I recently setup OWIN WsFederation in my app, but I needed a way to perform an additional check against my local database to validate the user. For example the user authenticating from the STS may not be allowed to authenticate to the app, because of their department, etc. So in order to perform this additional authorization check I needed to setup a “notification”. In this case the notification is called “SecurityTokenValidated”, here is a sample implementation: