OWIN cookie authentication middleware doesn’t support session caching like feature yet. #2 is not an options.
#3 is the right way to go. As Prabu suggested, you should do following in your code:
OnResponseSignIn:
- Save context.Identity in cache with a unique key(GUID)
- Create a new ClaimsIdentity embedded with the unique key
- Replace context.Identity with the new identity
OnValidateIdentity:
- Get the unique key claim from context.Identity
- Get the cached identity by the unique key
- Call context.ReplaceIdentity with the cached identity
I was going to suggest you to gzip the cookie, but I found that OWIN already did that in its TicketSerializer. Not an option for you.