WebCAEpro
Workforce management platform with GDPR-compliant digital signature workflows, REST API and multi-brand support.
Problem
Operations teams at CAE companies tracked workers, clients and monthly timesheets entirely through spreadsheets and manual processes. Each monthly closing required days of manual reconciliation, signature collection was done on paper or scanned PDFs, and there was no auditable trail for timesheet validation or GDPR compliance.
Role
Contributing Developer — Full-stack .NET: features, REST APIs, PDF pipeline and multi-brand support.
Operations platform for CAE companies managing clients, workers, time tracking and monthly timesheet validation. Features automated GDPR-compliant e-signatures, mobile time tracking APIs and multi-brand tenant support.
Solution
Extended an existing ASP.NET Core MVC platform with production-critical features. Implemented an automated GDPR-compliant digital signature workflow for monthly timesheet validation, a REST API for mobile time tracking with concurrent operation limits, multi-brand support for 3 business brands on a single codebase, and a PDF generation and stamping pipeline combining QuestPDF, PdfSharpCore and ChromeHtmlToPdf.
Technical Decisions
Modular ASP.NET Core MVC monolith — evolved the existing system rather than rewriting. Brand-specific behavior (themes, databases, communication channels) handled through configuration and isolated database instances per brand, not code forks.
SHA-256 magic tokens for GDPR-compliant e-signatures — workers receive time-limited, single-use magic links via email. Signature capture includes stroke count, IP, UserAgent and timestamp in the audit trail.
Async background job processing for PDF generation — timesheet signing triggers PDF stamping (PdfSharpCore), structured report generation (QuestPDF) and email delivery asynchronously, keeping the UI responsive during monthly validation peaks.
MySQL (Pomelo EF Core provider) and SQL Server — dual database support based on client deployment environment. EF Core abstractions keep the codebase database-agnostic.
REST API with encrypted API keys and per-day operation limits — mobile apps authenticate via client-specific API keys, with rate limiting scoped to calendar days and timezone-aware boundaries.
Multi-brand tenant architecture — single codebase serving 3 brands with isolated databases, independent SMTP/WhatsApp communication channels and custom CSS themes per brand. Brand resolution based on deployment configuration.
PDF pipeline layering — QuestPDF for programmatic structured reports, PdfSharpCore for visual signature stamping on existing PDFs, ChromeHtmlToPdf for converting HTML templates to PDF. Each tool chosen for its specific role in the pipeline.
Trade-off — keeping the MVC monolith avoided a risky rewrite. Brand-specific logic lives in configuration and isolated databases, not in code branches. The cost is that deploying a new brand requires infrastructure setup rather than purely declarative configuration.
Technical Challenges
Implemented end-to-end digital signature workflow: token generation (SHA-256 + expiry), email delivery, signature capture (stroke count, browser metadata), PDF stamping (PdfSharpCore), and async audit trail generation — all with retry logic for transient failures.
Designed REST API for concurrent mobile time tracking — handles workers clocking in/out simultaneously across time zones with per-day operation limits and encrypted API keys per client.
Built multi-brand support on a single codebase — 3 business brands with isolated databases, independent SMTP/WhatsApp channels and custom CSS themes, all resolved at runtime without code branches.
Created PDF pipeline combining three libraries for different stages: QuestPDF for structured report generation, PdfSharpCore for visual signature stamping on existing documents, and ChromeHtmlToPdf for HTML-to-PDF conversion of dynamic content.
Implemented CSV import pipeline for bulk data migration — validates templates, enforces referential integrity and reduces manual data entry by 80% compared to previous spreadsheet workflows.
Tech stack
backend
data
infrastructure
security
Impact
80% reduction in manual data entry through CSV imports
100% digital timesheet compliance with audit trail
3 brands running from a single codebase