WIF uses reflection to access private WCF members in the following methods:

• FederatedSecurityTokenManager.SetWrappedTokenCache. WCF lets a developer replace the SecurityContextToken cache by returning the cache as an out of band token resolver from CreateSecurityTokenAuthenticator. However, this cache does not correctly replace the inner cache in the Authenticators internal property, so WIF adds the cache using reflection.
  
  
• FederatedSecurityTokenManager.GetSecurityVersion. The SecurityTokenVersion for the two MessageSecurityVersions "WSSecurity10WSTrust13WSSecureConversation13BasicSecurityProfile10" and "WSSecurity11WSTrust13WSSecureConversation13" indicates the wrong Security version specification in the Security Specification collection. WIF uses reflection to access the correct SecurityVersion by casting the given SecurityTokenVersion to the internal MessageSecurityTokenVersion.
  
  
• WrappedSessionSecurityTokenAuthenticator.ReplaceAuthPolicies. WIF implements its claims model through token validation. However, due to the strict internal implementation in WCF regarding SecurityContextToken authentication and creation, WIF allows WCF to create the SecurityContextToken and then uses reflection replace the internal AuthorizationPolicies in the token.
  
  

The WIF methods listed previously are themselves private and should not be called.