In latest version of MVC4 avaliable from WebPi found an issue with AntiForgeryToken helper. It requires both NameIdentifier and IdentityProvider claims and in exceptions it states that IdentityProvider claim type should be "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/IdentityProvider". But even if this claim is of this type it wont see it because inside ClaimsUidExtractor claim types search performed using StringComparison.Ordinal and claim type it is looking for is "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider". Can you please provide case insensitive search?
Edit: Rechecked exception. Now all claims in lowercase, but
1. On this page http://msdn.microsoft.com/en-us/library/windowsazure/gg185971.aspx it is still with capiltal letters and can leat to some confusion.
2. Why there is a demand on ACS specific claim?
Comments: The current thinking here is to work great out-of-the-box for Microsoft properties (i.e. work with Azure AD) and fail gracefully/fall back to custom logic when necessary.
Edit: Rechecked exception. Now all claims in lowercase, but
1. On this page http://msdn.microsoft.com/en-us/library/windowsazure/gg185971.aspx it is still with capiltal letters and can leat to some confusion.
2. Why there is a demand on ACS specific claim?
Comments: The current thinking here is to work great out-of-the-box for Microsoft properties (i.e. work with Azure AD) and fail gracefully/fall back to custom logic when necessary.