We use the excellent Thinktecture IdentityServer v2 to manage our authentication. This works with an underlying SqlMembershipProvider architecture. I'd like to manage an ASP.NET MVC4 web application connection with the informations (claims) returned in the token by Identity Server. For now, I just set the authorization cookie with the username when the OAuth2Client.RequestResourceOwnerPasswordAsync() returns an AccessToken. I don't even validate it (which would set the ClaimsPrincipal.Current) because it's purpose is to be used on another web API I call later, so it's validated in this web API.
If I validate the token and set ClaimsPrincipal.Current.Identity to the the one I get, what is the mechanism to retreive it on every call ? Do I have to cache the token and valide it again on every request to get it ?
The purpose of all this would be to get my claims on the wep app side so I could apply authorization filters based on them.
