I'm planning on building a web application with Asp.Net Core without local user accounts; any authentication will happen by external authentication providers using SAML2. Am I right that I won't need the Entity Framework datastore that is configured by default in the web application template (or any other persistent store, for that matter)?
I thought about implementing my own versions of the IUserStore<TUser> and IRoleStore<TRole> interfaces with some kind of in-memory data structure behind. Would that work? Anything I should be aware of? Any caveats?
If you don't want persistence, then you likely don't need any membership stack at all: in this case, there's no reason to use ASP.NET Core Identity. Using the cookies middleware should be enough to achieve what you want.
Unfortunately, neither SAML2P nor WS-Fed are officially supported yet. There's a community initiative that aims at providing a SAML2 authentication middleware, but AFAIK, it's still a work in progress and is not compatible with .NET Core (it only works with ASP.NET Core on .NET Desktop): https://github.com/KentorIT/authservices/tree/aspnetcore