ASP.NET Identity 2.0, self hosted OWIN, NTLM and application roles persistance

Question

I'm currently trying to get my hands on ASP.NET Identity 2.0 and there are some aspects I'm not finding answers to:

Here's my setup:

• WebAPI 2 self hosted with Nowin (I need full SignalR but my server's not running 2012 r2)
• A custom NTLM implementation
• ASP.NET Identity 2.0 with own IdentityDbContext<>

What's working so far:

• The WebAPI
• The custom NTLM AuthenticationHandler<> (I can access the User.Identity in ApiControllers
• Adding claims

My actual question

The claims I add to the identity aren't persisted to the database so they don't survive application restarts, nor are they correctly linked to the actual windows identity so two "sessions" of the same user can have different claims.

What I actually expected is that the ASP.NET Identity 2.0 creates some sort of "local (application) user" once I'm authenticated (from a successful NTLM handshake) where the application claims are stored.

I'm pretty sure there's some plumbing code missing somewhere, but I can't find where.

Answer 1

After a good amount of fiddling around the solutions is the following:

1. Create a passive authentication middleware that does the NTLM authentication when asked to
2. Create a custom action on the Accounts controller to transform the NTLM/Windows identity to an application identity and sign in with that one.