Server side claims caching with Owin Authentication

OWIN cookie authentication middleware doesn't support session caching like feature yet. #2 is not an options.

#3 is the right way to go. As Prabu suggested, you should do following in your code:

OnResponseSignIn:

• Save context.Identity in cache with a unique key(GUID)
• Create a new ClaimsIdentity embedded with the unique key
• Replace context.Identity with the new identity

OnValidateIdentity:

• Get the unique key claim from context.Identity
• Get the cached identity by the unique key
• Call context.ReplaceIdentity with the cached identity

I was going to suggest you to gzip the cookie, but I found that OWIN already did that in its TicketSerializer. Not an option for you.

Provider = new CookieAuthenticationProvider(){    OnResponseSignIn = async context =>    {        // This is the last chance before the ClaimsIdentity get serialized into a cookie.         // You can modify the ClaimsIdentity here and create the mapping here.         // This event is invoked one time on sign in.     },     OnValidateIdentity = async context =>     {        // This method gets invoked for every request after the cookie is converted         // into a ClaimsIdentity. Here you can look up your claims from the mapping table.     }}

You can implement IAuthenticationSessionStore to store cookies into database.

Here's example for storing cookie in redis.

app.UseCookieAuthentication(new CookieAuthenticationOptions{AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,SessionStore = new RedisSessionStore(new TicketDataFormat(dataProtector)),LoginPath = new PathString("/Auth/LogOn"),LogoutPath = new PathString("/Auth/LogOut"),});

Check out full example at here