public virtual ClaimsPrincipal AuthenticateHeaders(HttpRequestHeaders headers) { SecurityTokenHandlerCollection handlers; foreach (var header in headers.AsEnumerable()) { if (Configuration.TryGetHeaderMapping(header.Key, out handlers)) { return InvokeHandler(handlers, header.Value.First()); } } return Principal.Anonymous; }