如何使用ASP.NET Web API提取和验证授权标头中的SAML令牌

我有一个Silverlight应用程序，它使用Identity Training Kit中的WSTrust实现从STS请求SAML令牌。

private void Application_Startup(object sender, StartupEventArgs e)
{
    WSTrustClient wsTrustClient = new WSTrustClient(new WSTrustBindingUsernameMixed(), new EndpointAddress("https://localhost/SecurityTokenService/Service.svc/IWSTrust13"), new UsernameCredentials("user", "password"));
    wsTrustClient.IssueCompleted += new EventHandler<IssueCompletedEventArgs>(wsTrustClient_IssueCompleted);
    RequestSecurityToken rst = new RequestSecurityToken()
    {
        AppliesTo = new EndpointAddress("https://localhost/SilverlightApplication.Web")
    };
    wsTrustClient.IssueAsync(rst); 
}
private void wsTrustClient_IssueCompleted(object sender, IssueCompletedEventArgs e)
{
    this.Resources.Add("SamlToken", e.Result);
    this.RootVisual = new MainPage();
}

Silverlight应用程序然后将SAML令牌放在对我的ASP.NET Web API服务的请求的授权头中；再次使用相同的WSTrust实现。

string uri ="https://localhost/WebApi/api/resource";
WebRequest request = WebRequest.Create(uri);
request.Method = "GET";
RequestSecurityTokenResponse rstr = (RequestSecurityTokenResponse)Application.Current.Resources["SamlToken"];
request.Headers[HttpRequestHeader.Authorization] = "SAML " + rstr.RequestedSecurityToken.RawToken;
request.BeginGetResponse((result) =>
{
    using (WebResponse response = request.EndGetResponse(result))
    {
        // Process Response
    }
}, null);

首先，我这样做对吗？第二，如果是这样，我如何让我的ASP.NETWebneneneba API服务检测SAML令牌并将其转换为IClaimsPrincipal服务器端？