Project Folder Name changed from SurveyResponses to Responses

DamageAssesmentApi/DamageAssesment.Api.Answers/Controllers/AnswersController.cs

@@ -1,7 +1,6 @@
 using DamageAssesment.Api.Answers.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.OpenApi.Any;
 
 namespace DamageAssesment.Api.Answers.Controllers
 {
@@ -16,7 +15,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Get all answers
         /// </summary>
-        
+        [Authorize(Roles = "admin")]
         [HttpGet("Answers")]
         public async Task<ActionResult> GetAnswersAsync() {
         
@@ -32,7 +31,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// Get an answer based on answerId.
         /// </summary>
 
-
+        [Authorize(Roles = "admin")]
         [HttpGet("Answers/{Id}")]
         public async Task<ActionResult> GetAnswerByIdAsync(int Id)
         {
@@ -48,6 +47,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Get all answers based on responseId.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpGet("Answers/ByResponse/{responseid}")]
         public async Task<IActionResult> GetAnswersByResponseId(int responseid)
         {
@@ -61,7 +61,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Get all answers based on questionId.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("Answers/ByQuestion/{questionid}")]
         public async Task<IActionResult> AnswersByQuestionId(int questionid)
         {
@@ -75,7 +75,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Update an existing answer.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPut("Answers")]
         public async Task<IActionResult> UpdateAnswer(Models.Answer answer)
         {
@@ -96,7 +96,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Save a new answer.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPost("Answers")]
         public async Task<IActionResult> CreateAnswer(Models.Answer answer)
         {
@@ -114,7 +114,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         ///  Delete an existing answer.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpDelete("Answers/{id}")]
         public async Task<IActionResult> DeleteAnswer(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs

@@ -1,23 +1,73 @@
 using DamageAssesment.Api.Answers.Db;
 using DamageAssesment.Api.Answers.Interfaces;
 using DamageAssesment.Api.Answers.Providers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 using System.Reflection;
+using System.Text;
 
 var builder = WebApplication.CreateBuilder(args);
-
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 // Add services to the container.
 
 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
 builder.Services.AddScoped<IAnswersProvider, AnswersProvider>();
 builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); //4/30
@@ -35,7 +85,7 @@ if (app.Environment.IsDevelopment())
     app.UseSwagger();
     app.UseSwaggerUI();
 }
-
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();

DamageAssesmentApi/DamageAssesment.Api.Attachments/Controllers/AttachmentsController.cs

@@ -1,6 +1,7 @@
 using Azure;
 using DamageAssesment.Api.Attachments.Interfaces;
 using DamageAssesment.Api.Attachments.Models;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using System.Net.Http.Headers;
@@ -21,7 +22,7 @@ namespace DamageAssesment.Api.Attachments.Controllers
         /// <summary>
         /// Get all attachments.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("Attachments")]
         public async Task<ActionResult> GetAttachmentsAsync()
         {
@@ -37,6 +38,7 @@ namespace DamageAssesment.Api.Attachments.Controllers
         /// <summary>
         /// Get all attachments by attachmentId.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpGet("Attachments/{id}")]
         public async Task<ActionResult> GetAttachmentbyIdAsync(int id)
         {
@@ -80,7 +82,7 @@ namespace DamageAssesment.Api.Attachments.Controllers
         /// <summary>
         /// Save new Attachment(s)
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPost("Attachments"), DisableRequestSizeLimit]
         public async Task<IActionResult> UploadAttachmentAsync(AttachmentInfo attachmentInfo)
         {
@@ -107,7 +109,7 @@ namespace DamageAssesment.Api.Attachments.Controllers
         /// <summary>
         /// Modify an new attachment.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPut("Attachments"), DisableRequestSizeLimit]
         public async Task<IActionResult> UpdateAttachmentAsync(AttachmentInfo attachmentInfo)
         {
@@ -138,6 +140,7 @@ namespace DamageAssesment.Api.Attachments.Controllers
         /// <summary>
         /// Delete an existing attachment.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpDelete("Attachments/{id}")]
         public async Task<IActionResult> DeleteAttachment(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs

@@ -1,25 +1,75 @@
 using DamageAssesment.Api.Attachments.Db;
 using DamageAssesment.Api.Attachments.Interfaces;
 using DamageAssesment.Api.Attachments.Providers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.FileProviders;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 using System.Reflection;
+using System.Text;
 
 var builder = WebApplication.CreateBuilder(args);
-
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 // Add services to the container.
 
 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
 builder.Services.AddScoped<IAttachmentsProvider, AttachmentsProvider>();
 builder.Services.AddScoped<IUploadService, UploadService>();
@@ -45,6 +95,7 @@ if (app.Environment.IsDevelopment())
     app.UseSwaggerUI();
 }
 
+app.UseAuthentication();
 app.UseAuthorization();
 app.UseHttpsRedirection();
 

DamageAssesmentApi/DamageAssesment.Api.Documents/Controllers/DocumentsController.cs

@@ -2,6 +2,7 @@
 using DamageAssesment.Api.Documents.Interfaces;
 using DamageAssesment.Api.Documents.Models;
 using DamageAssesment.Api.Documents.Providers;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -24,6 +25,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// Get all document link type.
         /// </summary>
         [HttpGet]
+        [Authorize(Roles = "admin")]
         [Route("doculinks/types")]
         public async Task<IActionResult> GetLinkTypesAsync()
         {
@@ -37,6 +39,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// <summary>
         /// Get a document link type by id.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpGet]
         [Route("doculinks/types/{id}")]
         public async Task<IActionResult> GetLinkTypeAsync(int id)
@@ -51,6 +54,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// <summary>
         /// Update a existing document link type.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpPut]
         [Route("doculinks/types")]
         public async Task<IActionResult> UpdateLinkType(Models.LinkType linkType)
@@ -72,6 +76,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// <summary>
         /// Create a new document link type.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpPost]
         [Route("doculinks/types")]
         public async Task<IActionResult> CreateLinkType(Models.LinkType linkType)
@@ -90,6 +95,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// <summary>
         /// Delete a  existing document link type by id.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpDelete]
         [Route("doculinks/types/{id}")]
         public async Task<IActionResult> DeleteLinkType(int id)
@@ -101,11 +107,12 @@ namespace DamageAssesment.Api.Documents.Controllers
             }
             return NotFound();
         }
-            /// <summary>
-            /// Get all documents.
-            /// </summary>
-            /// 
-            [Route("doculinks")]
+        /// <summary>
+        /// Get all documents.
+        /// </summary>
+        
+        [Authorize(Roles = "admin")]
+        [Route("doculinks")]
         [Route("doculinks/{linktype:alpha}")]
         [Route("doculinks/{linktype:alpha}/{language:alpha}")]
         [HttpGet]
@@ -138,6 +145,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// <summary>
         /// Get a document by id.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpGet]
         [Route("doculinks/{id}")]
         [Route("doculinks/{id}/{linktype:alpha}")]
@@ -154,6 +162,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// <summary>
         /// Upload new document.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpPut]
         [Route("doculinks/{id}")]
         public async Task<IActionResult> UpdateDocument(int id,DocumentInfo documentInfo)
@@ -178,6 +187,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// <summary>
         /// update existing document.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpPost]
         [Route("doculinks")]
         public async Task<IActionResult> CreateDocument(DocumentInfo documentInfo)
@@ -205,6 +215,7 @@ namespace DamageAssesment.Api.Documents.Controllers
         /// <summary>
         /// Delete document by id.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpDelete]
         [Route("doculinks/{id}")]
         public async Task<IActionResult> DeleteDocument(int id)

DamageAssesmentApi/DamageAssesment.Api.Documents/DASA_Documents/Active/Document_1.txt

@@ -1 +0,0 @@
-sample

DamageAssesmentApi/DamageAssesment.Api.Documents/DamageAssesment.Api.DocuLinks.csproj

@@ -10,6 +10,7 @@
   <ItemGroup>
     <PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="12.0.1" />
     <PackageReference Include="Azure.Storage.Blobs" Version="12.16.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.21" />
     <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.2.7" />
     <PackageReference Include="Microsoft.EntityFrameworkCore" Version="7.0.9" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="7.0.9">

DamageAssesmentApi/DamageAssesment.Api.Documents/Program.cs

@@ -2,23 +2,73 @@ using DamageAssesment.Api.Documents.Db;
 using DamageAssesment.Api.Documents.Interfaces;
 using DamageAssesment.Api.Documents.Providers;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Tokens;
 using System.Reflection;
+using System.Text;
+using Microsoft.OpenApi.Models;
 
 var builder = WebApplication.CreateBuilder(args);
 
 // Add services to the container.
-
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 builder.Services.AddControllers();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
-builder.Services.AddSwaggerGen();
+//builder.Services.AddSwaggerGen();
 builder.Services.AddScoped<IDocumentsProvider, documentsProvider>();
 builder.Services.AddScoped<IUploadService, UploadService>();
 builder.Services.AddScoped<IAzureBlobService, AzureBlobService>();
@@ -36,6 +86,7 @@ if (app.Environment.IsDevelopment())
     app.UseSwaggerUI();
 }
 
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();

DamageAssesmentApi/DamageAssesment.Api.Documents/Properties/launchSettings.json

@@ -14,7 +14,7 @@
       "dotnetRunMessages": true,
       "launchBrowser": true,
       "launchUrl": "swagger",
-      "applicationUrl": "http://localhost:5133",
+      "applicationUrl": "http://localhost:5136",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }

DamageAssesmentApi/DamageAssesment.Api.Documents/appsettings.json

@@ -6,8 +6,12 @@
     }
   },
   "AllowedHosts": "*",
+  "JwtSettings": {
+    "securitykey": "bWlhbWkgZGFkZSBzY2hvb2xzIHNlY3JldCBrZXk="
+  },
   "Fileupload": {
     "folderpath": "DASA_Documents/Active",
     "Deletepath": "DASA_Documents/Deleted"
   }
 }
+

DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs

@@ -1,4 +1,5 @@
 using DamageAssesment.Api.Employees.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -18,7 +19,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// <summary>
         /// GET request for retrieving employees.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("Employees")]
         public async Task<ActionResult> GetEmployeesAsync()
         {
@@ -35,7 +36,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// <summary>
         /// GET request for retrieving an employee by ID.
         /// </summary>
-        
+        [Authorize(Roles = "admin")]
         [HttpGet("Employees/{id}")]
         public async Task<ActionResult> GetEmployeeByIdAsync(int id)
         {
@@ -53,6 +54,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// PUT request for updating an existing employee.
         /// </summary>
         /// <param name="Employee">The updated employee object.</param>
+        [Authorize(Roles = "admin")]
         [HttpPut("Employees/{id}")]
         public async Task<IActionResult> UpdateEmployee(int id, Models.Employee Employee)
         {
@@ -75,6 +77,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// POST request for creating a new employee.
         /// </summary>
         /// <param name="Employee">The employee information for creating a new employee.</param>
+        [Authorize(Roles = "admin")]
         [HttpPost("Employees")]
         public async Task<IActionResult> CreateEmployee(Models.Employee Employee)
         {
@@ -93,6 +96,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// DELETE request for deleting an existing employee.
         /// </summary>
         /// <param name="id">The ID of the employee to be deleted.</param>
+        [Authorize(Roles = "admin")]
         [HttpDelete("Employees/{id}")]
         public async Task<IActionResult> DeleteEmployee(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs

@@ -1,23 +1,74 @@
 using DamageAssesment.Api.Employees.Db;
 using DamageAssesment.Api.Employees.Interfaces;
 using DamageAssesment.Api.Employees.Providers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 using System.Reflection;
+using System.Text;
 
 var builder = WebApplication.CreateBuilder(args);
 
 // Add services to the container.
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 
 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
 
 builder.Services.AddScoped<IEmployeesProvider, EmployeesProvider>();
@@ -43,6 +94,7 @@ if (app.Environment.IsDevelopment())
     }
 }
 
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();

DamageAssesmentApi/DamageAssesment.Api.Employees/appsettings.json

@@ -8,10 +8,5 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "AllowedHosts": "*",
-  "settings": {
-    "endpoint1": "xxx",
-    "endpoint2": "xxx",
-    "endpoint3": "xxx"
-  }
+  "AllowedHosts": "*"
 }

DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/LocationsController.cs

@@ -1,4 +1,5 @@
 using DamageAssesment.Api.Locations.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -15,7 +16,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// Get all locations.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("Locations")]
         public async Task<ActionResult> GetLocationsAsync()
         {
@@ -31,7 +32,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// Get all locations based on locationdId.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("Locations/{id}")]
         public async Task<ActionResult> GetLocationByIdAsync(int id)
         {
@@ -47,7 +48,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// Update a Location.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPut("Locations/{id}")]
         public async Task<IActionResult> UpdateLocation(int id, Models.Location Location)
         {
@@ -65,7 +66,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// Save a new location.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPost("Locations")]
         public async Task<IActionResult> CreateLocation(Models.Location Location)
         {
@@ -83,7 +84,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// Delete an existing location.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpDelete("Locations/{id}")]
         public async Task<IActionResult> DeleteLocation(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/RegionsController.cs

@@ -1,4 +1,5 @@
 using DamageAssesment.Api.Locations.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace DamageAssesment.Api.Locations.Controllers
@@ -15,7 +16,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// Get all regions.2
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("regions")]
         public async Task<ActionResult> GetRegionsAsync()
         {
@@ -29,7 +30,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// GET request for retrieving a region by its ID.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("regions/{id}")]
         public async Task<ActionResult> GetRegionAsync(int id)
         {
@@ -43,7 +44,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// POST request for creating a new region.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPost("regions")]
         public async Task<ActionResult> PostRegionAsync(Models.Region region)
         {
@@ -57,7 +58,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// <summary>
         /// PUT request for updating an existing region.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPut("regions/{id}")]
         public async Task<ActionResult> PutRegionAsync(int id, Models.Region region)
         {
@@ -75,7 +76,7 @@ namespace DamageAssesment.Api.Locations.Controllers
         /// DELETE request for deleting a region based on ID.
         /// </summary>
 
-
+        [Authorize(Roles = "admin")]
         [HttpDelete("regions/{id}")]
         public async Task<ActionResult> DeleteRegionAsync(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs

@@ -1,23 +1,73 @@
 using DamageAssesment.Api.Locations.Db;
 using DamageAssesment.Api.Locations.Interfaces;
 using DamageAssesment.Api.Locations.Providers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 using System.Reflection;
+using System.Text;
 
 var builder = WebApplication.CreateBuilder(args);
 
 // Add services to the container.
-
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
 builder.Services.AddScoped<ILocationsProvider, LocationsProvider>();
 builder.Services.AddScoped<IRegionsProvider, RegionsProvider>();
@@ -26,7 +76,10 @@ builder.Services.AddDbContext<LocationDbContext>(option =>
 {
     option.UseInMemoryDatabase("Locations");
 });
+
+
 var app = builder.Build();
+// Add services to the container.
 
 // Configure the HTTP request pipeline.
 if (app.Environment.IsDevelopment())
@@ -44,6 +97,7 @@ if (app.Environment.IsDevelopment())
     }
 }
 
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();

DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs

@@ -1,4 +1,5 @@
 using DamageAssesment.Api.Questions.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace DamageAssesment.Api.Questions.Controllers
@@ -10,16 +11,14 @@ namespace DamageAssesment.Api.Questions.Controllers
 
         public QuestionsController(IQuestionsProvider questionsProvider)
         {
-
             this.questionsProvider = questionsProvider;
-
         }
-
         /// <summary>
         /// GET request for retrieving questions.
         /// </summary>
 
-        // get all questions
+        //get all questions
+        [Authorize(Roles = "admin,survey,user,report")]
         [Route("Questions")]
         [Route("Questions/{language:alpha}")]
         [HttpGet]
@@ -37,6 +36,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// <summary>
         /// GET request for retrieving a question by ID.
         /// </summary>
+        [Authorize(Roles = "admin,survey,user,report")]
         [Route("Questions/{id}/{language:alpha}")]
         [Route("Questions/{id:int}")]
         [HttpGet]
@@ -55,6 +55,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// GET request for retrieving survey questions based on a survey ID.
         /// Uri: {Optional language}/GetSurveyQuestions/{surveyId} :Default returns question in all languages 
         /// </summary>
+        [Authorize(Roles = "admin,survey,user,report")]
         [Route("Questions/BySurvey/{surveyId:int}")]
         [Route("Questions/BySurvey/{surveyId:int}/{language:alpha}")]
         [HttpGet]
@@ -71,6 +72,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// PUT request for updating a question (multilingual).
         /// </summary>
 
+        [Authorize(Roles = "admin")]
         [HttpPut("Questions")]
         public async Task<IActionResult> UpdateQuestion(Models.Question question)
         {
@@ -92,6 +94,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// POST request for creating a new question (multilingual).
         /// </summary>
 
+        [Authorize(Roles = "admin")]
         [HttpPost("Questions")]
         public async Task<IActionResult> CreateQuestion(Models.Question question)
         {
@@ -110,6 +113,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// DELETE request for deleting a question based on ID.
         /// </summary>
 
+        [Authorize(Roles = "admin")]
         [HttpDelete("Questions/{id}")]
         public async Task<IActionResult> DeleteQuestion(int id)
         {
@@ -125,6 +129,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// GET request for retrieving question categories.
         /// </summary>
 
+        [Authorize(Roles = "admin,user,report")]
         [HttpGet("Questions/Categories")]
         [HttpGet("Questions/Categories/{language:alpha}")]
         public async Task<IActionResult> GetQuestionCategoriesAsync(string? language)
@@ -139,7 +144,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// <summary>
         /// GET request for retrieving a question category by ID.
         /// </summary>
-
+        [Authorize(Roles = "admin,report")]
         [HttpGet("Questions/Categories/{id:int}")]
         [HttpGet("Questions/Categories/{id:int}/{language:alpha}")]
         public async Task<IActionResult> GetQuestionCategoryAsync(int id,string? language)
@@ -156,7 +161,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// <summary>
         /// PUT request for updating a question category.
         /// </summary>
-
+        [Authorize(Roles = "admin,survey,report")]
         [HttpPut("Questions/Categories")]
         public async Task<IActionResult> UpdateQuestionCategory(Models.QuestionCategory questionCategory)
         {
@@ -178,6 +183,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// POST request for creating a new question category.
         /// </summary>
 
+        [Authorize(Roles = "admin")]
         [HttpPost("Questions/Categories")]
         public async Task<IActionResult> CreateQuestionCategory(Models.QuestionCategory questionCategory)
         {
@@ -196,6 +202,7 @@ namespace DamageAssesment.Api.Questions.Controllers
         /// DELETE request for deleting a question category based on ID.
         /// </summary>
 
+        [Authorize(Roles = "admin")]
         [HttpDelete("Questions/Categories/{id}")]
         public async Task<IActionResult> DeleteQuestionCategory(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Questions/Models/Question.cs

@@ -12,7 +12,7 @@
         public bool IsRequired { get; set; }
         public bool Comment { get; set; }
         public bool Key { get; set; }
-        public int? SurveyId { get; set; }
+        public int SurveyId { get; set; }
         public int CategoryId { get; set; }
     }
 }

DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs

@@ -1,11 +1,33 @@
 using DamageAssesment.Api.Questions.Db;
 using DamageAssesment.Api.Questions.Interfaces;
 using DamageAssesment.Api.Questions.Providers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 using System.Reflection;
+using System.Text;
 
 var builder = WebApplication.CreateBuilder(args);
-
+// Add services to the container.
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 // Add services to the container.
 
 builder.Services.AddControllers();
@@ -17,13 +39,41 @@ builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
 
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+    options.AddSecurityRequirement(securityRequirements);
 });
+
 builder.Services.AddDbContext<QuestionDbContext>(option =>
 {
     option.UseInMemoryDatabase("Questions");
@@ -43,7 +93,7 @@ if (app.Environment.IsDevelopment())
         questionProvider.SeedData();
     }
 }
-
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();

DamageAssesmentApi/DamageAssesment.Api.Responses/Controllers/ResponsesController.cs

@@ -1,24 +1,22 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
-using Microsoft.AspNetCore.Http;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Configuration;
 
-namespace DamageAssesment.Api.SurveyResponses.Controllers
+namespace DamageAssesment.Api.Responses.Controllers
 {
     [ApiController]
-    public class SurveyResponsesController : ControllerBase
+    public class ResponsesController : ControllerBase
     {
         private readonly ISurveysResponse surveyResponseProvider;
-
-        public SurveyResponsesController(ISurveysResponse surveyResponseProvider)
+        public ResponsesController(ISurveysResponse surveyResponseProvider)
         {
             this.surveyResponseProvider = surveyResponseProvider;
         }
         /// <summary>
         /// GET request for retrieving survey responses.
         /// </summary>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpGet("Responses")]
         public async Task<ActionResult> GetSurveyResponsesAsync()
         {
@@ -36,7 +34,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// <summary>
         /// GET request for retrieving survey responses by survey ID.
         /// </summary>
-       
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpGet("Responses/BySurvey/{surveyid}")]
         public async Task<ActionResult> GetSurveyResponsesAsync(int surveyid)
         {
@@ -52,7 +50,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// </summary>
         /// <param name="surveyid">The ID of the survey for which responses are to be retrieved.</param>
         /// <param name="locationid">The ID of the location for which responses are to be retrieved.</param>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpGet("Responses/{surveyid}/{locationid}")]
         public async Task<ActionResult> GetSurveyResponsesBySurveyAndLocationAsync(int surveyid, int locationid)
         {
@@ -70,7 +68,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// <param name="surveyId">The ID of the survey for which responses are to be retrieved.</param>
         /// <param name="questionId">The ID of the question for which responses are to be retrieved.</param>
         /// <param name="answer">The answer for which responses are to be retrieved.</param>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpGet("Responses/ByAnswer/{surveyid}/{questionid}/{answer}")]
         public async Task<ActionResult> GetSurveyResponsesByAnswerAsyncAsync(int surveyid, int questionid, string answer)
         {
@@ -86,7 +84,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// GET request for retrieving answers from survey responses by survey ID and region.
         /// </summary>
         /// <param name="surveyId">The ID of the survey for which answers are to be retrieved.</param>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpGet("Responses/ByRegion/{surveyid}")]
         public async Task<ActionResult> GetAnswersByRegionAsync(int surveyid)
         {
@@ -101,7 +99,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// GET request for retrieving survey responses by survey ID and maintenance center.
         /// </summary>
         /// <param name="surveyId">The ID of the survey for which responses are to be retrieved.</param>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpGet("Responses/ByMaintenanceCenter/{surveyid}")]
         public async Task<ActionResult> GetAnswersByMaintenaceCentersync(int surveyid)
         {
@@ -116,7 +114,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// GET request for retrieving a survey response by response ID.
         /// </summary>
         /// <param name="responseId">The ID of the survey response to be retrieved.</param>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpGet("Responses/{id}")]
         public async Task<ActionResult> GetSurveyResponseByIdAsync(int id)
         {
@@ -132,7 +130,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// POST request for creating a new survey response.
         /// </summary>
         /// <param name="surveyResponse">The survey response object to be created.</param>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpPost("Responses")]
         public async Task<ActionResult> PostSurveysAsync(Models.SurveyResponse surveyResponse)
         {
@@ -148,7 +146,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// </summary>
         /// <param name="Id">The ID of the survey response to be updated.</param>
         /// <param name="surveyResponse">The updated survey response object.</param>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpPut("Responses/{id}")]
         public async Task<ActionResult> PutSurveyResponseAsync(int id, Models.SurveyResponse surveyResponse)
         {
@@ -165,7 +163,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// <summary>
         /// DELETE request for deleting an existing survey response.
         /// </summary>
-       
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpDelete("Responses/{id}")]
         public async Task<ActionResult> DeleteSurveyResponseAsync(int id)
         {
@@ -180,7 +178,7 @@ namespace DamageAssesment.Api.SurveyResponses.Controllers
         /// POST request for submitting survey with multiple answers.
         /// </summary>
         /// <param name="request">The answers to be submitted for the survey.</param>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpPost("Responses/Answers")]
         public async Task<ActionResult> PostSurveyAnswersAsync(Request request)
         {

DamageAssesmentApi/DamageAssesment.Api.Responses/Db/SurveyResponse.cs

@@ -1,7 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 
-namespace DamageAssesment.Api.SurveyResponses.Db
+namespace DamageAssesment.Api.Responses.Db
 {
     public class SurveyResponse
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Db/SurveyResponseDbContext.cs

@@ -1,6 +1,6 @@
 using Microsoft.EntityFrameworkCore;
 
-namespace DamageAssesment.Api.SurveyResponses.Db
+namespace DamageAssesment.Api.Responses.Db
 {
     public class SurveyResponseDbContext:DbContext
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAnswerServiceProvider.cs

@@ -0,0 +1,12 @@
+using DamageAssesment.Api.Responses.Models;
+
+namespace DamageAssesment.Api.Responses.Interfaces
+{
+    public interface IAnswerServiceProvider
+    {
+        Task<List<Answer>> getAnswersAsync(string token);
+        Task<List<Models.Answer>> GetAnswersByResponseIdAsync(int responseId, string token);
+
+        Task<Models.Answer> PostAnswersAsync(Models.Answer answer, string token);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAttachmentServiceProvider.cs

@@ -0,0 +1,10 @@
+using DamageAssesment.Api.Responses.Models;
+
+namespace DamageAssesment.Api.Responses.Interfaces
+{
+    public interface IAttachmentServiceProvider
+    {
+        Task<List<Attachment>> getAttachmentsAsync(string token);
+        Task<IEnumerable<Attachment>> PostAttachmentsAsync(Models.AttachmentInfo attachmentInfo, string token);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IEmployeeServiceProvider.cs

@@ -0,0 +1,10 @@
+using DamageAssesment.Api.Responses.Models;
+
+namespace DamageAssesment.Api.Responses.Interfaces
+{
+    public interface IEmployeeServiceProvider
+    {
+        Task<List<Employee>> getEmployeesAsync(string token);
+        Task<Employee> getEmployeeAsync(int employeeId, string token);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IHttpUtil.cs

@@ -0,0 +1,9 @@
+using DamageAssesment.Api.Responses.Models;
+
+namespace DamageAssesment.Api.Responses.Interfaces
+{
+    public interface IHttpUtil
+    {
+        Task<string> SendAsync(HttpMethod method, string url, string JsonInput, string token);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ILocationServiceProvider.cs

@@ -0,0 +1,9 @@
+using DamageAssesment.Api.Responses.Models;
+
+namespace DamageAssesment.Api.Responses.Interfaces
+{
+    public interface ILocationServiceProvider
+    {
+        Task<List<Location>> getLocationsAsync(string token);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IQuestionServiceProvider.cs

@@ -0,0 +1,11 @@
+using DamageAssesment.Api.Responses.Models;
+
+namespace DamageAssesment.Api.Responses.Interfaces
+{
+    public interface IQuestionServiceProvider
+    {
+        Task<List<Question>> getQuestionsAsync(string token);
+        Task<List<SurveyQuestions>> getSurveyQuestionsAsync(int surveyId, string token);
+        Task<Question> getQuestionsAsync(int questionId, string token);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IRegionServiceProvider.cs

@@ -0,0 +1,9 @@
+using DamageAssesment.Api.Responses.Models;
+
+namespace DamageAssesment.Api.Responses.Interfaces
+{
+    public interface IRegionServiceProvider
+    {
+        Task<List<Region>> getRegionsAsync(string token);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ISurveyServiceProvider.cs

@@ -0,0 +1,10 @@
+using DamageAssesment.Api.Responses.Models;
+
+namespace DamageAssesment.Api.Responses.Interfaces
+{
+    public interface ISurveyServiceProvider
+    {
+        Task<List<Survey>> getSurveysAsync(string token);
+        Task<Survey> getSurveyAsync(int surveyId,string token);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ISurveysResponse.cs

@@ -1,7 +1,6 @@
-using DamageAssesment.Api.SurveyResponses.Models;
-using Microsoft.AspNetCore.Mvc;
+using DamageAssesment.Api.Responses.Models;
 
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
+namespace DamageAssesment.Api.Responses.Interfaces
 {
     public interface ISurveysResponse
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Answer.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class Answer
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/AnswerRequest.cs

@@ -1,4 +1,4 @@
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class AnswerRequest
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Attachment.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class Attachment
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/AttachmentInfo.cs

@@ -1,4 +1,4 @@
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class AttachmentInfo
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Employee.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class Employee
     {
@@ -11,6 +11,6 @@ namespace DamageAssesment.Api.SurveyResponses.Models
         public string OfficePhoneNumber { get; set; }
         public string Email { get; set; }
         public bool IsActive { get; set; }
-        public string? PreferredLanguage { get; set; }
+        public string PreferredLanguage { get; set; }
     }
 }

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Location.cs

@@ -1,4 +1,4 @@
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class Location
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Question.cs

@@ -1,6 +1,6 @@
 using System.Collections.Generic;
 
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
      public class Question
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Region.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class Region
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Request.cs

@@ -1,4 +1,4 @@
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class Request
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Survey.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class Survey
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/SurveyQuestion.cs

@@ -1,4 +1,4 @@
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class SurveyQuestions
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/SurveyResponse.cs

@@ -1,7 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class SurveyResponse
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Models/SurveyTranslation.cs

@@ -1,4 +1,4 @@
-namespace DamageAssesment.Api.SurveyResponses.Models
+namespace DamageAssesment.Api.Responses.Models
 {
     public class SurveyTranslation
     {        

DamageAssesmentApi/DamageAssesment.Api.Responses/Profiles/SurveyResponsesProvider.cs

@@ -1,4 +1,4 @@
-namespace DamageAssesment.Api.SurveyResponses.Profiles
+namespace DamageAssesment.Api.Responses.Profiles
 {
     public class SurveyResponsesProvider : AutoMapper.Profile
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs

@@ -1,10 +1,14 @@
-using DamageAssesment.Api.SurveyResponses.Db;
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Services;
-using DamageAssesment.Api.SurveyResponses.Providers;
+using DamageAssesment.Api.Responses.Db;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Services;
+using DamageAssesment.Api.Responses.Providers;
 using Microsoft.EntityFrameworkCore;
 using Polly;
 using System.Reflection;
+using Microsoft.OpenApi.Models;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Tokens;
+using System.Text;
 
 var builder = WebApplication.CreateBuilder(args);
 const int maxApiCallRetries = 3;
@@ -14,6 +18,24 @@ const int intervalForCircuitBraker = 5; //5 seconds
 
 
 // Add services to the container.
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 
 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
@@ -26,6 +48,7 @@ builder.Services.AddScoped<IQuestionServiceProvider, QuestionServiceProvider>();
 builder.Services.AddScoped<IEmployeeServiceProvider, EmployeeServiceProvider>();
 builder.Services.AddScoped<IAttachmentServiceProvider, AttachmentServiceProvider>();
 builder.Services.AddScoped<ISurveyServiceProvider, SurveyServiceProvider>();
+builder.Services.AddHttpContextAccessor();
 
 builder.Services.AddHttpClient<IHttpUtil, HttpUtil>().
     AddTransientHttpErrorPolicy(policy => policy.WaitAndRetryAsync(maxApiCallRetries, _ => TimeSpan.FromSeconds(intervalToRetry))).
@@ -35,12 +58,40 @@ builder.Services.AddHttpClient<IHttpUtil, HttpUtil>().
 builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+    options.AddSecurityRequirement(securityRequirements);
 });
 builder.Services.AddDbContext<SurveyResponseDbContext>(option =>
 {
@@ -55,6 +106,7 @@ if (app.Environment.IsDevelopment())
     app.UseSwaggerUI();
 }
 
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();

DamageAssesmentApi/DamageAssesment.Api.Responses/Properties/launchSettings.json

@@ -9,7 +9,7 @@
     }
   },
   "profiles": {
-    "DamageAssesment.Api.SurveyResponses": {
+    "DamageAssesment.Api.Responses": {
       "commandName": "Project",
       "dotnetRunMessages": true,
       "launchBrowser": true,

DamageAssesmentApi/DamageAssesment.Api.Responses/Providers/SurveyResponsesProvider.cs

@@ -1,10 +1,10 @@
 using AutoMapper;
-using DamageAssesment.Api.SurveyResponses.Db;
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
+using DamageAssesment.Api.Responses.Db;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
 using Microsoft.EntityFrameworkCore;
 
-namespace DamageAssesment.Api.SurveyResponses.Providers
+namespace DamageAssesment.Api.Responses.Providers
 {
     public class SurveyResponsesProvider : ISurveysResponse
     {
@@ -18,8 +18,10 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
         private readonly IQuestionServiceProvider questionServiceProvider;
         private readonly ISurveyServiceProvider surveyServiceProvider;
         private readonly IMapper mapper;
+        private readonly IHttpContextAccessor httpContextAccessor;
+        private string token;
 
-        public SurveyResponsesProvider(SurveyResponseDbContext surveyResponseDbContext, ILogger<SurveyResponsesProvider> logger, IAnswerServiceProvider answerServiceProvider, IRegionServiceProvider regionServiceProvider, ILocationServiceProvider locationServiceProvider, IEmployeeServiceProvider employeeServiceProvider, IAttachmentServiceProvider attachmentServiceProvider, IQuestionServiceProvider questionServiceProvider, ISurveyServiceProvider surveyServiceProvider, IMapper mapper)
+        public SurveyResponsesProvider(SurveyResponseDbContext surveyResponseDbContext, ILogger<SurveyResponsesProvider> logger, IAnswerServiceProvider answerServiceProvider, IRegionServiceProvider regionServiceProvider, ILocationServiceProvider locationServiceProvider, IEmployeeServiceProvider employeeServiceProvider, IAttachmentServiceProvider attachmentServiceProvider, IQuestionServiceProvider questionServiceProvider, ISurveyServiceProvider surveyServiceProvider, IMapper mapper, IHttpContextAccessor httpContextAccessor)
         {
             this.surveyResponseDbContext = surveyResponseDbContext;
             this.logger = logger;
@@ -30,8 +32,19 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             this.attachmentServiceProvider = attachmentServiceProvider;
             this.questionServiceProvider = questionServiceProvider;
             this.surveyServiceProvider = surveyServiceProvider;
+            this.httpContextAccessor = httpContextAccessor;
             this.mapper = mapper;
-           // seedData();
+
+            token = httpContextAccessor.HttpContext.Request.Headers.Authorization;
+            if (token != null)
+            {
+                token = token.Replace("Bearer ", string.Empty);
+            }
+            else
+            {
+                token = "";
+            }
+            // seedData();
         }
 
         private void seedData()
@@ -42,8 +55,8 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
                 surveyResponseDbContext.SurveyResponses.Add(new Db.SurveyResponse { Id = 2, SurveyId = 1, EmployeeId = 2, LocationId = 2, ClientDevice = "Desktop", Latitude = 98.8767, Longitute = -129.9897, KeyAnswerResult = "true", CreatedDate = DateTime.Now });
                 surveyResponseDbContext.SurveyResponses.Add(new Db.SurveyResponse { Id = 3, SurveyId = 3, EmployeeId = 4, LocationId = 1, ClientDevice = "Mobile", Latitude = 98.8767, Longitute = -129.9897, KeyAnswerResult = "true", CreatedDate = DateTime.Now });
                 surveyResponseDbContext.SurveyResponses.Add(new Db.SurveyResponse { Id = 4, SurveyId = 4, EmployeeId = 1, LocationId = 2, ClientDevice = "Desktop", Latitude = 98.8767, Longitute = -129.9897, KeyAnswerResult = "false", CreatedDate = DateTime.Now });
-                surveyResponseDbContext.SurveyResponses.Add(new Db.SurveyResponse { Id = 6, SurveyId = 1, EmployeeId = 4, LocationId = 2, ClientDevice = "Desktop", Latitude = 98.8767, Longitute = -129.9897, KeyAnswerResult = "true", CreatedDate = DateTime.Now });
-                surveyResponseDbContext.SurveyResponses.Add(new Db.SurveyResponse { Id = 7, SurveyId = 1, EmployeeId = 4, LocationId = 3, ClientDevice = "Desktop", Latitude = 98.8767, Longitute = -129.9897, KeyAnswerResult = "false", CreatedDate = DateTime.Now });
+                surveyResponseDbContext.SurveyResponses.Add(new Db.SurveyResponse { Id = 5, SurveyId = 1, EmployeeId = 4, LocationId = 2, ClientDevice = "Desktop", Latitude = 98.8767, Longitute = -129.9897, KeyAnswerResult = "true", CreatedDate = DateTime.Now });
+                surveyResponseDbContext.SurveyResponses.Add(new Db.SurveyResponse { Id = 6, SurveyId = 1, EmployeeId = 4, LocationId = 3, ClientDevice = "Desktop", Latitude = 98.8767, Longitute = -129.9897, KeyAnswerResult = "false", CreatedDate = DateTime.Now });
                 surveyResponseDbContext.SaveChanges();
             }
         }
@@ -110,7 +123,7 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 logger?.LogInformation("Querying to get Survey object from microservice");
-                var survey = await surveyServiceProvider.getSurveyAsync(surveyId);
+                var survey = await surveyServiceProvider.getSurveyAsync(surveyId,token);
 
                 if (survey != null)
                 {
@@ -141,7 +154,7 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 logger?.LogInformation("Querying to get Survey object from microservice");
-                var survey = await surveyServiceProvider.getSurveyAsync(surveyId);
+                var survey = await surveyServiceProvider.getSurveyAsync(surveyId, token);
 
                 if (survey != null)
                 {
@@ -172,7 +185,7 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 logger?.LogInformation("Querying to get Survey object from microservice");
-                var survey = await surveyServiceProvider.getSurveyAsync(surveyId);
+                var survey = await surveyServiceProvider.getSurveyAsync(surveyId, token);
 
                 if (survey != null)
                 {
@@ -203,8 +216,8 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 logger?.LogInformation("Querying to get Survey object from microservice");
-                var survey = await surveyServiceProvider.getSurveyAsync(surveyId);
-                var question = await questionServiceProvider.getQuestionsAsync(questionId);
+                var survey = await surveyServiceProvider.getSurveyAsync(surveyId, token);
+                var question = await questionServiceProvider.getQuestionsAsync(questionId,token);
                 bool IsCorrectAnswer = answer.ToLower().Equals("yes") || answer.ToLower().Equals("no") ? true : false;
 
 
@@ -345,7 +358,7 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
         {
             try
             {
-                var answersList = await answerServiceProvider.getAnswersAsync();
+                var answersList = await answerServiceProvider.getAnswersAsync(token);
                 if (answersList == null || !answersList.Any())
                     return null;
 
@@ -368,8 +381,8 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
                 if (surveyAnswers == null || !surveyAnswers.Any())
                     return null;
 
-                var regions = await regionServiceProvider.getRegionsAsync();
-                var locations = await locationServiceProvider.getLocationsAsync();
+                var regions = await regionServiceProvider.getRegionsAsync(token);
+                var locations = await locationServiceProvider.getLocationsAsync(token);
 
                 if (regions == null || !regions.Any() || locations == null || !locations.Any())
                     return null;
@@ -431,11 +444,11 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
         {
             try
             {
-                var employee = await employeeServiceProvider.getEmployeeAsync(surveyResponse.EmployeeId);
-                var answers = await answerServiceProvider.GetAnswersByResponseIdAsync(surveyResponse.Id);
-                var allQuestions = await questionServiceProvider.getQuestionsAsync();
+                var employee = await employeeServiceProvider.getEmployeeAsync(surveyResponse.EmployeeId, token);
+                var answers = await answerServiceProvider.GetAnswersByResponseIdAsync(surveyResponse.Id, token);
+                var allQuestions = await questionServiceProvider.getQuestionsAsync(token);
                 var questions = allQuestions.Where(s => s.SurveyId == surveyResponse.SurveyId);
-                var attachments = await attachmentServiceProvider.getAttachmentsAsync();
+                var attachments = await attachmentServiceProvider.getAttachmentsAsync(token);
 
                 var result = new
                 {
@@ -475,15 +488,14 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 var surveyResonses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == surveyId).ToListAsync();
-
-                var employees = await employeeServiceProvider.getEmployeesAsync();
-                var answers = await answerServiceProvider.getAnswersAsync();
-                var questions = await questionServiceProvider.getQuestionsAsync();
+                var employees = await employeeServiceProvider.getEmployeesAsync(token);
+                var answers = await answerServiceProvider.getAnswersAsync(token);
+                var questions = await questionServiceProvider.getQuestionsAsync(token);
                 var surveyQuestions = from q in questions where q.SurveyId == surveyId select q;
 
                 //var surveyQuestions = await questionServiceProvider.getSurveyQuestionsAsync(surveyId);
 
-                var attachments = await attachmentServiceProvider.getAttachmentsAsync();
+                var attachments = await attachmentServiceProvider.getAttachmentsAsync(token);
                 var result = from r in surveyResonses
                              select new
                              {
@@ -525,11 +537,10 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 var surveyResonses = await surveyResponseDbContext.SurveyResponses.ToListAsync();
-
-                var employees = await employeeServiceProvider.getEmployeesAsync();
-                var answers = await answerServiceProvider.getAnswersAsync();
-                var questions = await questionServiceProvider.getQuestionsAsync();
-                var attachments = await attachmentServiceProvider.getAttachmentsAsync();
+                var employees = await employeeServiceProvider.getEmployeesAsync(token);
+                var answers = await answerServiceProvider.getAnswersAsync(token);
+                var questions = await questionServiceProvider.getQuestionsAsync(token);
+                var attachments = await attachmentServiceProvider.getAttachmentsAsync(token);
 
                 var result = from r in surveyResonses
                              select new
@@ -571,8 +582,8 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 var surveyResponses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == surveyId).ToListAsync();
-                var answers = await answerServiceProvider.getAnswersAsync();
-                var locations = await locationServiceProvider.getLocationsAsync();
+                var answers = await answerServiceProvider.getAnswersAsync(token);
+                var locations = await locationServiceProvider.getLocationsAsync(token);
                 var maintenanceCenters = locations.DistinctBy(m => m.MaintenanceCenter);
 
                 //get all the answers for the particular survey
@@ -631,12 +642,11 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 var surveyResonses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == surveyId && x.LocationId.Equals(locationId)).ToListAsync();
-
-                var employees = await employeeServiceProvider.getEmployeesAsync();
-                var answers = await answerServiceProvider.getAnswersAsync();
-                var questions = await questionServiceProvider.getQuestionsAsync();
+                var employees = await employeeServiceProvider.getEmployeesAsync(token);
+                var answers = await answerServiceProvider.getAnswersAsync(token);
+                var questions = await questionServiceProvider.getQuestionsAsync(token);
                 var surveyQuestions = from q in questions where q.SurveyId == surveyId select q;
-                var attachments = await attachmentServiceProvider.getAttachmentsAsync();
+                var attachments = await attachmentServiceProvider.getAttachmentsAsync(token);
 
                 var result = from r in surveyResonses
                              select new
@@ -679,9 +689,9 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             try
             {
                 var surveyResponses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == survey.Id).ToListAsync();
-                var answers = await answerServiceProvider.getAnswersAsync();
-                var employees = await employeeServiceProvider.getEmployeesAsync();
-                var attachments = await attachmentServiceProvider.getAttachmentsAsync();
+                var answers = await answerServiceProvider.getAnswersAsync(token);
+                var employees = await employeeServiceProvider.getEmployeesAsync(token);
+                var attachments = await attachmentServiceProvider.getAttachmentsAsync(token);
 
                 var result = from r in surveyResponses
                              select new
@@ -724,12 +734,12 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
         {
             if (answerRequest != null)
             {
-                var answer = await answerServiceProvider.PostAnswersAsync(new Models.Answer { QuestionId = answerRequest.QuestionId, AnswerText = answerRequest.AnswerText, Comment = answerRequest.Comment, SurveyResponseId = surveyResponseId });
+                var answer = await answerServiceProvider.PostAnswersAsync(new Models.Answer { QuestionId = answerRequest.QuestionId, AnswerText = answerRequest.AnswerText, Comment = answerRequest.Comment, SurveyResponseId = surveyResponseId }, token);
                 if (answer != null)
                 {
                     List<AnswerInfo> listAnswerInfo = new List<AnswerInfo>();
                     listAnswerInfo.Add(new AnswerInfo { AnswerId = answer.Id, postedFiles = answerRequest.PostedFiles });
-                    var attachments = attachmentServiceProvider.PostAttachmentsAsync(new AttachmentInfo { ResponseId = surveyResponseId, Answers = listAnswerInfo });
+                    var attachments = attachmentServiceProvider.PostAttachmentsAsync(new AttachmentInfo { ResponseId = surveyResponseId, Answers = listAnswerInfo }, token);
 
                     string message = $"Answer for question {answerRequest.QuestionId} saved to the database";
                     logger?.LogInformation(message);
@@ -750,7 +760,6 @@ namespace DamageAssesment.Api.SurveyResponses.Providers
             }
         }
 
-
         public async Task<(bool IsSuccess, Models.SurveyResponse SurveyResponse, string ErrorMessage)> PostSurveyAnswersAsync(Models.Request request)
         {
             try

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AnswerServiceProvider.cs

@@ -1,20 +1,21 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
+using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json;
 
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.Responses.Services
 {
     public class AnswerServiceProvider : ServiceProviderBase, IAnswerServiceProvider
     {
         public AnswerServiceProvider(IConfiguration configuration, IHttpUtil httpUtil, ILogger<AnswerServiceProvider> logger) : base(configuration, httpUtil, logger, configuration.GetValue<string>("RessourceSettings:Answer"), configuration.GetValue<string>("EndPointSettings:AnswerUrlBase"))
         {
         }
-        public async Task<List<Answer>> getAnswersAsync()
+        public async Task<List<Answer>> getAnswersAsync(string token)
         {
             try
             {
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token);
                 var answers = JsonConvert.DeserializeObject<List<Answer>>(responseJsonString);
 
                 if (answers == null || !answers.Any())
@@ -28,12 +29,12 @@ namespace DamageAssesment.Api.SurveyResponses.Services
             }
         }
 
-        public async Task<List<Answer>> GetAnswersByResponseIdAsync(int responseId)
+        public async Task<List<Answer>> GetAnswersByResponseIdAsync(int responseId, string token)
         {
             try
             {
                 url = urlBase + string.Format(configuration.GetValue<string>("RessourceSettings:AnswerByResponse"), responseId);
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null,token);
                 var answers = JsonConvert.DeserializeObject<List<Answer>>(responseJsonString);
 
                 if (answers == null || !answers.Any())
@@ -47,12 +48,12 @@ namespace DamageAssesment.Api.SurveyResponses.Services
             }
         }
 
-        public async Task<Answer> PostAnswersAsync(Answer answer)
+        public async Task<Answer> PostAnswersAsync(Answer answer, string token )
         {
             try
             {
                 var requestJsonString = JsonConvert.SerializeObject(answer);
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Post, url, requestJsonString);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Post, url, requestJsonString, token);
                 var answers = JsonConvert.DeserializeObject<Answer>(responseJsonString);
 
                 if (answers == null)

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AttachmentServiceProvider.cs

@@ -1,8 +1,8 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
 using Newtonsoft.Json;
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.Responses.Services
 {
     public class AttachmentServiceProvider : ServiceProviderBase, IAttachmentServiceProvider
     {
@@ -10,11 +10,11 @@ namespace DamageAssesment.Api.SurveyResponses.Services
         {
         }
 
-        public async Task<List<Attachment>> getAttachmentsAsync()
+        public async Task<List<Attachment>> getAttachmentsAsync(string token)
         {
             try
             {
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null,token);
                 var attachments = JsonConvert.DeserializeObject<List<Attachment>>(responseJsonString);
 
                 if (attachments == null || !attachments.Any())
@@ -28,12 +28,12 @@ namespace DamageAssesment.Api.SurveyResponses.Services
             }
         }
 
-        public async Task<IEnumerable<Attachment>> PostAttachmentsAsync(AttachmentInfo attachmentInfo)
+        public async Task<IEnumerable<Attachment>> PostAttachmentsAsync(AttachmentInfo attachmentInfo, string token)
         {
             try
             {
                 var requestJsonString = JsonConvert.SerializeObject(attachmentInfo);
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Post, url, requestJsonString);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Post, url, requestJsonString, token);
                 var attachments = JsonConvert.DeserializeObject<IEnumerable<Attachment>>(responseJsonString);
 
                 if (attachments == null)

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/EmployeeServiceProvider.cs

@@ -0,0 +1,51 @@
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
+using Microsoft.AspNetCore.Mvc.Routing;
+using Newtonsoft.Json;
+
+namespace DamageAssesment.Api.Responses.Services
+{
+    public class EmployeeServiceProvider : ServiceProviderBase, IEmployeeServiceProvider
+    {
+        public EmployeeServiceProvider(IConfiguration configuration, IHttpUtil httpUtil, ILogger<EmployeeServiceProvider> logger) : base(configuration, httpUtil, logger, configuration.GetValue<string>("RessourceSettings:Employee"), configuration.GetValue<string>("EndPointSettings:EmployeeUrlBase"))
+        {
+        }
+
+        public async Task<List<Employee>> getEmployeesAsync(string token)
+        {
+            try
+            {
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null,token);
+                var employees = JsonConvert.DeserializeObject<List<Employee>>(responseJsonString);
+
+                if (employees == null || !employees.Any())
+                    return new List<Employee>();
+                else return employees;
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError($"Exception Found : {ex.Message} - Ref: EmployeeServiceProvider.getEmployeesAsync()");
+                return new List<Employee>();
+            }
+        }
+
+        public async Task<Employee> getEmployeeAsync(int employeeId, string token)
+        {
+            try
+            {
+                url = urlBase + string.Format(configuration.GetValue<string>("RessourceSettings:EmployeeById"), employeeId); 
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token);
+                var employee = JsonConvert.DeserializeObject<Employee>(responseJsonString);
+
+                if (employee == null)
+                    return null;
+                else return employee;
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError($"Exception Found : {ex.Message} - Ref: EmployeeServiceProvider.getEmployeeAsync()");
+                return null;
+            }
+        }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/HttpUtil.cs

@@ -0,0 +1,42 @@
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
+using System.Net.Http.Headers;
+using System.Text;
+
+namespace DamageAssesment.Api.Responses.Services
+{
+    public class HttpUtil : IHttpUtil
+    {
+        private readonly HttpClient httpClient;
+        private readonly ILogger<HttpUtil> logger;
+
+        public HttpUtil(HttpClient httpClient, ILogger<HttpUtil> logger)
+        {
+            this.httpClient = httpClient;
+            this.logger = logger;
+        }
+        public async Task<string> SendAsync(HttpMethod method, string url, string JsonInput, string token)
+        {
+            try
+            {
+                var request = new HttpRequestMessage(method, url);
+                request.Headers.Accept.Clear();
+                request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
+                if (method == HttpMethod.Post)
+                {
+                    request.Content = new StringContent(JsonInput, Encoding.UTF8, "application/json");
+                }
+                var response = await httpClient.SendAsync(request, CancellationToken.None);
+                response.EnsureSuccessStatusCode();
+                var responseString = await response.Content.ReadAsStringAsync();
+                return responseString;
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError($"Exception Message : {ex.Message} - Ref: HttpUtil.SendAsync()");
+                return null;
+            }
+        }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/LocationServiceProvider.cs

@@ -1,8 +1,8 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
 using Newtonsoft.Json;
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.Responses.Services
 {
     public class LocationServiceProvider :ServiceProviderBase, ILocationServiceProvider
     {
@@ -10,11 +10,11 @@ namespace DamageAssesment.Api.SurveyResponses.Services
         {
         }
 
-        public async Task<List<Location>> getLocationsAsync()
+        public async Task<List<Location>> getLocationsAsync(string token)
         {
             try
             {
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token);
                 var locations = JsonConvert.DeserializeObject<List<Location>>(responseJsonString);
 
                 if (locations == null || !locations.Any())

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/QuestionServiceProvider.cs

@@ -1,8 +1,8 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
 using Newtonsoft.Json;
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.Responses.Services
 {
     public class QuestionServiceProvider : ServiceProviderBase, IQuestionServiceProvider
     {
@@ -10,11 +10,11 @@ namespace DamageAssesment.Api.SurveyResponses.Services
         {
         }
 
-        public async Task<List<Question>> getQuestionsAsync()
+        public async Task<List<Question>> getQuestionsAsync(string token)
         {
             try
             {
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null,token);
                 var questions = JsonConvert.DeserializeObject<List<Question>>(responseJsonString);
 
                 if (questions == null || !questions.Any())
@@ -28,12 +28,12 @@ namespace DamageAssesment.Api.SurveyResponses.Services
             }
         }
 
-        public async Task<List<SurveyQuestions>> getSurveyQuestionsAsync(int surveyId)
+        public async Task<List<SurveyQuestions>> getSurveyQuestionsAsync(int surveyId, string token)
         {
             try
             {
                 url = urlBase + string.Format(configuration.GetValue<string>("RessourceSettings:SurveyQuestion"), surveyId);
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token);
                 var questions = JsonConvert.DeserializeObject<List<SurveyQuestions>>(responseJsonString);
 
                 if (questions == null || !questions.Any())
@@ -48,12 +48,12 @@ namespace DamageAssesment.Api.SurveyResponses.Services
         }
 
 
-        public async Task<Question> getQuestionsAsync(int questionId)
+        public async Task<Question> getQuestionsAsync(int questionId, string token)
         {
             try
             {
                 url = urlBase + string.Format(configuration.GetValue<string>("RessourceSettings:QuestionById"), questionId);
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token);
                 var question = JsonConvert.DeserializeObject<Question>(responseJsonString);
 
                 if (question == null)

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/RegionServiceProvider.cs

@@ -1,19 +1,19 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
 using Newtonsoft.Json;
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.Responses.Services
 {
     public class RegionServiceProvider : ServiceProviderBase, IRegionServiceProvider
     {
         public RegionServiceProvider(IConfiguration configuration, IHttpUtil httpUtil, ILogger<RegionServiceProvider> logger) : base(configuration, httpUtil, logger, configuration.GetValue<string>("RessourceSettings:Region"), configuration.GetValue<string>("EndPointSettings:LocationUrlBase"))
         {
         }
-        public async Task<List<Region>> getRegionsAsync()
+        public async Task<List<Region>> getRegionsAsync(string token)
         {
             try
             {
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token);
                 var regions = JsonConvert.DeserializeObject<List<Region>>(responseJsonString);
 
                 if (regions == null || !regions.Any())

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/ServiceProviderBase.cs

@@ -1,6 +1,6 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
+using DamageAssesment.Api.Responses.Interfaces;
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.Responses.Services
 {
     public class ServiceProviderBase
     {

DamageAssesmentApi/DamageAssesment.Api.Responses/Services/SurveyServiceProvider.cs

@@ -1,8 +1,8 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
+using DamageAssesment.Api.Responses.Interfaces;
+using DamageAssesment.Api.Responses.Models;
 using Newtonsoft.Json;
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.Responses.Services
 {
     public class SurveyServiceProvider :ServiceProviderBase, ISurveyServiceProvider
     {
@@ -10,11 +10,11 @@ namespace DamageAssesment.Api.SurveyResponses.Services
         {
         }
 
-        public async Task<List<Survey>> getSurveysAsync()
+        public async Task<List<Survey>> getSurveysAsync(string token)
         {
             try
             {
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token);
                 var surveys = JsonConvert.DeserializeObject<List<Survey>>(responseJsonString);
 
                 if (surveys == null || !surveys.Any())
@@ -28,12 +28,12 @@ namespace DamageAssesment.Api.SurveyResponses.Services
             }
         }
 
-        public async Task<Survey> getSurveyAsync(int surveyId)
+        public async Task<Survey> getSurveyAsync(int surveyId, string token)
         {
             try
             {
                 url = urlBase + string.Format(configuration.GetValue<string>("RessourceSettings:SurveyById"), surveyId);
-                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null);
+                var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token);
                 var survey = JsonConvert.DeserializeObject<Survey>(responseJsonString);
 
                 if (survey == null )

DamageAssesmentApi/DamageAssesment.Api.Responses/appsettings.json

@@ -6,6 +6,9 @@
     }
   },
   "AllowedHosts": "*",
+  "JwtSettings": {
+    "securitykey": "bWlhbWkgZGFkZSBzY2hvb2xzIHNlY3JldCBrZXk="
+  },
   "EndPointSettings": {
     "AnswerUrlBase": "http://localhost:5200",
     "LocationUrlBase": "http://localhost:5213",

DamageAssesmentApi/DamageAssesment.Api.SurveyResponses/Interfaces/IAnswerServiceProvider.cs

@@ -1,12 +0,0 @@
-using DamageAssesment.Api.SurveyResponses.Models;
-
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
-{
-    public interface IAnswerServiceProvider
-    {
-        Task<List<Answer>> getAnswersAsync();
-        Task<List<Models.Answer>> GetAnswersByResponseIdAsync(int responseId);
-
-        Task<Models.Answer> PostAnswersAsync(Models.Answer answer);
-    }
-}

DamageAssesmentApi/DamageAssesment.Api.SurveyResponses/Interfaces/IAttachmentServiceProvider.cs

@@ -1,10 +0,0 @@
-using DamageAssesment.Api.SurveyResponses.Models;
-
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
-{
-    public interface IAttachmentServiceProvider
-    {
-        Task<List<Attachment>> getAttachmentsAsync();
-        Task<IEnumerable<Attachment>> PostAttachmentsAsync(Models.AttachmentInfo attachmentInfo);
-    }
-}

DamageAssesmentApi/DamageAssesment.Api.SurveyResponses/Interfaces/ILocationServiceProvider.cs

@@ -1,9 +0,0 @@
-using DamageAssesment.Api.SurveyResponses.Models;
-
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
-{
-    public interface ILocationServiceProvider
-    {
-        Task<List<Location>> getLocationsAsync();
-    }
-}

DamageAssesmentApi/DamageAssesment.Api.SurveyResponses/Interfaces/IQuestionServiceProvider.cs

@@ -1,11 +0,0 @@
-using DamageAssesment.Api.SurveyResponses.Models;
-
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
-{
-    public interface IQuestionServiceProvider
-    {
-        Task<List<Question>> getQuestionsAsync();
-        Task<List<SurveyQuestions>> getSurveyQuestionsAsync(int surveyId);
-        Task<Question> getQuestionsAsync(int questionId);
-    }
-}

DamageAssesmentApi/DamageAssesment.Api.SurveyResponses/Interfaces/IRegionServiceProvider.cs

@@ -1,9 +0,0 @@
-using DamageAssesment.Api.SurveyResponses.Models;
-
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
-{
-    public interface IRegionServiceProvider
-    {
-        Task<List<Region>> getRegionsAsync();
-    }
-}

DamageAssesmentApi/DamageAssesment.Api.SurveyResponses/Interfaces/ISurveyServiceProvider.cs

@@ -1,10 +0,0 @@
-using DamageAssesment.Api.SurveyResponses.Models;
-
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
-{
-    public interface ISurveyServiceProvider
-    {
-        Task<List<Survey>> getSurveysAsync();
-        Task<Survey> getSurveyAsync(int surveyId);
-    }
-}

DamageAssesmentApi/DamageAssesment.Api.Surveys/Controllers/SurveysController.cs

@@ -1,4 +1,5 @@
 using DamageAssesment.Api.Surveys.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace DamageAssesment.Api.Surveys.Controllers
@@ -15,7 +16,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// GET request for retrieving surveys.
         /// </summary>
-
+        [Authorize(Roles ="admin,survey,user,report")]
         [Route("Surveys")]
         [Route("Surveys/{language:alpha}")]
         [HttpGet]
@@ -32,6 +33,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// GET request for retrieving surveys by ID.
         /// </summary>
+        [Authorize(Roles = "admin,survey,user,report")]
         [Route("Surveys/{id:int}")]
         [Route("Surveys/{id:int}/{language:alpha}")]
         [HttpGet]
@@ -47,7 +49,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// POST request for creating a new survey.
         /// </summary>
-
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpPost("Surveys")]
         public async Task<ActionResult> PostSurveysAsync(Models.Survey survey)
         {
@@ -62,7 +64,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// PUT request for updating an existing survey (surveyId,Updated Survey data).
         /// </summary>
 
-
+        [Authorize(Roles = "admin,survey")]
         [HttpPut("Surveys/{id}")]
         public async Task<ActionResult> PutSurveysAsync(int id, Models.Survey survey)
         {
@@ -80,6 +82,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// DELETE request for deleting a survey by ID.
         /// </summary>
+        [Authorize(Roles = "admin,survey")]
         [HttpDelete("Surveys/{id}")]
         public async Task<ActionResult> DeleteSurveysAsync(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Surveys/Program.cs

@@ -6,6 +6,7 @@ using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
 using System.Text;
 using System.Reflection;
+using Microsoft.OpenApi.Models;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -34,14 +35,44 @@ builder.Services.AddControllers();
 builder.Services.AddScoped<ISurveyProvider, SurveysProvider>();
 builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
 builder.Services.AddEndpointsApiExplorer();
-//builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
+
 builder.Services.AddDbContext<SurveysDbContext>(option =>
 {
     option.UseInMemoryDatabase("Surveys");

DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/DamageAssesment.Api.UsersAccess.Test.csproj

@@ -0,0 +1,30 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net6.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+
+    <IsPackable>false</IsPackable>
+    <IsTestProject>true</IsTestProject>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.3.2" />
+    <PackageReference Include="Moq" Version="4.18.4" />
+    <PackageReference Include="xunit" Version="2.4.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+    <PackageReference Include="coverlet.collector" Version="3.1.2">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\DamageAssesment.Api.UsersAccess\DamageAssesment.Api.UsersAccess.csproj" />
+  </ItemGroup>
+
+</Project>

DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/MockData.cs

@@ -0,0 +1,44 @@
+using DamageAssesment.Api.UsersAccess.Models;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Xunit.Sdk;
+
+namespace DamageAssesment.Api.UsersAccess.Test
+{
+    public class MockData
+    {
+        public static async Task<(bool, Models.TokenResponse, string)> getTokenResponse(bool status, string message)
+        {
+            return (status, new Models.TokenResponse { jwttoken = "1234", refreshtoken = "12345" }, message);
+        }
+
+        public static async Task<(bool, List<User>, string)> getUsers(bool status, string message)
+        {
+            List<User> users = new List<User>();
+            users.Add(new User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now });
+            users.Add(new User { Id = 2, EmployeeCode = "Emp2", EmployeeId = 2, RoleId = 1, IsActive = true, CreateDate = DateTime.Now });
+            users.Add(new User { Id = 3, EmployeeCode = "Emp3", EmployeeId = 3, RoleId = 1, IsActive = true, CreateDate = DateTime.Now });
+            return (status, users, message);
+        }
+
+        public static async Task<(bool, User, string)> getUser(bool status, string message)
+        {
+            User user = getUsers(status, message).Result.Item2.FirstOrDefault();
+            return (status, user, message);
+        }
+
+        public static async Task<(bool, List<Role>, string)> getRoles(bool status, string message)
+        {
+            List<Role> roles = new List<Role>();
+            roles.Add(new Role { Id = 1, Name = "Role 1" });
+            roles.Add(new Role { Id = 2, Name = "Role 2" });
+            roles.Add(new Role { Id = 3, Name = "Role 3" });
+
+            return (status, roles, message);
+        }
+
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/UsersAccessTest.cs

@@ -0,0 +1,194 @@
+using DamageAssesment.Api.UsersAccess.Controllers;
+using DamageAssesment.Api.UsersAccess.Interfaces;
+using Microsoft.AspNetCore.Mvc;
+using Moq;
+using Xunit;
+
+namespace DamageAssesment.Api.UsersAccess.Test
+{
+    public class UsersAccessTest
+    {
+        private Mock<IUsersAccessProvider> mockService;
+
+        public UsersAccessTest()
+        {
+            mockService = new Mock<IUsersAccessProvider>();
+        }
+        [Fact(DisplayName = "Get Token - Ok case")]
+        public async Task GetTokenAsync_ShouldReturnStatusCode200()
+        {
+            var response = await MockData.getTokenResponse(true,null);
+            mockService.Setup(service => service.AuthenticateAsync("Emp1")).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (OkObjectResult)await controller.AuthenticateAsync("Emp1");
+            Assert.Equal(200, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "Get Token - Unauthorized case")]
+        public async Task GetTokenAsync_ShouldReturnStatusCode401()
+        {
+            var response = await MockData.getTokenResponse(false, null);
+            mockService.Setup(service => service.AuthenticateAsync("Emp1")).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (UnauthorizedObjectResult)await controller.AuthenticateAsync("Emp1");
+            Assert.Equal(401, result.StatusCode);
+        }
+
+
+        [Fact(DisplayName = "RefreshToken - Ok case")]
+        public async Task RefreshTokenAsync_ShouldReturnStatusCode200()
+        {
+            var response = await MockData.getTokenResponse(true, null);
+            mockService.Setup(service => service.RefreshTokenAsync(null)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (OkObjectResult)await controller.RefreshTokenAsync(null);
+            Assert.Equal(200, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "RefreshToken - Unauthorized case")]
+        public async Task RefreshTokenAsync_ShouldReturnStatusCode401()
+        {
+            var response = await MockData.getTokenResponse(false, null);
+            mockService.Setup(service => service.RefreshTokenAsync(null)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (UnauthorizedObjectResult)await controller.RefreshTokenAsync(null);
+            Assert.Equal(401, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "GetUsers - Ok case")]
+        public async Task GetUsersAsync_ShouldReturnStatusCode200()
+        {
+            var response = await MockData.getUsers(true, null);
+            mockService.Setup(service => service.GetUsersAsync()).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (OkObjectResult)await controller.GetUsersAsync();
+            Assert.Equal(200, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "GetUsers - NoContent case")]
+        public async Task GetUsersAsync_ShouldReturnStatusCode204()
+        {
+            var response = await MockData.getUsers(false, null);
+            mockService.Setup(service => service.GetUsersAsync()).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (NoContentResult)await controller.GetUsersAsync();
+            Assert.Equal(204, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "GetUser - Ok case")]
+        public async Task GetUserAsync_ShouldReturnStatusCode200()
+        {
+            var response = await MockData.getUser(true, null);
+            mockService.Setup(service => service.GetUsersAsync(1)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (OkObjectResult)await controller.GetUsersAsync(1);
+            Assert.Equal(200, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "GetUser - NotFound case")]
+        public async Task GetUserAsync_ShouldReturnStatusCode204()
+        {
+            var response = await MockData.getUser(false, null);
+            mockService.Setup(service => service.GetUsersAsync(1)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (NotFoundResult)await controller.GetUsersAsync(1);
+            Assert.Equal(404, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "GetRoles - Ok case")]
+        public async Task GetRolesAsync_ShouldReturnStatusCode200()
+        {
+            var response = await MockData.getRoles(true, null);
+            mockService.Setup(service => service.GetRolesAsync()).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (OkObjectResult)await controller.GetRolesAsync();
+            Assert.Equal(200, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "GetRoles - NoContent case")]
+        public async Task GetRolesAsync_ShouldReturnStatusCode204()
+        {
+            var response = await MockData.getRoles(false, null);
+            mockService.Setup(service => service.GetRolesAsync()).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (NoContentResult)await controller.GetRolesAsync();
+            Assert.Equal(204, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "PostUser - Ok case")]
+        public async Task PostUserAsync_ShouldReturnStatusCode200()
+        {
+            var response = await MockData.getUser(true, null);
+            var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now };
+            mockService.Setup(service => service.PostUserAsync(user)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (OkObjectResult)await controller.PostUserAsync(user);
+            Assert.Equal(200, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "PostUser - Bad Request case")]
+        public async Task PostUserAsync_ShouldReturnStatusCode400()
+        {
+            var response = await MockData.getUser(false, null);
+            var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now };
+            mockService.Setup(service => service.PostUserAsync(user)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (BadRequestObjectResult)await controller.PostUserAsync(user);
+            Assert.Equal(400, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "PutUser - Ok case")]
+        public async Task PutUserAsync_ShouldReturnStatusCode200()
+        {
+            var response = await MockData.getUser(true, null);
+            var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now };
+            mockService.Setup(service => service.PutUserAsync(1,user)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (OkObjectResult)await controller.PutUserAsync(1,user);
+            Assert.Equal(200, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "PutUser - BadRequest case")]
+        public async Task PutUserAsync_ShouldReturnStatusCode400()
+        {
+            var response = await MockData.getUser(false, null);
+            var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now };
+            mockService.Setup(service => service.PutUserAsync(1,user)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (BadRequestObjectResult)await controller.PutUserAsync(1,user);
+            Assert.Equal(400, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "PutUser - Not Found case")]
+        public async Task PutUserAsync_ShouldReturnStatusCode404()
+        {
+            var response = await MockData.getUser(false, "Not Found");
+            var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now };
+            mockService.Setup(service => service.PutUserAsync(1, user)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (NotFoundObjectResult)await controller.PutUserAsync(1,user);
+            Assert.Equal(404, result.StatusCode);
+        }
+
+
+        [Fact(DisplayName = "DeleteUser - Ok case")]
+        public async Task DeleteUserAsync_ShouldReturnStatusCode200()
+        {
+            var response = await MockData.getUser(true, null);
+                    mockService.Setup(service => service.DeleteUserAsync(1)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (OkObjectResult)await controller.DeleteUserAsync(1);
+            Assert.Equal(200, result.StatusCode);
+        }
+
+        [Fact(DisplayName = "DeleteUser - Not Found case")]
+        public async Task DeleteUserAsync_ShouldReturnStatusCode404()
+        {
+            var response = await MockData.getUser(false, "Not Found");
+            mockService.Setup(service => service.DeleteUserAsync(1)).ReturnsAsync(response);
+            var controller = new UsersAccessController(mockService.Object);
+            var result = (NotFoundResult)await controller.DeleteUserAsync(1);
+            Assert.Equal(404, result.StatusCode);
+        }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Controllers/UsersAccessController.cs

@@ -0,0 +1,117 @@
+using DamageAssesment.Api.UsersAccess.Interfaces;
+using DamageAssesment.Api.UsersAccess.Models;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace DamageAssesment.Api.UsersAccess.Controllers
+{
+    [ApiController]
+    public class UsersAccessController : ControllerBase
+    {
+        private IUsersAccessProvider userAccessProvider;
+
+        public UsersAccessController(IUsersAccessProvider userAccessProvider)
+        {
+            this.userAccessProvider = userAccessProvider;
+        }
+        [Authorize(Policy = "Dadeschools")]
+        [HttpPost("token/{employecode}")]
+        public async Task<ActionResult> AuthenticateAsync(string employecode)
+        {
+              var result = await userAccessProvider.AuthenticateAsync(employecode);
+              if (result.IsSuccess)
+              {
+                  return Ok(result.TokenResponse);
+              }
+              return Unauthorized(result.ErrorMessage);
+        }
+
+        [Authorize(Policy = "Dadeschools")]
+        [HttpPost("refreshtoken")]
+        public async Task<ActionResult> RefreshTokenAsync(TokenResponse tokenResponse)
+        {
+            var result = await userAccessProvider.RefreshTokenAsync(tokenResponse);
+            if (result.IsSuccess)
+            {
+                return Ok(result.TokenResponse);
+            }
+            return Unauthorized(result.ErrorMessage);
+        }
+
+        [Authorize(Policy = "DamageApp", Roles ="admin")]
+        [HttpGet("users")]
+        public async Task<ActionResult> GetUsersAsync()
+        {
+            var result = await userAccessProvider.GetUsersAsync();
+            if (result.IsSuccess)
+            {
+                return Ok(result.Users);
+            }
+            return NoContent();
+        }
+
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [HttpGet("users/{Id}")]
+        public async Task<ActionResult> GetUsersAsync(int Id)
+        {
+            var result = await userAccessProvider.GetUsersAsync(Id);
+            if (result.IsSuccess)
+            {
+                return Ok(result.User);
+            }
+            return NotFound();
+        }
+
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [HttpGet("roles")]
+        public async Task<ActionResult> GetRolesAsync()
+        {
+            var result = await userAccessProvider.GetRolesAsync();
+            if (result.IsSuccess)
+            {
+                return Ok(result.Roles);
+            }
+            return NoContent();
+        }
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [HttpPost("users")]
+        public async Task<ActionResult> PostUserAsync(User user)
+        {
+            var result = await userAccessProvider.PostUserAsync(user);
+            if (result.IsSuccess)
+            {
+                return Ok(result.User);
+            }
+            return BadRequest(result.ErrorMessage);
+        }
+
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [HttpPut("users/{Id}")]
+        public async Task<ActionResult> PutUserAsync(int Id, User user)
+        {
+            var result = await userAccessProvider.PutUserAsync(Id, user);
+            if (result.IsSuccess)
+            {
+                return Ok(result.User);
+            }
+            if (result.ErrorMessage == "Not Found")
+                return NotFound(result.ErrorMessage);
+
+            return BadRequest(result.ErrorMessage);
+        }
+
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [HttpDelete("users/{Id}")]
+        public async Task<ActionResult> DeleteUserAsync(int Id)
+        {
+            var result = await userAccessProvider.DeleteUserAsync(Id);
+            if (result.IsSuccess)
+            {
+                return Ok(result.User);
+            }
+            return NotFound();
+        }
+
+
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/DamageAssesment.Api.UsersAccess.csproj

@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net6.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="12.0.1" />
+    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.21" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="7.0.5" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="7.0.5" />
+    <PackageReference Include="Microsoft.Extensions.Http.Polly" Version="7.0.10" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />
+  </ItemGroup>
+
+</Project>

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/Role.cs

@@ -0,0 +1,21 @@
+using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
+using System.Text.Json.Serialization;
+
+namespace DamageAssesment.Api.UsersAccess.Db
+{
+    public class Role
+    {
+        [Key]
+        public int Id { get; set; }
+
+        [StringLength(100)]
+        [Required]
+        public string Name { get; set; }
+
+        // add a status field
+
+        [StringLength(100)]
+        public string? Description { get; set; }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/Token.cs

@@ -0,0 +1,17 @@
+using Microsoft.EntityFrameworkCore.Metadata.Internal;
+using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace DamageAssesment.Api.UsersAccess.Db
+{
+    public  class Token
+    {
+        [Key]
+        public int Id { get; set; }
+        [Required]
+        [ForeignKey("User")]
+        public int UserId { get; set; }
+        public string? RefreshToken { get; set; }
+        public bool? IsActive { get; set; }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/User.cs

@@ -0,0 +1,31 @@
+using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
+using System.Text.Json.Serialization;
+
+namespace DamageAssesment.Api.UsersAccess.Db
+{
+    public class User
+    {
+        [Key]
+        public int Id { get; set; }
+
+        [ForeignKey("Employee")]
+        public int EmployeeId { get; set; }
+
+        [Required]
+        [StringLength(50)]
+        public string EmployeeCode { get; set; }
+
+        [ForeignKey("Role")]
+        [Required]
+        public int RoleId { get; set; }
+        [Required]
+        public bool IsActive { get; set; } = true;
+
+        [Required]
+        public DateTime CreateDate { get; set; } = DateTime.Now;
+
+        public DateTime? UpdateDate { get; set; }
+
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/UsersAccessDbContext.cs

@@ -0,0 +1,32 @@
+using Microsoft.EntityFrameworkCore;
+
+namespace DamageAssesment.Api.UsersAccess.Db
+{
+    public class UsersAccessDbContext : DbContext
+    {
+        public DbSet<Db.User> Users { get; set; }
+        public DbSet<Db.Role> Roles { get; set; }
+        public DbSet<Db.Token> Tokens { get; set; }
+        public UsersAccessDbContext(DbContextOptions options) : base(options)
+        {
+
+        }
+
+        protected override void OnModelCreating(ModelBuilder modelBuilder)
+        {
+            base.OnModelCreating(modelBuilder);
+
+            modelBuilder.Entity<User>()
+                .Property(item => item.Id)
+                .ValueGeneratedOnAdd();
+
+            modelBuilder.Entity<Role>()
+            .Property(item => item.Id)
+            .ValueGeneratedOnAdd();
+
+            modelBuilder.Entity<Token>()
+            .Property(item => item.Id)
+            .ValueGeneratedOnAdd();
+        }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IEmployeeServiceProvider.cs

@@ -1,6 +1,6 @@
-using DamageAssesment.Api.SurveyResponses.Models;
+using DamageAssesment.Api.UsersAccess.Models;
 
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
+namespace DamageAssesment.Api.UsersAccess.Interfaces
 {
     public interface IEmployeeServiceProvider
     {

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IHttpUtil.cs

@@ -1,6 +1,4 @@
-using DamageAssesment.Api.SurveyResponses.Models;
-
-namespace DamageAssesment.Api.SurveyResponses.Interfaces
+namespace DamageAssesment.Api.UsersAccess.Interfaces
 {
     public interface IHttpUtil
     {

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IRoleProvider.cs

@@ -0,0 +1,12 @@
+namespace DamageAssesment.Api.UsersAccess.Interfaces
+{
+    public interface IRoleProvider
+    {
+       Task<(bool IsSuccess, IEnumerable< Models.Role> Roles, string ErrorMessage)> GetRolesAsync();
+       Task<(bool IsSuccess, Models.Role Roles, string ErrorMessage)> GetRolesAsync(int Id);
+       Task<(bool IsSuccess, Models.Role Role, string ErrorMessage)> PostRoleAsync(Models.Role Role);
+       Task<(bool IsSuccess, Models.Role Role, string ErrorMessage)> PutRoleAsync(int Id,Models.Role Role);
+       Task<(bool IsSuccess, Models.Role Role, string ErrorMessage)> DeleteRoleAsync(int Id);
+
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/ITokenServiceProvider.cs

@@ -0,0 +1,11 @@
+using DamageAssesment.Api.UsersAccess.Models;
+using System.Security.Claims;
+
+namespace DamageAssesment.Api.UsersAccess.Interfaces
+{
+    public interface ITokenServiceProvider
+    {
+        Task<string> GenerateToken(Models.User user);
+        Task<TokenResponse> TokenAuthenticate(Models.User user, Claim[] claims);
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IUsersAccessProvider.cs

@@ -0,0 +1,17 @@
+using DamageAssesment.Api.UsersAccess.Models;
+
+namespace DamageAssesment.Api.UsersAccess.Interfaces
+{
+    public interface IUsersAccessProvider
+    {
+       public Task<(bool IsSuccess, IEnumerable< Models.User> Users, string ErrorMessage)> GetUsersAsync();
+        public Task<(bool IsSuccess, Models.User User, string ErrorMessage)> GetUsersAsync(int Id);
+        public Task<(bool IsSuccess, Models.User User, string ErrorMessage)> PostUserAsync(Models.User User);
+        public Task<(bool IsSuccess, Models.User User, string ErrorMessage)> PutUserAsync(int Id,Models.User User);
+        public Task<(bool IsSuccess, Models.User User, string ErrorMessage)> DeleteUserAsync(int Id);
+        public Task<(bool IsSuccess, IEnumerable<Models.Role> Roles, string ErrorMessage)> GetRolesAsync();
+        public  Task<(bool IsSuccess, Models.TokenResponse TokenResponse, string ErrorMessage)> AuthenticateAsync(string employeCode);
+        public Task<(bool IsSuccess, Models.TokenResponse TokenResponse, string ErrorMessage)>RefreshTokenAsync(TokenResponse tokenResponse);
+        public void seedData();
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Employee.cs

@@ -0,0 +1,14 @@
+namespace DamageAssesment.Api.UsersAccess.Models
+{
+    public class Employee
+    {
+        public int Id { get; set; }
+        public string EmployeeCode { get; set; }
+        public string Name { get; set; }
+        public DateTime BirthDate { get; set; }
+        public string OfficePhoneNumber { get; set; }
+        public string Email { get; set; }
+        public bool IsActive { get; set; }
+        public string PreferredLanguage { get; set; }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/JwtSettings.cs

@@ -0,0 +1,9 @@
+using System.ComponentModel.DataAnnotations;
+namespace DamageAssesment.Api.UsersAccess.Models
+{
+
+    public class JwtSettings
+    {
+        public string securitykey { get; set; }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Role.cs

@@ -0,0 +1,8 @@
+namespace DamageAssesment.Api.UsersAccess.Models
+{
+    public class Role { 
+        public int Id { get; set; }
+        public string Name { get; set; }
+        public string Description { get; set; }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Token.cs

@@ -0,0 +1,10 @@
+namespace DamageAssesment.Api.UsersAccess.Models
+{
+    public  class Token
+    { 
+        public string Id { get; set; }
+        public int UserId { get; set; } 
+        public string RefreshToken { get; set; }
+        public bool IsActive { get; set; }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/TokenResponse.cs

@@ -0,0 +1,8 @@
+namespace DamageAssesment.Api.UsersAccess.Models
+{
+    public class TokenResponse
+    {
+        public string? jwttoken { get; set; }
+        public string? refreshtoken { get; set; }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/User.cs

@@ -0,0 +1,13 @@
+namespace DamageAssesment.Api.UsersAccess.Models
+{
+    public class User
+    {
+        public int Id { get; set; }
+        public int EmployeeId { get; set; }
+        public string EmployeeCode { get; set; }
+        public int RoleId { get; set; }
+        public bool IsActive { get; set; }
+        public DateTime CreateDate { get; set; }
+        public DateTime UpdateDate { get; set; }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/UserCredentials.cs

@@ -0,0 +1,5 @@
+public class UserCredentials
+{
+    public string username { get; set; }
+   // public string? password { get; set; }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Profiles/UsersAccessProfile.cs

@@ -0,0 +1,14 @@
+namespace DamageAssesment.Api.UsersAccess.Profiles
+{
+    public class UsersAccessProfile : AutoMapper.Profile
+    {
+        public UsersAccessProfile()
+        {
+            CreateMap<Db.User, Models.User>();
+            CreateMap<Models.User, Db.User>();
+
+            CreateMap<Db.Role, Models.Role>();
+            CreateMap<Models.Role, Db.Role>();
+        }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Program.cs

@@ -0,0 +1,146 @@
+using DamageAssesment.Api.UsersAccess.Db;
+using DamageAssesment.Api.UsersAccess.Interfaces;
+using DamageAssesment.Api.UsersAccess.Providers;
+using DamageAssesment.Api.UsersAccess.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using System.Text;
+using Polly;
+using DamageAssesment.Api.UsersAccess.Services;
+using Microsoft.OpenApi.Models;
+using System.Reflection;
+using Microsoft.AspNetCore.Authorization;
+
+const int maxApiCallRetries = 3;
+const int intervalToRetry = 2; //2 seconds
+const int maxRetryForCircuitBraker = 5;
+const int intervalForCircuitBraker = 5; //5 seconds
+
+var builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+
+
+builder.Services.AddAuthentication().
+    AddJwtBearer("DamageApp", item =>
+{
+
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+}).AddJwtBearer("Dadeschools", options =>
+{
+    options.Authority = builder.Configuration["Dadeschools:Authority"];
+    options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" };
+    options.TokenValidationParameters.ValidateAudience = false;
+});
+
+
+builder.Services.AddAuthorization(options =>
+{
+    var DamageAppPolicy = new AuthorizationPolicyBuilder()
+        .RequireAuthenticatedUser()
+        .AddAuthenticationSchemes("DamageApp")
+        .Build();
+    var DadeschoolsPolicy = new AuthorizationPolicyBuilder()
+        .RequireAuthenticatedUser()
+        .AddAuthenticationSchemes("Dadeschools")
+        .Build();
+    var allPolicy = new AuthorizationPolicyBuilder()
+        .RequireAuthenticatedUser()
+        .AddAuthenticationSchemes("DamageApp", "Dadeschools")
+        .Build();
+    options.AddPolicy("DamageApp", DamageAppPolicy);
+    options.AddPolicy("Dadeschools", DadeschoolsPolicy);
+    options.AddPolicy("AllPolicies", allPolicy);
+    options.DefaultPolicy = options.GetPolicy("DamageApp")!;
+});
+
+var _jwtsettings = builder.Configuration.GetSection("JwtSettings");
+builder.Services.Configure<JwtSettings>(_jwtsettings);
+
+builder.Services.AddControllers();
+// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
+builder.Services.AddScoped<IUsersAccessProvider, UsersAccessProvider>();
+builder.Services.AddScoped<ITokenServiceProvider, TokenServiceProvider>();
+builder.Services.AddScoped<IEmployeeServiceProvider, EmployeeServiceProvider>();
+
+builder.Services.AddHttpClient<IHttpUtil, HttpUtil>().
+    AddTransientHttpErrorPolicy(policy => policy.WaitAndRetryAsync(maxApiCallRetries, _ => TimeSpan.FromSeconds(intervalToRetry))).
+    AddTransientHttpErrorPolicy(policy => policy.CircuitBreakerAsync(maxRetryForCircuitBraker, TimeSpan.FromSeconds(intervalForCircuitBraker)));
+
+builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
+builder.Services.AddEndpointsApiExplorer();
+//builder.Services.AddSwaggerGen();
+
+builder.Services.AddSwaggerGen(options =>
+{
+
+    // Include XML comments from your assembly
+    var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
+    var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
+    //options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
+});
+
+builder.Services.AddDbContext<UsersAccessDbContext>(option =>
+{
+    option.UseInMemoryDatabase("UsersAccess");
+});
+var app = builder.Build();
+
+// Configure the HTTP request pipeline.
+if (app.Environment.IsDevelopment())
+{
+    app.UseSwagger();
+    app.UseSwaggerUI();
+
+    using (var serviceScope = app.Services.CreateScope())
+    {
+        var services = serviceScope.ServiceProvider;
+        var usersAccessProvider = services.GetRequiredService<IUsersAccessProvider>();
+        usersAccessProvider.seedData();
+    }
+}
+
+app.UseAuthentication();
+app.UseAuthorization();
+
+app.MapControllers();
+app.Run();

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Properties/launchSettings.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:28382",
+      "sslPort": 0
+    }
+  },
+  "profiles": {
+    "DamageAssesment.Api.Users": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "http://localhost:5027",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Providers/UserAccessProvider.cs

@@ -0,0 +1,305 @@
+using AutoMapper;
+using DamageAssesment.Api.UsersAccess.Db;
+using DamageAssesment.Api.UsersAccess.Interfaces;
+using DamageAssesment.Api.UsersAccess.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using System.Data;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+
+namespace DamageAssesment.Api.UsersAccess.Providers
+{
+    public class UsersAccessProvider : IUsersAccessProvider
+    {
+        private readonly UsersAccessDbContext userAccessDbContext;
+        private readonly ILogger<UsersAccessProvider> logger;
+        private readonly IMapper mapper;
+        //private readonly IEmployeeServiceProvider employeeServiceProvider;
+        private readonly JwtSettings jwtSettings;
+        private readonly ITokenServiceProvider tokenServiceProvider;
+
+        public UsersAccessProvider(IOptions<JwtSettings> options, ITokenServiceProvider tokenServiceProvider, UsersAccessDbContext userAccessDbContext, IEmployeeServiceProvider employeeServiceProvider, ILogger<UsersAccessProvider> logger, IMapper mapper)
+        {
+            this.userAccessDbContext = userAccessDbContext;
+            //this.employeeServiceProvider = employeeServiceProvider;
+            this.logger = logger;
+            this.mapper = mapper;
+            jwtSettings = options.Value;
+            this.tokenServiceProvider = tokenServiceProvider;
+           // seedData();
+        }
+
+        public void seedData()
+        {
+            if (!userAccessDbContext.Users.Any())
+            {
+                userAccessDbContext.Users.Add(new Db.User { Id = 1, EmployeeId = 1, EmployeeCode = "Emp1", RoleId = 1, IsActive = true, CreateDate = DateTime.Now });
+                userAccessDbContext.Users.Add(new Db.User { Id = 2, EmployeeId = 2, EmployeeCode = "Emp2", RoleId = 2, IsActive = true, CreateDate = DateTime.Now });
+                userAccessDbContext.Users.Add(new Db.User { Id = 3, EmployeeId = 3, EmployeeCode = "Emp3", RoleId = 3, IsActive = true, CreateDate = DateTime.Now });
+                userAccessDbContext.SaveChanges();
+            }
+
+            if (!userAccessDbContext.Roles.Any())
+            {
+                userAccessDbContext.Roles.Add(new Db.Role { Id = 1, Name = "admin", Description ="Administrator role have full access" });
+                userAccessDbContext.Roles.Add(new Db.Role { Id = 2, Name = "user", Description =" User role"});
+                userAccessDbContext.Roles.Add(new Db.Role { Id = 3, Name = "survey", Description ="Survey role" });
+                userAccessDbContext.Roles.Add(new Db.Role { Id = 4, Name = "report", Description ="Report role"});
+                userAccessDbContext.Roles.Add(new Db.Role { Id = 5, Name = "document", Description ="Document role" });
+                userAccessDbContext.SaveChanges();
+            }
+        }
+
+        public async Task<(bool IsSuccess, IEnumerable<Models.User> Users, string ErrorMessage)> GetUsersAsync()
+        {
+            try
+            {
+                logger?.LogInformation("Gell all Users from DB");
+                var users = await userAccessDbContext.Users.ToListAsync();
+                if (users != null)
+                {
+                    logger?.LogInformation($"{users.Count} Items(s) found");
+                    var result = mapper.Map<IEnumerable<Db.User>, IEnumerable<Models.User>>(users);
+                    return (true, result, null);
+                }
+                return (false, null, "Not found");
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError(ex.ToString());
+                return (false, null, ex.Message);
+            }
+        }
+
+        public async Task<(bool IsSuccess, Models.User User, string ErrorMessage)> GetUsersAsync(int Id)
+        {
+            try
+            {
+                logger?.LogInformation("Querying Users table");
+                var user = await userAccessDbContext.Users.SingleOrDefaultAsync(s => s.Id == Id);
+                if (user != null)
+                {
+                    logger?.LogInformation($"User Id: {Id} found");
+                    var result = mapper.Map<Db.User, Models.User>(user);
+                    return (true, result, null);
+                }
+                return (false, null, "Not found");
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError(ex.ToString());
+                return (false, null, ex.Message);
+            }
+        }
+
+        public async Task<(bool IsSuccess, Models.User User, string ErrorMessage)> PostUserAsync(Models.User user)
+        {
+            try
+            {
+                if (user != null)
+                {
+                    var _user = mapper.Map<Models.User, Db.User>(user);
+                    userAccessDbContext.Users.Add(_user);
+                    user.Id = _user.Id;
+                    await userAccessDbContext.SaveChangesAsync();
+                    return (true, user, "Successful");
+                }
+                else
+                {
+                    logger?.LogInformation($"null object cannot be added");
+                    return (false, null, $"null object cannot be added");
+                }
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError(ex.ToString());
+                return (false, null, ex.Message);
+            }
+        }
+
+        public async Task<(bool IsSuccess, Models.User User, string ErrorMessage)> PutUserAsync(int Id, Models.User user)
+        {
+            try
+            {
+                if (user != null)
+                {
+                    var _user = await userAccessDbContext.Users.AsNoTracking().Where(s => s.Id == Id).SingleOrDefaultAsync();
+
+                    if (_user != null)
+                    {
+                        int count = userAccessDbContext.Users.Where(u => u.Id != user.Id).Count();
+                        if (count == 0)
+                        {
+                            await userAccessDbContext.SaveChangesAsync();
+                            logger?.LogInformation($"Employee Id:  {user.EmployeeId} updated successfuly");
+                            return (true, mapper.Map<Db.User, Models.User>(_user), $"Employee Id:  {_user.EmployeeId} updated successfuly");
+                        }
+                        else
+                        {
+                            logger?.LogInformation($"Employee Id:  {user.EmployeeId} is already exist");
+                            return (false, null, $"Employee Id:  {user.EmployeeId} is already exist");
+                        }
+                    }
+                    else
+                    {
+                        logger?.LogInformation($"User Id : {Id} Not found");
+                        return (false, null, "Not Found");
+                    }
+                }
+                else
+                {
+                    logger?.LogInformation($"User Id: {Id} Bad Request");
+                    return (false, null, "Bad request");
+                }
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError(ex.ToString());
+                return (false, null, ex.Message);
+            }
+        }
+
+        public async Task<(bool IsSuccess, Models.User User, string ErrorMessage)> DeleteUserAsync(int Id)
+        {
+            try
+            {
+                var user = await userAccessDbContext.Users.Where(x => x.Id == Id).SingleOrDefaultAsync();
+
+                if (user != null)
+                {
+                    userAccessDbContext.Users.Remove(user);
+                    await userAccessDbContext.SaveChangesAsync();
+                    logger?.LogInformation($"User Id: {Id} deleted Successfuly");
+                    return (true, mapper.Map<Db.User, Models.User>(user), $"User Id: {Id} deleted Successfuly");
+                }
+                else
+                {
+                    logger?.LogInformation($"User Id : {Id} Not found");
+                    return (false, null, "Not Found");
+                }
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError(ex.ToString());
+                return (false, null, ex.Message);
+            }
+        }
+
+        public async Task<(bool IsSuccess, TokenResponse TokenResponse, string ErrorMessage)> AuthenticateAsync(string employecode)
+        {
+          
+            if (employecode != null)
+              {
+                //implementation for dadeschools authentication
+                // var employees = await employeeServiceProvider.getEmployeesAsync();
+                // var employee = employees.Where(e=> e.EmployeeCode.ToLower() == employecode.ToLower()).SingleOrDefault();
+                var user = userAccessDbContext.Users.Where(x => x.IsActive == true && x.EmployeeCode.ToLower() == employecode.ToLower()).SingleOrDefault();
+       
+                          if (user != null)
+                          {
+
+                              var r = await GetRolesAsync();
+                              var role = r.Roles.Where(x => x.Id == user.RoleId).SingleOrDefault();
+
+                              var authClaims = new List<Claim> {
+                               new Claim(ClaimTypes.Name, user.EmployeeCode),
+                               new Claim(ClaimTypes.Role, role.Name),
+                               new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString())
+
+                              };
+
+                              /// Generate Token
+                              var tokenhandler = new JwtSecurityTokenHandler();
+                              var tokenkey = Encoding.UTF8.GetBytes(jwtSettings.securitykey);
+                              var tokendesc = new SecurityTokenDescriptor
+                              {
+                                  Audience = "",
+                                  NotBefore = DateTime.Now,
+                                  Subject = new ClaimsIdentity(authClaims),
+                                  Expires = DateTime.Now.AddMinutes(30),
+                                  SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(tokenkey), SecurityAlgorithms.HmacSha256)
+                              };
+                              var token = tokenhandler.CreateToken(tokendesc);
+                              string finaltoken = tokenhandler.WriteToken(token);
+
+                              var response = new TokenResponse() { jwttoken = finaltoken, refreshtoken = await tokenServiceProvider.GenerateToken(mapper.Map<Db.User,Models.User>(user)) };
+                              return (true, response, "Authentication success and token issued.");
+                          }
+                          else
+                          {
+                              return (false, null, "user inactive or not exist.");
+                          }
+                  }
+
+              else
+              {
+                  return (false, null, "Credentials are required to authenticate.");
+              }
+        }
+        public async Task<(bool IsSuccess, IEnumerable<Models.Role> Roles, string ErrorMessage)> GetRolesAsync()
+        {
+            try
+            {
+                logger?.LogInformation("Gell all Roles from DB");
+                var roles = await userAccessDbContext.Roles.ToListAsync();
+                if (roles != null)
+                {
+                    logger?.LogInformation($"{roles.Count} Items(s) found");
+                    var result = mapper.Map<IEnumerable<Db.Role>, IEnumerable<Models.Role>>(roles);
+                    return (true, result, null);
+                }
+                return (false, null, "Not found");
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError(ex.ToString());
+                return (false, null, ex.Message);
+            }
+        }
+
+        public async Task<(bool IsSuccess, Models.TokenResponse TokenResponse, string ErrorMessage)> RefreshTokenAsync(TokenResponse tokenResponse)
+        {
+            //Generate token
+            var tokenhandler = new JwtSecurityTokenHandler();
+            var tokenkey = Encoding.UTF8.GetBytes(this.jwtSettings.securitykey);
+            SecurityToken securityToken;
+            var principal = tokenhandler.ValidateToken(tokenResponse.jwttoken, new TokenValidationParameters
+            {
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKey = new SymmetricSecurityKey(tokenkey),
+                ValidateIssuer = false,
+                ValidateAudience = false,
+
+            }, out securityToken);
+
+            var token = securityToken as JwtSecurityToken;
+            if (token != null && !token.Header.Alg.Equals(SecurityAlgorithms.HmacSha256))
+            {
+                return (false, null, "Unauthorized");
+            }
+            var username = principal.Identity?.Name;
+
+            var tokens = await userAccessDbContext.Tokens.ToListAsync();
+            var users = await userAccessDbContext.Users.ToListAsync();
+
+            var user = (from u in users
+                        join t in tokens
+                        on u.Id equals t.UserId
+                        where u.EmployeeId == 1
+                        && t.RefreshToken == tokenResponse.refreshtoken
+                        select u).FirstOrDefault();
+
+            if (user == null)
+                return (false, null, "Invalid Token Response object provided");
+
+            var _user = mapper.Map<Db.User, Models.User>(user);
+            var response = tokenServiceProvider.TokenAuthenticate(_user, principal.Claims.ToArray()).Result;
+            return (true, response, "Token authenticated and refreshed.");
+        }
+
+
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/EmployeeServiceProvider.cs

@@ -1,9 +1,8 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
-using DamageAssesment.Api.SurveyResponses.Models;
-using Microsoft.AspNetCore.Mvc.Routing;
+using DamageAssesment.Api.UsersAccess.Interfaces;
+using DamageAssesment.Api.UsersAccess.Models;
 using Newtonsoft.Json;
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.UsersAccess.Services
 {
     public class EmployeeServiceProvider : ServiceProviderBase, IEmployeeServiceProvider
     {

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/HttpUtil.cs

@@ -1,8 +1,8 @@
-using DamageAssesment.Api.SurveyResponses.Interfaces;
+using DamageAssesment.Api.UsersAccess.Interfaces;
 using System.Net.Http.Headers;
 using System.Text;
 
-namespace DamageAssesment.Api.SurveyResponses.Services
+namespace DamageAssesment.Api.UsersAccess.Services
 {
     public class HttpUtil : IHttpUtil
     {
@@ -27,7 +27,6 @@ namespace DamageAssesment.Api.SurveyResponses.Services
                 {
                     request.Content = new StringContent(JsonInput, Encoding.UTF8, "application/json");
                 }
-
                 var response = await httpClient.SendAsync(request, CancellationToken.None);
                 response.EnsureSuccessStatusCode();
                 var responseString = await response.Content.ReadAsStringAsync();

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/ServiceProviderBase.cs

@@ -0,0 +1,25 @@
+using DamageAssesment.Api.UsersAccess.Interfaces;
+
+namespace DamageAssesment.Api.UsersAccess.Services
+{
+    public class ServiceProviderBase
+    {
+        protected readonly IConfiguration configuration;
+        protected readonly IHttpUtil httpUtil;
+        protected readonly ILogger<ServiceProviderBase> logger;
+        protected string ressource;
+        protected string urlBase;
+        protected string url;
+        
+
+        public ServiceProviderBase(IConfiguration configuration, IHttpUtil httpUtil, ILogger<ServiceProviderBase> logger, string ressource, string urlBase)
+        {
+            this.configuration = configuration;
+            this.httpUtil = httpUtil;
+            this.logger = logger;
+            this.ressource = ressource;
+            this.urlBase = urlBase;
+            url = urlBase + ressource;
+        }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/TokenServiceProvider.cs

@@ -0,0 +1,59 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text;
+using DamageAssesment.Api.UsersAccess.Db;
+using DamageAssesment.Api.UsersAccess.Interfaces;
+using DamageAssesment.Api.UsersAccess.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+
+namespace DamageAssesment.Api.UsersAccess.Services
+{
+    public class TokenServiceProvider : ITokenServiceProvider
+    {
+        private readonly UsersAccessDbContext usersAccessDbContext;
+        private readonly JwtSettings jwtSettings;
+        public TokenServiceProvider(IOptions<JwtSettings> options, UsersAccessDbContext usersAccessDbContext)
+        {
+            this.usersAccessDbContext = usersAccessDbContext;
+            this.jwtSettings = options.Value;
+        }
+        public async Task<string> GenerateToken(Models.User user)
+        {
+            var randomnumber = new byte[32];
+            using (var ramdomnumbergenerator = RandomNumberGenerator.Create())
+            {
+                ramdomnumbergenerator.GetBytes(randomnumber);
+                string refreshtoken = Convert.ToBase64String(randomnumber);
+                var token = await usersAccessDbContext.Tokens.FirstOrDefaultAsync(item => item.UserId == user.Id);
+                if (token != null)
+                {
+                    token.RefreshToken = refreshtoken;
+                }
+                else
+                {
+                    usersAccessDbContext.Tokens.Add(new Db.Token()
+                    {
+                        UserId = user.Id,
+                        RefreshToken = refreshtoken,
+                        IsActive = true
+                    });
+                }
+                await usersAccessDbContext.SaveChangesAsync();
+
+                return refreshtoken;
+            }
+        }
+
+        public async Task<TokenResponse> TokenAuthenticate(Models.User user, Claim[] claims)
+        {
+            var token = new JwtSecurityToken(claims: claims, expires: DateTime.Now.AddSeconds(20),
+              signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.securitykey)), SecurityAlgorithms.HmacSha256)
+            );
+            var jwttoken = new JwtSecurityTokenHandler().WriteToken(token);
+            return new TokenResponse() { jwttoken = jwttoken, refreshtoken = await GenerateToken(user) };
+        }
+    }
+}

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}