I've been working on a medical record information system for past two years which uses Asp.Net MVC platform and only works with internally defined users. We have our own users definition and this system doesn't interact with any open authentication or external authentication provider. Consequently, we decided to use Asp.Net Identity framework to implement security for this application. The reason we made this selection was that we assumed it's better to use a Microsoft designed framework for this purpose instead of implementing security structure on our own effort. (Maybe it gives a better design and form) However, As a software architecture of this project and after two years of working with Asp.Net Identity (we started with version 1, now we are using version 2), I have a negative feeling about this framework.
First of all, it seems intrinsically this framework has been designed to work with OWIN and Open Authentication. This is an issue for us since we don't need this feature and the framework force us additional effort to adapt our system with it's structure. Although it claims that it is customizable, the truth is that it has it's own limitations.
Additionally, combining this framework table schema with our own application with EF code first approach is a complicated task. Although we implemented that, it is not truly straightforward for our team to work with it. Finally, Identity framework is only designed for web applications and it is not possible to easily adapt it with other platforms like desktop or mobile applications.
This is my question: is there any alternative, a better and well-formed security framework that can be used for Asp.Net MVC applications out there? If not, is it a better approach to implement an in-house security framework instead of using a generic one line Asp.Net identity?