C# Web MVC + API - Owin Authentication, retrieve claims in website?

Question

I have the following architecture:

• A website, that needs role control and user authentication.
• An API, that handle authentications via OWIN, by getting email/pwd and checking whether the user exists in the DB. If so, it creates a Claims and sends it back to the website.

Here's the OWIN authentication code:

                OnGrantResourceOwnerCredentials = async context =>
            {
                Trainer trainer = Datastore.SignInTrainer(context.UserName, context.Password);
                if (trainer != null)
                {
                    var claimsIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
                    claimsIdentity.AddClaim(new Claim("Email", context.UserName));
                    claimsIdentity.AddClaim(new Claim("Id", trainer.Id.ToString()));
                    claimsIdentity.AddClaim(new Claim("Firstname", trainer.Firstname));
                    claimsIdentity.AddClaim(new Claim("Lastname", trainer.Lastname));
                    claimsIdentity.AddClaim(new Claim("UserType", "Trainer"));
                    claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, "Trainer"));

                    trainer.UpdateLastApiLogon();

                    context.Validated(claimsIdentity);
                    return;
                }

                Administrator administrator = Datastore.SignInAdministrator(context.UserName, context.Password);
                if (administrator != null)
                {
                    var claimsIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
                    claimsIdentity.AddClaim(new Claim("Email", context.UserName));
                    claimsIdentity.AddClaim(new Claim("Id", administrator.Id.ToString()));
                    claimsIdentity.AddClaim(new Claim("Firstname", administrator.Firstname));
                    claimsIdentity.AddClaim(new Claim("Lastname", administrator.Lastname));
                    claimsIdentity.AddClaim(new Claim("UserType", "Administrator"));
                    claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, "Administrator"));

                    administrator.UpdateLastApiLogon();

                    context.Validated(claimsIdentity);
                    return;
                }

                context.Rejected();
            },

My problem is that both the API and the Website controllers need access regulation, with role checks, because i have different types of users (Trainer/Administrator).

Right now, from the website, i authenticate properly on the API and can retrieve the token, but can i retrieve the encoded Claims in the website ? Once the authentication is OK on the API and i got the token back in the website, how am i supposed to handle access control in the website ?

My current option is to store the bearer token, retrieve the Trainer/administrator object from the api, store the desired data in cache and then check whether the data exists to control access to controllers. But i'm pretty sure that's a bad option and i could use OWIN to do that access control.

If my description is incomplete, i'd gladly answer your questions. Thanks in advance.

EDIT: Here's a link showing how to use third-party authentication and then use it in your application, so i guess, i should be able to use MY third-party authentication and then use it in my website. Have you done it already ?