In latest version of MVC4 avaliable from WebPi found an issue with AntiForgeryToken helper. It requires both NameIdentifier and IdentityProvider claims and in exceptions it states that IdentityProvider claim type should be "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/IdentityProvider". But even if this claim is of this type it wont see it because inside ClaimsUidExtractor claim types search performed using StringComparison.Ordinal and claim type it is looking for is "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider". Can you please provide case insensitive search?
Edit: Rechecked exception. Now all claims in lowercase, but
1. On this page http://msdn.microsoft.com/en-us/library/windowsazure/gg185971.aspx it is still with capiltal letters and can leat to some confusion.
2. Why there is a demand on ACS specific claim?
Comments: Ideally the ability to register a custom transform to retrieve data for this token. I have a multitenant application where each tenant has their own STS - we uniquely identify users based on a fallback strategy to provide a "remote identifier". At the moment I'm probably going to have to use a horrible hack like adding a "antiforgeryidentifier" claim at token transform time. So preferably an event/func user => string
Edit: Rechecked exception. Now all claims in lowercase, but
1. On this page http://msdn.microsoft.com/en-us/library/windowsazure/gg185971.aspx it is still with capiltal letters and can leat to some confusion.
2. Why there is a demand on ACS specific claim?
Comments: Ideally the ability to register a custom transform to retrieve data for this token. I have a multitenant application where each tenant has their own STS - we uniquely identify users based on a fallback strategy to provide a "remote identifier". At the moment I'm probably going to have to use a horrible hack like adding a "antiforgeryidentifier" claim at token transform time. So preferably an event/func user => string