Deploying Claims Aware Azure Applications using WIF

If you are deploying a claims aware application that uses Windows Identity Model whether first time or subsequently after an SDK upgrade there are many chances that you would hit the below mentioned error.

—> System.Runtime.Serialization.SerializationException: Type is not resolved for member

‘Microsoft.IdentityModel.Claims.ClaimsPrincipal,Microsoft.IdentityModel, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35’.

at System.AppDomain.get_Evidence()

at System.AppDomain.get_Evidence()

      at System.Configuration.ClientConfigPaths.GetEvidenceInfo(AppDomain appDomain, String exePath, String& typeName)

      at System.Configuration.ClientConfigPaths.GetTypeAndHashSuffix(AppDomain appDomain, String exePath)

      at System.Configuration.ClientConfigPaths..ctor(String exePath, Boolean includeUserConfig)

      at System.Configuration.ClientConfigPaths.GetPaths(String exePath, Boolean includeUserConfig)

      at System.Configuration.ClientConfigurationHost.RequireCompleteInit(IInternalConfigRecord record)

      at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)

      at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)

      at System.Xml.XmlConfiguration.XmlReaderSection.CreateDefaultResolver()

      at System.Xml.Schema.XmlSchema.Read(XmlReader reader, ValidationEventHandler validationEventHandler)


If you RDP to the role and look into D:\Windows\assembly you will not find the Microsoft.IdentityModel and associated dlls.

The reason is that WIF is not a part of the base operating system image put on a virtual machine when it is prepped for a web or worker role running on Windows 2008R2 or lower. So the WIF module needs to be installed before the role is started so that the code finds the related dependencies in GAC.

The following steps need to be followed

a)      Download the WIF msu from the link below and add the file “Windows6.1-KB974405-x64.msu” to the project.

b)      Create a batch file named say installWIF.cmd

         For this open a notepad and add the following content

        @echo off

        sc config wuauserv start= demand

        wusa.exe “Windows6.1-KB974405-x64.msu” /quiet /norestart

        sc config wuauserv start= disabled

        exit /b 0  

c)      Add this file in the visual studio project.

d)      Mark both the batch file and msu file as “Copy to Output Directory” in visual studio. This will make sure the batch file ends up in the bin folder of your role, which is the location Windows Azure will look for it:



e)        Create the startup task in by adding this code to ServiceDefinition.csdef in the web  role:


      <Task commandLine=”installWIF.cmd” executionContext=”elevated” />



Redeploy the package and the role should come up fine now and able to load the WIF modules. You can also check in D:\Windows\assembly that the modules are installed in GAC.

If you are deploying to Windows 2012 (OS3.0) virtual machine then WIF 4.5 is already a part of the platform and you don’t need to do the grunge work above. But with WIF 4.5 a few namespaces have been modified and you might want to look at Guidelines for Migrating an Application Built Using WIF 3.5 to WIF 4.5

So lo and behold your claims ware application is now up and running.

Comments (0)

Skip to main content