public ClaimsPrincipal AuthenticateHeaders(HttpRequestHeaders headers) { SecurityTokenHandlerCollection handlers; foreach (var header in headers.AsEnumerable()) { if (Configuration.TryGetHeaderMapping(header.Key, out handlers)) { return(InvokeHandler(handlers, header.Value.First(), null)); } } return(CreateAnonymousClaimsPrincipal()); }