Downgrade Identity.api version due to compatibility issues

Updated Test project version
Fix issue Idsrv token

docker-compose.override.yml

@@ -61,6 +61,8 @@ services:
       - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq}
       - UseCustomizationData=True
       - AzureServiceBusEnabled=False
+      - GracePeriodTime=1
+      - CheckUpdateTime=30000
     ports:
       - "5102:80"
 

src/BuildingBlocks/DataProtection/DataProtection/DataProtection.csproj

@@ -1,13 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netstandard1.5</TargetFramework>
     <RootNamespace>Microsoft.eShopOnContainers.BuildingBlocks</RootNamespace>
   </PropertyGroup>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.1.2" />
-    <PackageReference Include="StackExchange.Redis.StrongName" Version="1.2.4" />
+    <PackageReference Include="StackExchange.Redis" Version="1.2.3" />
   </ItemGroup>
 
 </Project>

src/BuildingBlocks/HealthChecks/src/Microsoft.AspNetCore.HealthChecks/Microsoft.AspNetCore.HealthChecks.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netstandard1.3</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
@@ -9,7 +9,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="1.1.2" />
     <ProjectReference Include="..\Microsoft.Extensions.HealthChecks\Microsoft.Extensions.HealthChecks.csproj" />
   </ItemGroup>
 

src/BuildingBlocks/HealthChecks/src/Microsoft.Extensions.HealthChecks.SqlServer/Microsoft.Extensions.HealthChecks.SqlServer.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netstandard1.3</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
@@ -9,7 +9,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Data.SqlClient" Version="4.4.0" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.3.1" />
   </ItemGroup>
 
   <ItemGroup>

src/BuildingBlocks/HealthChecks/src/Microsoft.Extensions.HealthChecks/Microsoft.Extensions.HealthChecks.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netstandard1.3</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
@@ -9,7 +9,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging" Version="2.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="1.1.2" />
     <PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
     <PackageReference Include="System.Diagnostics.Process" Version="4.3.0" />
     <PackageReference Include="System.Threading.Tasks.Parallel" Version="4.3.0" />

src/Services/Basket/Basket.API/Startup.cs

@@ -3,6 +3,7 @@ using Autofac.Extensions.DependencyInjection;
 using Basket.API.Infrastructure.Filters;
 using Basket.API.IntegrationEvents.EventHandling;
 using Basket.API.IntegrationEvents.Events;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
@@ -25,6 +26,7 @@ using StackExchange.Redis;
 using Swashbuckle.AspNetCore.Swagger;
 using System;
 using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
 using System.Threading.Tasks;
 
 namespace Microsoft.eShopOnContainers.Services.Basket.API
@@ -50,6 +52,8 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API
 
             }).AddControllersAsServices();
 
+            ConfigureAuthService(services);
+
             services.AddHealthChecks(checks =>
             {
                 checks.AddValueTaskCheck("HTTP Endpoint", () => new ValueTask<IHealthCheckResult>(HealthCheckResult.Healthy("Ok")),
@@ -59,15 +63,6 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API
 
             services.Configure<BasketSettings>(Configuration);           
 
-            services.AddAuthentication()
-                .AddJwtBearer(options =>
-                {
-                    options.Authority = Configuration.GetValue<string>("IdentityUrl");
-                    options.Audience = "basket";
-                    options.RequireHttpsMetadata = false;
-
-                });
-
             //By connecting here we are making sure that our service
             //cannot start until redis is ready. This might slow down startup,
             //but given that there is a delay on resolving the ip address
@@ -167,7 +162,7 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API
         {
             app.UseStaticFiles();          
             app.UseCors("CorsPolicy");
-            app.UseAuthentication();
+            ConfigureAuth(app);
             app.UseMvcWithDefaultRoute();
 
             app.UseSwagger()
@@ -181,6 +176,30 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API
 
         }
 
+        private void ConfigureAuthService(IServiceCollection services)
+        {
+            // prevent from mapping "sub" claim to nameidentifier.
+            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
+
+            var identityUrl = Configuration.GetValue<string>("IdentityUrl");
+
+            services.AddAuthentication(options =>
+            {
+                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+
+            }).AddJwtBearer(options =>
+            {
+                options.Authority = identityUrl;
+                options.RequireHttpsMetadata = false;
+                options.Audience = "basket";
+            });
+        }
+
+        protected virtual void ConfigureAuth(IApplicationBuilder app)
+        {
+            app.UseAuthentication();
+        }
 
         private void RegisterEventBus(IServiceCollection services)
         {

src/Services/Catalog/Catalog.API/Startup.cs

@@ -36,25 +36,13 @@
 
     public class Startup
     {
-        public IConfigurationRoot Configuration { get; }
+        public Startup(IConfiguration configuration)
-
-        public Startup(IHostingEnvironment env)
         {
-            var builder = new ConfigurationBuilder()
+            Configuration = configuration;
-                .SetBasePath(env.ContentRootPath)
-                .AddJsonFile($"settings.json", optional: false, reloadOnChange: true)
-                .AddJsonFile($"settings.{env.EnvironmentName}.json", optional: true);
-
-            if (env.IsDevelopment())
-            {
-                builder.AddUserSecrets(typeof(Startup).GetTypeInfo().Assembly);
-            }
-
-            builder.AddEnvironmentVariables();
-
-            Configuration = builder.Build();
         }
 
+        public IConfiguration Configuration { get; }       
+
         public IServiceProvider ConfigureServices(IServiceCollection services)
         {
             // Add framework services.

src/Services/Identity/Identity.API/Controllers/AccountController.cs

@@ -2,24 +2,26 @@
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
 
-using Identity.API.Models;
-using Identity.API.Models.AccountViewModels;
-using Identity.API.Services;
 using IdentityModel;
-using IdentityServer4.Models;
+using IdentityServer4.Quickstart.UI.Models;
 using IdentityServer4.Services;
-using IdentityServer4.Stores;
+using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-
+using IdentityServer4.Models;
+using IdentityServer4.Stores;
+using Identity.API.Services;
+using Identity.API.Models;
+using Microsoft.Extensions.Logging;
+using Microsoft.AspNetCore.Authorization;
+using Identity.API.Models.AccountViewModels;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Authentication;
 
 namespace IdentityServer4.Quickstart.UI.Controllers
 {
@@ -84,7 +86,7 @@ namespace IdentityServer4.Quickstart.UI.Controllers
                 var user = await _loginService.FindByUsername(model.Email);
                 if (await _loginService.ValidateCredentials(user, model.Password))
                 {
-                     AuthenticationProperties props = null;
+                    AuthenticationProperties props = null;
                     if (model.RememberMe)
                     {
                         props = new AuthenticationProperties
@@ -192,16 +194,16 @@ namespace IdentityServer4.Quickstart.UI.Controllers
                 try
                 {
                     // hack: try/catch to handle social providers that throw
-                    await HttpContext.SignOutAsync(idp, new AuthenticationProperties { RedirectUri = url });
+                    await HttpContext.Authentication.SignOutAsync(idp, new AuthenticationProperties { RedirectUri = url });
                 }
-                catch(Exception ex)
+                catch (Exception ex)
                 {
                     _logger.LogCritical(ex.Message);
                 }
             }
 
             // delete authentication cookie
-            await HttpContext.SignOutAsync();
+            await HttpContext.Authentication.SignOutAsync();
 
             // set this so UI rendering sees an anonymous user
             HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity());
@@ -215,7 +217,7 @@ namespace IdentityServer4.Quickstart.UI.Controllers
         public async Task<IActionResult> DeviceLogOut(string redirectUrl)
         {
             // delete authentication cookie
-            await HttpContext.SignOutAsync();
+            await HttpContext.Authentication.SignOutAsync();
 
             // set this so UI rendering sees an anonymous user
             HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity());
@@ -291,7 +293,8 @@ namespace IdentityServer4.Quickstart.UI.Controllers
                 }
             }
 
-            if (returnUrl != null) {
+            if (returnUrl != null)
+            {
                 if (HttpContext.User.Identity.IsAuthenticated)
                     return Redirect(returnUrl);
                 else

src/Services/Identity/Identity.API/Identity.API.csproj

@@ -1,10 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netcoreapp1.1</TargetFramework>
-    <RuntimeFrameworkVersion>2.0.0</RuntimeFrameworkVersion>
+    <RuntimeFrameworkVersion>1.1.2</RuntimeFrameworkVersion>
     <UserSecretsId>aspnet-eShopOnContainers.Identity-90487118-103c-4ff0-b9da-e5e26f7ab0c5</UserSecretsId>
-    <!--<AssetTargetFallback>$(AssetTargetFallback);portable-net45+win8+wp8+wpa81;</AssetTargetFallback>-->
+    <AssetTargetFallback>$(AssetTargetFallback);portable-net45+win8+wp8+wpa81;</AssetTargetFallback>
     <DockerComposeProjectPath>..\..\..\..\docker-compose.dcproj</DockerComposeProjectPath>
   </PropertyGroup>
 
@@ -16,8 +16,30 @@
 
   <ItemGroup>
     <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="4.1.0" />
-    <PackageReference Include="IdentityServer4" Version="2.0.0-preview3" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Cookies" Version="1.1.2" />
-    <PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="1.1.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="1.1.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="1.1.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.1.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Routing" Version="1.1.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.1.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.1.2" />
+    <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="1.1.2" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="1.1.2" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer.Design" Version="1.1.2">
+      <PrivateAssets>All</PrivateAssets>
+    </PackageReference>
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="1.1.1">
+      <PrivateAssets>All</PrivateAssets>
+    </PackageReference>
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.1.2" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="1.1.2" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.1.2" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="1.1.2" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.1.2" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.2" />
+    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="1.1.2" />
+    <PackageReference Include="Microsoft.VisualStudio.Web.BrowserLink.Loader" Version="14.1.0" />
     <PackageReference Include="IdentityServer4.AspNetIdentity" Version="1.0.1" />
     <PackageReference Include="IdentityServer4.EntityFramework" Version="1.0.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="1.0.0" />
@@ -30,9 +52,9 @@
 
   <ItemGroup>
     <DotNetCliToolReference Include="BundlerMinifier.Core" Version="2.4.337" />
-    <DotNetCliToolReference Include="Microsoft.EntityFrameworkCore.Tools.DotNet" Version="2.0.0" />
+    <DotNetCliToolReference Include="Microsoft.EntityFrameworkCore.Tools.DotNet" Version="1.0.0-msbuild3-final" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="2.0.0" />
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild3-final" />
-    <DotNetCliToolReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Tools" Version="2.0.0" />
+    <DotNetCliToolReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Tools" Version="1.0.0-msbuild3-final" />
   </ItemGroup>
 
   <ItemGroup>

src/Services/Identity/Identity.API/Models/ApplicationUser.cs

@@ -1,4 +1,8 @@
-using Microsoft.AspNetCore.Identity;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using System.ComponentModel.DataAnnotations;
 
 namespace Identity.API.Models

src/Services/Identity/Identity.API/Program.cs

@@ -1,6 +1,4 @@
-using Microsoft.AspNetCore;
+using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Logging;
 using System.IO;
 
 namespace eShopOnContainers.Identity
@@ -9,19 +7,15 @@ namespace eShopOnContainers.Identity
     {
         public static void Main(string[] args)
         {
-            BuildWebHost(args).Run();
+            var host = new WebHostBuilder()
-        }
+                .UseKestrel()
-
-        public static IWebHost BuildWebHost(string[] args) =>
-            WebHost.CreateDefaultBuilder(args)
-                .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseHealthChecks("/hc")
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
                 .UseStartup<Startup>()
-                .ConfigureLogging((hostingContext, builder) =>
+                .Build();
-                {
+
-                    builder.AddConfiguration(hostingContext.Configuration.GetSection("Logging"));
+            host.Run();
-                    builder.AddConsole();
+        }
-                    builder.AddDebug();
-                }).Build();
     }
 }

src/Services/Identity/Identity.API/Startup.cs

@@ -1,6 +1,4 @@
-using Autofac;
+using Identity.API.Certificate;
-using Autofac.Extensions.DependencyInjection;
-using Identity.API.Certificate;
 using Identity.API.Configuration;
 using Identity.API.Data;
 using Identity.API.Models;
@@ -11,12 +9,16 @@ using IdentityServer4.Services;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.eShopOnContainers.BuildingBlocks;
 using Microsoft.eShopOnContainers.Services.Catalog.API.Infrastructure;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.HealthChecks;
+using Identity.API.Certificate;
+using Autofac.Extensions.DependencyInjection;
+using Autofac;
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
@@ -28,13 +30,24 @@ namespace eShopOnContainers.Identity
 {
     public class Startup
     {
-        public Startup(IConfiguration configuration)
+        public Startup(IHostingEnvironment env)
         {
-            Configuration = configuration;
+            var builder = new ConfigurationBuilder()
+                .SetBasePath(env.ContentRootPath)
+                .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
+                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);
+
+            if (env.IsDevelopment())
+            {
+                // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
+                builder.AddUserSecrets<Startup>();
+            }
+
+            builder.AddEnvironmentVariables();
+            Configuration = builder.Build();
         }
 
-        public IConfiguration Configuration { get; }
+        public IConfigurationRoot Configuration { get; }
-
 
         // This method gets called by the runtime. Use this method to add services to the container.
         public IServiceProvider ConfigureServices(IServiceCollection services)
@@ -123,11 +136,9 @@ namespace eShopOnContainers.Identity
                 await next();
             });
 
-
+            app.UseIdentity();
 
             // Adds IdentityServer
-            app.UseAuthentication();
-
             app.UseIdentityServer();
 
             app.UseMvc(routes =>

src/Services/Location/Locations.API/Startup.cs

@@ -20,6 +20,7 @@ using RabbitMQ.Client;
 using Swashbuckle.AspNetCore.Swagger;
 using System;
 using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
 using System.Threading.Tasks;
 
 namespace Microsoft.eShopOnContainers.Services.Locations.API
@@ -40,13 +41,7 @@ namespace Microsoft.eShopOnContainers.Services.Locations.API
                 options.Filters.Add(typeof(HttpGlobalExceptionFilter));
             }).AddControllersAsServices();
 
-            services.AddAuthentication()
+            ConfigureAuthService(services);
-                .AddJwtBearer(options =>
-                {
-                    options.Authority = Configuration.GetValue<string>("IdentityUrl");
-                    options.Audience = "locations";
-                    options.RequireHttpsMetadata = false;
-                });
 
             services.Configure<LocationSettings>(Configuration);
 
@@ -138,7 +133,7 @@ namespace Microsoft.eShopOnContainers.Services.Locations.API
         {
             app.UseCors("CorsPolicy");
 
-            app.UseAuthentication();
+            ConfigureAuth(app);
 
             app.UseMvcWithDefaultRoute();
 
@@ -153,6 +148,25 @@ namespace Microsoft.eShopOnContainers.Services.Locations.API
                 .Wait();
         }
 
+        private void ConfigureAuthService(IServiceCollection services)
+        {
+            // prevent from mapping "sub" claim to nameidentifier.
+            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
+
+            services.AddAuthentication()
+                .AddJwtBearer(options =>
+                {
+                    options.Authority = Configuration.GetValue<string>("IdentityUrl");
+                    options.Audience = "locations";
+                    options.RequireHttpsMetadata = false;
+                });
+        }
+
+        protected virtual void ConfigureAuth(IApplicationBuilder app)
+        {
+            app.UseAuthentication();
+        }
+
         private void RegisterEventBus(IServiceCollection services)
         {
             if (Configuration.GetValue<bool>("AzureServiceBusEnabled"))

src/Services/Marketing/Marketing.API/Startup.cs

@@ -28,6 +28,7 @@
     using System;
     using System.Collections.Generic;
     using System.Data.SqlClient;
+    using System.IdentityModel.Tokens.Jwt;
     using System.Reflection;
     using System.Threading.Tasks;
 
@@ -52,13 +53,7 @@
 
             services.Configure<MarketingSettings>(Configuration);
 
-            services.AddAuthentication()
+            ConfigureAuthService(services);            
-                .AddJwtBearer(options =>
-                {
-                    options.Authority = Configuration.GetValue<string>("IdentityUrl");
-                    options.Audience = "marketing";
-                    options.RequireHttpsMetadata = false;
-                });
 
             services.AddHealthChecks(checks => 
             {
@@ -171,7 +166,7 @@
         {
             app.UseCors("CorsPolicy");
 
-            app.UseAuthentication();
+            ConfigureAuth(app);
 
             app.UseMvcWithDefaultRoute();
 
@@ -190,7 +185,21 @@
             ConfigureEventBus(app);
         }
 
-        private void RegisterEventBus(IServiceCollection services)
+        private void ConfigureAuthService(IServiceCollection services)
+        {
+            // prevent from mapping "sub" claim to nameidentifier.
+            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
+
+            services.AddAuthentication()
+                .AddJwtBearer(options =>
+                {
+                    options.Authority = Configuration.GetValue<string>("IdentityUrl");
+                    options.Audience = "marketing";
+                    options.RequireHttpsMetadata = false;
+                });
+        }
+
+            private void RegisterEventBus(IServiceCollection services)
         {
             if (Configuration.GetValue<bool>("AzureServiceBusEnabled"))
             {
@@ -221,6 +230,11 @@
             eventBus.Subscribe<UserLocationUpdatedIntegrationEvent, UserLocationUpdatedIntegrationEventHandler>();
         }
 
+        protected virtual void ConfigureAuth(IApplicationBuilder app)
+        {
+            app.UseAuthentication();
+        }
+
         private async Task WaitForSqlAvailabilityAsync(MarketingContext ctx, ILoggerFactory loggerFactory, IApplicationBuilder app, int retries = 0)
         {
             var logger = loggerFactory.CreateLogger(nameof(Startup));

src/Services/Ordering/Ordering.API/Infrastructure/HostedServices/GracePeriodManagerService.cs

@@ -2,6 +2,7 @@
 {
     using Dapper;
     using Microsoft.eShopOnContainers.BuildingBlocks.EventBus.Abstractions;
+    using Microsoft.eShopOnContainers.Services.Ordering.API;
     using Microsoft.Extensions.Logging;
     using Microsoft.Extensions.Options;
     using Ordering.API.Application.IntegrationEvents.Events;
@@ -14,11 +15,11 @@
     public class GracePeriodManagerService
         : HostedService
     {
-        private readonly GracePeriodManagerSettings _settings;
+        private readonly OrderingSettings _settings;
         private readonly ILogger<GracePeriodManagerService> _logger;
         private readonly IEventBus _eventBus;
 
-        public GracePeriodManagerService(IOptions<GracePeriodManagerSettings> settings,
+        public GracePeriodManagerService(IOptions<OrderingSettings> settings,
             IEventBus eventBus,
             ILogger<GracePeriodManagerService> logger)
         {

src/Services/Ordering/Ordering.API/Infrastructure/HostedServices/GracePeriodManagerSettings.cs

@@ -1,14 +0,0 @@
-namespace Ordering.API.Infrastructure.HostedServices
-{
-    public class GracePeriodManagerSettings
-    {
-        public string ConnectionString { get; set; }
-
-        public string EventBusConnection { get; set; }
-
-        public int GracePeriodTime { get; set; }
-
-        public int CheckUpdateTime { get; set; }
-
-    }
-}

src/Services/Ordering/Ordering.API/OrderingSettings.cs

@@ -3,5 +3,12 @@
     public class OrderingSettings
     {
         public bool UseCustomizationData { get; set; }
+        public string ConnectionString { get; set; }
+
+        public string EventBusConnection { get; set; }
+
+        public int GracePeriodTime { get; set; }
+
+        public int CheckUpdateTime { get; set; }
     }
 }

src/Services/Ordering/Ordering.API/Startup.cs

@@ -35,30 +35,18 @@
     using System.Collections.Generic;
     using System.Data.Common;
     using System.Data.SqlClient;
+    using System.IdentityModel.Tokens.Jwt;
     using System.Reflection;
     using System.Threading.Tasks;
 
     public class Startup
     {
-        public Startup(IHostingEnvironment env)
+        public Startup(IConfiguration configuration)
         {
-            var builder = new ConfigurationBuilder()
+            Configuration = configuration;
-                .SetBasePath(env.ContentRootPath)
-                .AddJsonFile("settings.json", optional: true, reloadOnChange: true)
-                .AddJsonFile("graceperiodsettings.json", optional: true, reloadOnChange: true)
-                .AddJsonFile($"settings.{env.EnvironmentName}.json", optional: true);
-
-            if (env.IsDevelopment())
-            {
-                builder.AddUserSecrets(typeof(Startup).GetTypeInfo().Assembly);
-            }
-
-            builder.AddEnvironmentVariables();
-
-            Configuration = builder.Build();
         }
 
-        public IConfigurationRoot Configuration { get; }
+        public IConfiguration Configuration { get; }
 
         public IServiceProvider ConfigureServices(IServiceCollection services)
         {
@@ -71,7 +59,6 @@
 
             // Configure GracePeriodManager Hosted Service
             services.AddSingleton<IHostedService, GracePeriodManagerService>();
-            services.Configure<GracePeriodManagerSettings>(Configuration);
 
             services.AddTransient<IOrderingIntegrationEventService, OrderingIntegrationEventService>();
 
@@ -228,6 +215,9 @@
 
         private void ConfigureAuthService(IServiceCollection services)
         {
+            // prevent from mapping "sub" claim to nameidentifier.
+            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
+
             var identityUrl = Configuration.GetValue<string>("IdentityUrl");
 
             services.AddAuthentication(options =>

src/Services/Ordering/Ordering.API/graceperiodsettings.json

@@ -1,6 +0,0 @@
-{
-  "ConnectionString": "Server=tcp:127.0.0.1,5433;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word;",
-  "GracePeriodTime": "1",
-  "CheckUpdateTime": "30000"
-}
-

src/Services/Ordering/Ordering.API/settings.json

@@ -11,5 +11,7 @@
     }
   },
   "AzureServiceBusEnabled": false,
-  "SubscriptionClientName": "Ordering"
+  "SubscriptionClientName": "Ordering",
+  "GracePeriodTime": "1",
+  "CheckUpdateTime": "30000"
 }

src/Web/WebMVC/Startup.cs

@@ -82,11 +82,10 @@ namespace Microsoft.eShopOnContainers.WebMVC
             // Add Authentication services          
             
             services.AddAuthentication(options => {
+                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
-                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
             })
-            .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
+            .AddCookie()
             .AddOpenIdConnect(options => {
                 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.Authority = identityUrl.ToString();

src/Web/WebSPA/Startup.cs

@@ -16,24 +16,22 @@ namespace eShopConContainers.WebSPA
 {
     public class Startup
     {
+        public Startup(IConfiguration configuration)
+        {
+            Configuration = configuration;
+        }
+
+        public IConfiguration Configuration { get; }
+
         private IHostingEnvironment _hostingEnv;
         public Startup(IHostingEnvironment env)
         {
             _hostingEnv = env;
 
-            var builder = new ConfigurationBuilder()
-                           .SetBasePath(env.ContentRootPath)
-                           .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
-                           .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
-                           .AddEnvironmentVariables();
-
-            Configuration = builder.Build();
-
             var localPath = new Uri(Configuration["ASPNETCORE_URLS"])?.LocalPath ?? "/";
             Configuration["BaseUrl"] = localPath;
         }
 
-        public static IConfigurationRoot Configuration { get; set;}
         // This method gets called by the runtime. Use this method to add services to the container.
         // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
         public void ConfigureServices(IServiceCollection services)

test/Services/FunctionalTests/Services/Basket/BasketTestsStartup.cs

@@ -2,12 +2,13 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.eShopOnContainers.Services.Basket.API;
+using Microsoft.Extensions.Configuration;
 
 namespace FunctionalTests.Services.Basket
 {
     public class BasketTestsStartup : Startup
     {
-        public BasketTestsStartup(IHostingEnvironment env) : base(env)
+        public BasketTestsStartup(IConfiguration env) : base(env)
         {
         }
 

test/Services/FunctionalTests/Services/Location/LocationsTestsStartup.cs

@@ -4,12 +4,13 @@
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.AspNetCore.Http;
     using Microsoft.eShopOnContainers.Services.Locations.API;
+    using Microsoft.Extensions.Configuration;
     using System.Security.Claims;
     using System.Threading.Tasks;
 
     public class LocationsTestsStartup : Startup
     {
-        public LocationsTestsStartup(IHostingEnvironment env) : base(env)
+        public LocationsTestsStartup(IConfiguration env) : base(env)
         {
         }
 

test/Services/FunctionalTests/Services/Marketing/MarketingTestsStartup.cs

@@ -4,10 +4,11 @@
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.AspNetCore.Builder;
     using FunctionalTests.Middleware;
+    using Microsoft.Extensions.Configuration;
 
     public class MarketingTestsStartup : Startup
     {
-        public MarketingTestsStartup(IHostingEnvironment env) : base(env)
+        public MarketingTestsStartup(IConfiguration env) : base(env)
         {
         }
 

test/Services/FunctionalTests/Services/Ordering/OrderingTestsStartup.cs

@@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.eShopOnContainers.Services.Ordering.API;
+using Microsoft.Extensions.Configuration;
 using System;
 using System.Collections.Generic;
 using System.Text;
@@ -10,7 +11,7 @@ namespace FunctionalTests.Services.Ordering
 {
     public class OrderingTestsStartup : Startup
     {
-        public OrderingTestsStartup(IHostingEnvironment env) : base(env)
+        public OrderingTestsStartup(IConfiguration env) : base(env)
         {
         }
 

test/Services/IntegrationTests/Services/Basket/BasketTestsStartup.cs

@@ -2,12 +2,13 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.eShopOnContainers.Services.Basket.API;
+using Microsoft.Extensions.Configuration;
 
 namespace IntegrationTests.Services.Basket
 {
     public class BasketTestsStartup : Startup
     {
-        public BasketTestsStartup(IHostingEnvironment env) : base(env)
+        public BasketTestsStartup(IConfiguration env) : base(env)
         {
         }
 

test/Services/IntegrationTests/Services/Locations/LocationsTestsStartup.cs

@@ -5,12 +5,13 @@
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.AspNetCore.Http;
     using Microsoft.eShopOnContainers.Services.Locations.API;
+    using Microsoft.Extensions.Configuration;
     using System.Security.Claims;
     using System.Threading.Tasks;
 
     public class LocationsTestsStartup : Startup
     {
-        public LocationsTestsStartup(IHostingEnvironment env) : base(env)
+        public LocationsTestsStartup(IConfiguration env) : base(env)
         {
         }
 

test/Services/IntegrationTests/Services/Marketing/MarketingTestsStartup.cs

@@ -4,10 +4,11 @@
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.AspNetCore.Builder;
     using IntegrationTests.Middleware;
+    using Microsoft.Extensions.Configuration;
 
     public class MarketingTestsStartup : Startup
     {
-        public MarketingTestsStartup(IHostingEnvironment env) : base(env)
+        public MarketingTestsStartup(IConfiguration env) : base(env)
         {
         }
 

test/Services/IntegrationTests/Services/Ordering/OrderingTestsStartup.cs

@@ -5,12 +5,13 @@ using System.Text;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Builder;
 using IntegrationTests.Middleware;
+using Microsoft.Extensions.Configuration;
 
 namespace IntegrationTests.Services.Ordering
 {
     public class OrderingTestsStartup : Startup
     {
-        public OrderingTestsStartup(IHostingEnvironment env) : base(env)
+        public OrderingTestsStartup(IConfiguration env) : base(env)
         {
         }