I'm struggling to figure out which .Net authentication concepts are still relevant in the OWIN world, and which are now outdated. Since the days leading up to OWIN ASP.Net, I’m used to dealing with .Net constructs: FormsAuthentication, FormsAuthCookie, IPrincipal, IIdentity, as well as custom IPrincipal implementations (inheriting from GenericPrincipal). With the latest version of MVC (5), most of the authentication seems to have been changed to OWIN. Two things I'm trying to understand in particular:
1) Where are IPrincipal and IIdentity and GenericPrincipal located? Using FormsAuthentication, user data can be stored in the FormsAuth cookie. This could then be used in the ASP.Net PostAuthenticate event to create the CustomPrincipal object and override the default IPrincipal in the HTTPContext (using the code example below). How (or does) OWIN change this ?:
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
...
var principal = new CustomPrincipal(userId, roles, someAdditionalUserDataFromCookie);
HttpContext.Current.User = newUser
}
2) Where are user authentication data stored? In the days leading up to OWIN, I used the UserData value for AuthCookie to store user identification information (in addition to the username) - for example, OrgID, Can this now be stored as a requirement in the ClaimsIdentity object? Is that a good idea? Can it be stored in AuthenticationTicket? Am I looking at it all wrong ?!
.