According to this msdn article, the interface IAuthorizationPolicy is the way to go to inject custom authorization logic / custom claims when using wcf.
https://msdn.microsoft.com/en-us/library/ms729851(v=vs.110).aspx
However it seems like some of the used classes in this interface are "almost obsolete" according to http://msdn.microsoft.com/en-us/library/system.identitymodel.claims%28v=vs.110%29.aspx
The System.IdentityModel.Claims namespace contains classes that implement the Windows Communication Foundation (WCF) claims-based identity authorization model. This model includes the Claim class and the ClaimSet class. Beginning with .NET Framework 4.5 and the integration of Windows Identity Foundation (WIF) into the .NET Framework, the WCF claims-based identity model has been superseded by WIF. WIF provides a claims-based identity object model that can be used to provide authentication and authorization across several Microsoft product stacks, including the CLR, WCF, and ASP.NET. The WIF classes that represent claims, claim types, and identities and principals that are based on claims are contained in the System.Security.Claims namespace. Beginning with .NET 4.5, these classes should be used instead of those in the System.IdentityModel.Claims namespace.
Looking at the WIF classes, there does not seem to be a replacement for IAuthorizationPolicy, however it is possible to write custom authentication and authorization logic from scatch (claimsAuthenticationManager/claimsAuthorizationManager). What is the suggested way to go?
Thank you for your opinions
