I want to create application with layered architecture. I have separate

• Model project with only model classes
• Data project responsible for CodeFirst configuration, migrations, etc.,
• Service project responsible for business logic, and preserving the data in the database using EF
• Dto project with classes used between Web app and service
• Web project with asp.net mvc application.

My goal was to separate these projects so that Web project knows nothing about Model and Data - it just consumes Service using Dto classes, so the Web project should just reference Service and Dto. Everything was great until I configured Asp.Net Identity - in order to configure authorization I had to reference Data and Model project which I had wanted to avoid. Is it possible to achieve my goal, and (if so) how to do it.

My second question is: is my desing ok from the separation of concerns point of view?

I might separate all the ASP.NET Identity things into its own project housing both the EF data access and identity models. Think of it as separating the concerns more topically or by the subject matter, rather than by function.

So your web app would then reference Service, Dto, and Identity- and everybody seems to have their own corner of the world.

The goal, imo, is not necessarily to divvy up code by similar functionality, but to eliminate dependencies where none are needed, and to hide (or rather protect) domain knowledge into isolated and authoritative blocks.

Yes, your design is basically solid and generally works well.