I've just started to implement security in our web api service (mostly as a research endeavor).
And ran across new ASP.NET Identity and quite mature Thinktecture.IdentityModel library.
As I'm not experienced with this whole bunch of authentication/authorization mechanisms it's quite confusing. Now I cannot say whether these libraries are about the same or othogonal to each other.
I would appreciate any clarification of which one should be used and when.
In short, ASP.NET Identity is an identity management framework (storing user account data, like usernames and passwords). This article goes into depth on the features and design of ASP.NET Identity: http://brockallen.com/2013/10/20/the-good-the-bad-and-the-ugly-of-asp-net-identity/
Thinktecture.IdentityModel is a security helper library for many missing features in WIF/Claims, ASP.NET, MVC and Web API. An example is security token processing in Web API v1 -- Web API had nothing like this. Another example is CORS support -- again, in Web API v1 there was no help for that.
They serve two different purposes.