There is a subtle (breaking) change of behavior between WIF 1.0 and .NET 4.5.
The IIdentity interface has the IsAuthenticated property. This is typically set to true whenever you deal with implementations of that interface, e.g as soon as you set the Name property of GenericIdentity, IsAuthenticated is automatically set to true. IIRC in WIF, as soon as a ClaimsIdentity had a claim, IsAuthenticated was set to true.
This has changed in .NET 4.5. It is now possible to create a ClaimsIdentity that has claims, but having IsAuthenticated set to false. Actually this is the default now, when you new up ClaimsIdentity like this:
var id = new ClaimsIdentity(claims);
To have IsAuthenticated set to true, you need to specify an authentication type in the ctor:
var id = new ClaimsIdentity(claims, “Custom”);
I am mentioning this, because I just spent 2 hours looking at code that was giving me authorization errors all over the place. In the end I found out that the security token handler (which was ported from WIF) did not set the authentication method resulting in an non-authenticated identity, which of course in turn made authorization fail in later stages.