我能够使用以下方法解决此问题-

I was able to solve this using the following method -

//ensure the token is a User role token only
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));

身份"是

System.Security.Claims.Identity

然后在我的System.Web.Http.AuthorizeAttribute实现中，我可以像这样检查索赔-

Then in my System.Web.Http.AuthorizeAttribute implementation, I can check the claim like so-

//get claims of the Role type
var identity = (ClaimsIdentity)actionContext.RequestContext.Principal.Identity;
IEnumerable<Claim> claims = identity.Claims.Where(c => c.Type == ClaimTypes.Role);

//check if any claim for the User role, if so this is a non-privleged token
var nonPrivToken = claims.Any(c => c.Value == "User");