) ? event.touches[0] : event;
+        return { x: (s.clientX - r.left) * (canvas.width / r.width), y: (s.clientY - r.top) * (canvas.height / r.height) };
+    }
+
+    function _clear(canvas) { canvas.getContext('2d').clearRect(0, 0, canvas.width, canvas.height); }
+
     function initialize(canvasId) {
         const canvas = document.getElementById(canvasId);
-        if (!canvas || pads.has(canvasId))
-            return;
-
-        const context = canvas.getContext('2d');
-        context.lineWidth = 2.5;
-        context.lineCap = 'round';
-        context.lineJoin = 'round';
-        context.strokeStyle = '#111';
-
+        if (!canvas || pads.has(canvasId)) return;
+        const ctx = canvas.getContext('2d');
+        ctx.lineWidth = 2.5; ctx.lineCap = 'round'; ctx.lineJoin = 'round'; ctx.strokeStyle = '#111';
         const state = { drawing: false, hasSignature: false };
         pads.set(canvasId, state);
-
-        const start = event => {
-            event.preventDefault();
-            const pos = getPosition(canvas, event);
-            state.drawing = true;
-            context.beginPath();
-            context.moveTo(pos.x, pos.y);
-        };
-
-        const move = event => {
-            if (!state.drawing)
-                return;
-
-            event.preventDefault();
-            const pos = getPosition(canvas, event);
-            context.lineTo(pos.x, pos.y);
-            context.stroke();
-            state.hasSignature = true;
-        };
-
-        const end = event => {
-            if (!state.drawing)
-                return;
-
-            event.preventDefault();
-            state.drawing = false;
-        };
-
+        const start = e => { e.preventDefault(); const p = _pos(canvas, e); state.drawing = true; ctx.beginPath(); ctx.moveTo(p.x, p.y); };
+        const move  = e => { if (!state.drawing) return; e.preventDefault(); const p = _pos(canvas, e); ctx.lineTo(p.x, p.y); ctx.stroke(); state.hasSignature = true; };
+        const end   = e => { if (!state.drawing) return; e.preventDefault(); state.drawing = false; };
         canvas.addEventListener('mousedown', start);
         canvas.addEventListener('mousemove', move);
         window.addEventListener('mouseup', end);
@@ -67,155 +258,80 @@ window.receiverSignature = (() => {
 
     function initializeTyped(canvasId) {
         const canvas = document.getElementById(canvasId);
-        if (!canvas || typedSignatures.has(canvasId))
-            return;
-
+        if (!canvas || typedSignatures.has(canvasId)) return;
         typedSignatures.set(canvasId, { hasSignature: false });
     }
 
     function initializeImage(inputId, canvasId) {
         const input  = document.getElementById(inputId);
         const canvas = document.getElementById(canvasId);
-        if (!input || !canvas || imageSignatures.has(canvasId))
-            return;
-
+        if (!input || !canvas || imageSignatures.has(canvasId)) return;
         const state = { hasSignature: false };
         imageSignatures.set(canvasId, state);
-
         input.addEventListener('change', () => {
-            const file = input.files && input.files.length ? input.files[0] : null;
-            if (!file || !file.type.startsWith('image/')) {
-                clearCanvas(canvas);
-                state.hasSignature = false;
-                return;
-            }
-
+            const file = input.files && input.files[0];
+            if (!file || !file.type.startsWith('image/')) { _clear(canvas); state.hasSignature = false; return; }
             const reader = new FileReader();
             reader.onload = () => {
-                const image = new Image();
-                image.onload = () => {
-                    const context = canvas.getContext('2d');
-                    clearCanvas(canvas);
-
-                    const padding = 10;
-                    const maxWidth = canvas.width - padding * 2;
-                    const maxHeight = canvas.height - padding * 2;
-                    const scale = Math.min(maxWidth / image.width, maxHeight / image.height, 1);
-                    const width = image.width * scale;
-                    const height = image.height * scale;
-                    const x = (canvas.width - width) / 2;
-                    const y = (canvas.height - height) / 2;
-
-                    context.drawImage(image, x, y, width, height);
+                const img = new Image();
+                img.onload = () => {
+                    const ctx = canvas.getContext('2d'); _clear(canvas);
+                    const p = 10, mw = canvas.width - p * 2, mh = canvas.height - p * 2;
+                    const s = Math.min(mw / img.width, mh / img.height, 1);
+                    ctx.drawImage(img, (canvas.width - img.width * s) / 2, (canvas.height - img.height * s) / 2, img.width * s, img.height * s);
                     state.hasSignature = true;
                 };
-                image.src = reader.result;
+                img.src = reader.result;
             };
             reader.readAsDataURL(file);
         });
     }
 
     function clear(canvasId) {
-        const canvas = document.getElementById(canvasId);
-        const state = pads.get(canvasId);
-        if (!canvas || !state)
-            return;
-
-        clearCanvas(canvas);
-        state.hasSignature = false;
+        const c = document.getElementById(canvasId); const s = pads.get(canvasId);
+        if (c && s) { _clear(c); s.hasSignature = false; }
     }
 
     function clearTyped(canvasId) {
-        const canvas = document.getElementById(canvasId);
-        const state = typedSignatures.get(canvasId);
-        if (!canvas || !state)
-            return;
-
-        clearCanvas(canvas);
-        state.hasSignature = false;
+        const c = document.getElementById(canvasId); const s = typedSignatures.get(canvasId);
+        if (c && s) { _clear(c); s.hasSignature = false; }
     }
 
     function clearImage(inputId, canvasId) {
-        const input = document.getElementById(inputId);
-        const canvas = document.getElementById(canvasId);
-        const state = imageSignatures.get(canvasId);
-        if (!canvas || !state)
-            return;
-
-        if (input)
-            input.value = '';
-
-        clearCanvas(canvas);
-        state.hasSignature = false;
+        const inp = document.getElementById(inputId); const c = document.getElementById(canvasId); const s = imageSignatures.get(canvasId);
+        if (c && s) { if (inp) inp.value = ''; _clear(c); s.hasSignature = false; }
     }
 
     function renderTypedSignature(canvasId, text, fontFamily) {
-        const canvas = document.getElementById(canvasId);
-        const state = typedSignatures.get(canvasId);
-        if (!canvas || !state)
-            return;
-
-        const value = (text || '').trim();
-        clearCanvas(canvas);
-
-        if (!value) {
-            state.hasSignature = false;
-            return;
-        }
-
-        const context = canvas.getContext('2d');
-        const maxWidth = canvas.width - 30;
-        let fontSize = 54;
-
-        do {
-            context.font = `italic ${fontSize}px ${fontFamily || 'cursive'}`;
-            fontSize -= 2;
-        } while (context.measureText(value).width > maxWidth && fontSize > 24);
-
-        context.fillStyle = '#111';
-        context.textBaseline = 'middle';
-        context.textAlign = 'center';
-        context.fillText(value, canvas.width / 2, canvas.height / 2);
+        const canvas = document.getElementById(canvasId); const state = typedSignatures.get(canvasId);
+        if (!canvas || !state) return;
+        const value = (text || '').trim(); _clear(canvas);
+        if (!value) { state.hasSignature = false; return; }
+        const ctx = canvas.getContext('2d'); let fs = 54;
+        do { ctx.font = 'italic ' + fs + 'px ' + (fontFamily || 'cursive'); fs -= 2; }
+        while (ctx.measureText(value).width > canvas.width - 30 && fs > 24);
+        ctx.fillStyle = '#111'; ctx.textBaseline = 'middle'; ctx.textAlign = 'center';
+        ctx.fillText(value, canvas.width / 2, canvas.height / 2);
         state.hasSignature = true;
     }
 
-    function getDataUrl(canvasId) {
-        const canvas = document.getElementById(canvasId);
-        const state = pads.get(canvasId);
-        if (!canvas || !state || !state.hasSignature)
-            return null;
-
-        return canvas.toDataURL('image/png');
-    }
-
-    function getTypedDataUrl(canvasId) {
-        const canvas = document.getElementById(canvasId);
-        const state = typedSignatures.get(canvasId);
-        if (!canvas || !state || !state.hasSignature)
-            return null;
-
-        return canvas.toDataURL('image/png');
-    }
-
-    function getImageDataUrl(canvasId) {
-        const canvas = document.getElementById(canvasId);
-        const state = imageSignatures.get(canvasId);
-        if (!canvas || !state || !state.hasSignature)
-            return null;
-
-        return canvas.toDataURL('image/png');
-    }
+    function getDataUrl(id)      { const c = document.getElementById(id); const s = pads.get(id);            return (c && s && s.hasSignature) ? c.toDataURL('image/png') : null; }
+    function getTypedDataUrl(id) { const c = document.getElementById(id); const s = typedSignatures.get(id); return (c && s && s.hasSignature) ? c.toDataURL('image/png') : null; }
+    function getImageDataUrl(id) { const c = document.getElementById(id); const s = imageSignatures.get(id); return (c && s && s.hasSignature) ? c.toDataURL('image/png') : null; }
 
+    // ?? Public API ??????????????????????????????????????????????????????????
     return {
-        initialize,
-        initializeTyped,
-        initializeImage,
-        clear,
-        clearTyped,
-        clearImage,
-        renderTypedSignature,
-        getDataUrl,
-        getTypedDataUrl,
-        getImageDataUrl
+        installAnnotationCheckboxes: installAnnotationCheckboxes,
+        debugDumpViewerDom:          debugDumpViewerDom,
+        initialize:                  initialize,
+        initializeTyped:             initializeTyped,
+        initializeImage:             initializeImage,
+        clear:                       clear,
+        clearTyped:                  clearTyped,
+        clearImage:                  clearImage,
+        renderTypedSignature:        renderTypedSignature,
+        getDataUrl:                  getDataUrl,
+        getTypedDataUrl:             getTypedDataUrl,
+        getImageDataUrl:             getImageDataUrl
     };
 })();

EnvelopeGenerator.Tests/Application/Fake.cs

@@ -193,13 +193,12 @@ public static class Extensions
     #endregion
 
     #region Envelope
-    public static CreateEnvelopeCommand CreateEnvelopeCommand(this Faker fake, int userId) => new()
+    public static CreateEnvelopeCommand CreateEnvelopeCommand(this Faker fake, int userId) => new CreateEnvelopeCommand()
     {
         Message = fake.Lorem.Paragraph(fake.Random.Number(2, 5)),
         Title = fake.Lorem.Words(fake.Random.Number(3, 4)).Join(" "),
-        UserId = userId,
         UseSQLExecutor = false
-    };
+    }.WithAuth(userId);
 
     public static List<CreateEnvelopeCommand> CreateEnvelopeCommands(this Faker fake, params int[] userIDs)
         => Enumerable.Range(0, userIDs.Length)

EnvelopeGenerator.Tests/Domain/ConstantsTests.cs

@@ -1,17 +0,0 @@
-using EnvelopeGenerator.Domain.Constants;
-using NUnit.Framework;
-
-namespace EnvelopeGenerator.Tests.Domain;
-
-public class ConstantsTests
-{
-    [TestCase(EnvelopeSigningType.ReadAndSign, EnvelopeSigningType.ReadAndSign)]
-    [TestCase(EnvelopeSigningType.WetSignature, EnvelopeSigningType.WetSignature)]
-    [TestCase((EnvelopeSigningType)5, EnvelopeSigningType.WetSignature)]
-    public void Normalize_ReturnsExpectedValue(EnvelopeSigningType input, EnvelopeSigningType expected)
-    {
-        var normalized = input.Normalize();
-
-        Assert.That(normalized, Is.EqualTo(expected));
-    }
-}

EnvelopeGenerator.Web/Controllers/EnvelopeController.cs

@@ -438,4 +438,10 @@ public class EnvelopeController : ViewControllerBase
             return this.ViewDocumentNotFound();
         }
     }
+
+    [HttpGet("EnvelopeReceiverWithSecretByMediatr")]
+    public async Task<IActionResult> EnvelopeReceiverWithSecretByMediatr([FromQuery] ReadEnvelopeReceiverSecretQuery q, CancellationToken cancel)
+    {
+        return await _mediator.Send(q, cancel) is EnvelopeReceiverSecretDto dto ? Ok(dto) : NotFound();
+    }
 }

EnvelopeGenerator.Web/EnvelopeGenerator.Web.csproj

@@ -2175,6 +2175,7 @@
 
 	<ItemGroup>
 		<ProjectReference Include="..\EnvelopeGenerator.Application\EnvelopeGenerator.Application.csproj" />
+		<ProjectReference Include="..\EnvelopeGenerator.DependencyInjection\EnvelopeGenerator.DependencyInjection.csproj" />
 		<ProjectReference Include="..\EnvelopeGenerator.Infrastructure\EnvelopeGenerator.Infrastructure.csproj" />
 		<ProjectReference Include="..\EnvelopeGenerator.PdfEditor\EnvelopeGenerator.PdfEditor.csproj" />
 	</ItemGroup>

EnvelopeGenerator.Web/Program.cs

@@ -1,4 +1,3 @@
-using EnvelopeGenerator.Application.Services;
 using Microsoft.EntityFrameworkCore;
 using NLog;
 using Quartz;
@@ -9,14 +8,12 @@ using EnvelopeGenerator.Web.Models;
 using System.Text.Encodings.Web;
 using Ganss.Xss;
 using Microsoft.Extensions.Options;
-using EnvelopeGenerator.Application;
 using DigitalData.EmailProfilerDispatcher;
 using EnvelopeGenerator.Infrastructure;
 using EnvelopeGenerator.Web.Sanitizers;
 using EnvelopeGenerator.Web.Models.Annotation;
-using DigitalData.UserManager.DependencyInjection;
 using EnvelopeGenerator.Web.Middleware;
-using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.DependencyInjection;
 using EnvelopeGenerator.Web;
 
 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
@@ -57,8 +54,6 @@ try
         });
     });
 
-    builder.Services.AddHttpContextAccessor();
-
     builder.ConfigureBySection<TFARegParams>();
 
     // Add controllers and razor views
@@ -95,17 +90,9 @@ try
     var connStr = config.GetConnectionString(cnnStrName)
         ?? throw new InvalidOperationException($"Connection string '{cnnStrName}' is missing in the application configuration.");
 
-    builder.Services.AddDistributedSqlServerCache(options =>
-    {
-        options.ConnectionString = connStr;
-        options.SchemaName = "dbo";
-        options.TableName = "TBDD_CACHE";
-    });
-
     // Add envelope generator services
-#pragma warning disable CS0618 // Type or member is obsolete
-    builder.Services.AddEnvelopeGeneratorInfrastructureServices(
-        opt =>
+    builder.Services.AddEnvelopeGenerator(config,
+        infrastructureOptions: opt =>
         {
             opt.AddDbTriggerParams(config);
             opt.AddDbContext((provider, options) =>
@@ -116,12 +103,16 @@ try
                         .EnableSensitiveDataLogging()
                         .EnableDetailedErrors();
             });
+        },
+        options: opt =>
+        {
+            opt.SqlCacheOptions = new()
+            {
+                ConnectionString = connStr,
+                SchemaName = "dbo",
+                TableName = "TBDD_CACHE"
+            };
         });
-#pragma warning restore CS0618 // Type or member is obsolete
-
-#pragma warning disable CS0618 // Type or member is obsolete
-    builder.Services.AddEnvelopeGeneratorServices(config);
-#pragma warning restore CS0618 // Type or member is obsolete
 
     builder.Services.Configure<CookiePolicyOptions>(options =>
     {
@@ -169,22 +160,12 @@ try
     builder.Services.AddSingleton(sp => sp.GetRequiredService<IOptions<MultiCulture>>().Value);
 
     // Register mail services
-#pragma warning disable CS0618 // Type or member is obsolete
-    builder.Services.AddScoped<IEnvelopeMailService, EnvelopeMailService>();
-#pragma warning restore CS0618 // Type or member is obsolete
-
-    builder.Services.AddDispatcher<EGDbContext>();
-
-    builder.Services.AddMemoryCache();
+    builder.Services.AddEnvelopeMailService();
 
     builder.ConfigureBySection<CustomImages>();
 
     builder.ConfigureBySection<AnnotationParams>();
 
-#pragma warning disable CS0618 // Type or member is obsolete
-    builder.Services.AddUserManager<EGDbContext>();
-#pragma warning restore CS0618 // Type or member is obsolete
-
     var app = builder.Build();
 
     app.UseMiddleware<ExceptionHandlingMiddleware>();

EnvelopeGenerator.Web/wwwroot/js/util.min.js

@@ -1 +1 @@
-function detailedCurrentDate(){return new Intl.DateTimeFormat(getCurrentCulture(),{day:"2-digit",month:"2-digit",year:"numeric",hour:"2-digit",minute:"2-digit",second:"2-digit",timeZoneName:"shortOffset"}).format()}function findNearest(e,t,o,n){const r=n.reduce(((n,r)=>{const i=Math.sqrt((t(e)-t(r))**2+(o(e)-o(r))**2);return i<n.dist?{dist:i,dest:r}:n}),{dist:1/0,dest:null});return r.dest}const getCurrentCulture=()=>("undefined"!=typeof localized&&localized.culture)?localized.culture:navigator.language||"en-US";const B64ToBuff=e=>new Uint8Array(Array.from(atob(e),e=>e.charCodeAt(0))).buffer;const getLocaleDateString=e=>new Date().toLocaleDateString(getCurrentCulture());
+function detailedCurrentDate(){return new Intl.DateTimeFormat(getCurrentCulture(),{day:"2-digit",month:"2-digit",year:"numeric",hour:"2-digit",minute:"2-digit",second:"2-digit",timeZoneName:"shortOffset"}).format()}function findNearest(n,t,i,r){const u=r=>Math.sqrt((t(n)-t(r))**2+(i(n)-i(r))**2);return r.reduce((n,t)=>{const i=u(t);return i<n.dist?{dist:i,dest:t}:n},{dist:Infinity,dest:null}).dest}const getCurrentCulture=()=>typeof localized!="undefined"&&localized.culture?localized.culture:navigator.language||"en-US",B64ToBuff=n=>new Uint8Array(Array.from(atob(n),n=>n.charCodeAt(0))).buffer,getLocaleDateString=()=>(new Date).toLocaleDateString(getCurrentCulture());

EnvelopeGenerator.sln

@@ -35,6 +35,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EnvelopeGenerator.Tests", "
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EnvelopeGenerator.API", "EnvelopeGenerator.API\EnvelopeGenerator.API.csproj", "{EC768913-6270-14F4-1DD3-69C87A659462}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EnvelopeGenerator.DependencyInjection", "EnvelopeGenerator.DependencyInjection\EnvelopeGenerator.DependencyInjection.csproj", "{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}"
+EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EnvelopeGenerator.ReceiverUI", "EnvelopeGenerator.ReceiverUI\EnvelopeGenerator.ReceiverUI.csproj", "{FB2D306B-1042-4A70-31ED-F991A1599371}"
 EndProject
 Global
@@ -87,6 +89,10 @@ Global
 		{EC768913-6270-14F4-1DD3-69C87A659462}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{EC768913-6270-14F4-1DD3-69C87A659462}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{EC768913-6270-14F4-1DD3-69C87A659462}.Release|Any CPU.Build.0 = Release|Any CPU
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2}.Release|Any CPU.Build.0 = Release|Any CPU
 		{FB2D306B-1042-4A70-31ED-F991A1599371}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{FB2D306B-1042-4A70-31ED-F991A1599371}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{FB2D306B-1042-4A70-31ED-F991A1599371}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -110,6 +116,7 @@ Global
 		{211619F5-AE25-4BA5-A552-BACAFE0632D3} = {9943209E-1744-4944-B1BA-4F87FC1A0EEB}
 		{224C4845-1CDE-22B7-F3A9-1FF9297F70E8} = {0CBC2432-A561-4440-89BC-671B66A24146}
 		{EC768913-6270-14F4-1DD3-69C87A659462} = {E3C758DC-914D-4B7E-8457-0813F1FDB0CB}
+		{5DCCF9A1-C03F-90E6-87D3-E96DB25250C2} = {E3C758DC-914D-4B7E-8457-0813F1FDB0CB}
 		{FB2D306B-1042-4A70-31ED-F991A1599371} = {E3C758DC-914D-4B7E-8457-0813F1FDB0CB}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution