How do ASP.NET Identity and Thinktecture.IdentityModel library relate to each other?

Question

I've just started to implement security in our web api service (mostly as a research endeavor).
And ran across new ASP.NET Identity and quite mature Thinktecture.IdentityModel library.

As I'm not experienced with this whole bunch of authentication/authorization mechanisms it's quite confusing. Now I cannot say whether these libraries are about the same or othogonal to each other.

I would appreciate any clarification of which one should be used and when.

Answer 1

In short, ASP.NET Identity is an identity management framework (storing user account data, like usernames and passwords). This article goes into depth on the features and design of ASP.NET Identity: http://brockallen.com/2013/10/20/the-good-the-bad-and-the-ugly-of-asp-net-identity/

Thinktecture.IdentityModel is a security helper library for many missing features in WIF/Claims, ASP.NET, MVC and Web API. An example is security token processing in Web API v1 -- Web API had nothing like this. Another example is CORS support -- again, in Web API v1 there was no help for that.

They serve two different purposes.