I am using ASP.NET Identity 2 with cookie authentication. I want to add permissions of a user to the current ClaimsPrincipal but because there could be many permissions and a cookie is limited in size I don't want to serialize all claims of the identity into the cookie. I want to load the claims during login and cache them server-side. Where do I have to hook in to add the claims to the current principal on each request?
I found the solution. The interface IAuthenticationSessionStore is exactly what I need. With an implementation of that interface, setting an instance of it on the CookieAuthenticationOptions.SessionStore property, you can decide how to persist the whole ClaimsPrincipal during the requests without serializing it into the cookie.
Tarzan, pardon, Vittorio Bertocci is presenting details to the interface here.