So, what is the purpose for existence of both IIdentity and IPrincipal, and not some IIdentityMergedWithPrincipal? When is it not enough to implement both in same class?
Also, to understand purpose, I'd like to know where this concept comes from:
System.Security.Principal implemented in those interfacesTherefore, does UserPrincipal from System.DirectoryServices act similarly to IPrincipal but not implement it by accident or by intention?
P.S. I'm looking for reasoning behind idea, not benefits/controversies comparison, so please try not to start opinion-based discussion
NET identity objects represent users, while roles represent memberships and security contexts. In . NET, the principal object encapsulates both an identity object and a role. . NET applications grant rights to the principal based on its identity or, more commonly, its role membership.
The identity object encapsulates information about the user or entity being validated.
A claims principal has a collection of ClaimsIdentity objects that is accessible through the Identities property. Each ClaimsIdentity in the collection contains one or more claims. The Claims property returns all of the claims from all of the claims identities in this collection.
IIdentity is just used for the user's authenticated identity, regardless of what roles they may have. 
IPrincipal is used to combine a user's identity with the authorized roles they have in a given security context.
For example, you can use a third-party login provider, like Facebook or Google, to get the user's identity, but you will not get a principal from those providers, as they don't provide any roles. You can use your own application or a third-party role-based authorization provider to apply roles to, say, a FacebookIdentity or GoogleIdentity. A different application can expect a different principal, with its own roles, but still use the same identity as in another application.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With