Upgrading from WIF 3.5 to WIF 4.5

I recently worked on an application that had ADFS/WIF 3.5 added. When adding new features to an application, I like to try keep it as current as possible, and so wanted to upgrade to WIF 4.5.

MS gives some guidance on migrating but I still ran into several problems and thought I'd share them (or at least document what I did so, next time it will go smoother).

There was actually very little to do, mainly just switching the namespaces of the various types and static methods. But there were a couple of issues that cropped up.
Problems

The system.identityModel section of the web.config is not precisely as described. In particular, when following the example for the securityTokenHandlerConfiguration section I received a ConfigurationErrorsException saying that the trustedIssuers was an invalid child element.
I ended up using the below.

  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://url.to.myapp/" />
      </audienceUris>
      <securityTokenHandlers>
        <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      </securityTokenHandlers>
      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://sts.my.domain/adfs/services/trust">
          <keys>
            <add thumbprint="123456789A1234567897A123456789A123456789" />
          
            <add thumbprint="A23456789A1234567897A123456789A123456789" />
            <add thumbprint="B23456789A1234567897A123456789A123456789" />
          </keys>
          <validIssuers>
            <add name="http://sts.my.domain/adfs/services/trust" />
            <add name="http://sts.my.domain/adfs/services/trust" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="true" />
      <wsFederation passiveRedirectEnabled="true" issuer="https://sts.my.domain/adfs/adfs/ls/" realm="https://url.to.myapp/" requireHttps="true" />
    </federationConfiguration>
  </system.identityModel.services>

A more vexing problem was that I didn't know to add the System.IdentityModel.Tokens.ValidatingIssuerNameRegistry.dll, and so when attempting to run the app got the (not very helpful) error message below:

		An exception of type 'System.TypeLoadException' occurred in System.IdentityModel.dll but was not handled in user code
		Additional information: ID8030: The value of the 'type' property could not be parsed. Verify that the type attribute of '...

I might have picked up on this a bit sooner, but it doesn't show up when searching the framework assemblies.

Last, but by no means least..my Global.asax has all of the code inside a script block instead of a code behind, and the <%@ Import Namespace="System.IdentityModel.Services" %> showed that the Services was not being included and of course the types and methods weren't available.
I could have solved this problem by adding a code behind file, but I like to know why things work (or don't as the case maybe). And I couldn't figure out why the reference wasn't working. I'm still not sure why it's NOT working, but I did figure out how to make it work without changing it too much -- simply add the assemblies under <system.web><compilation><assemblies>.

		<system.web>
			<compilation debug="true" strict="false" explicit="true" targetFramework="4.5">
				<assemblies>
					<add assembly="System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>     
					<add assembly="System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				</assemblies>
			</compilation>
		</system.web>

And there you have it, an outline of the problems I experienced and their solutions.

John R. Moreno